[Webkit-unassigned] [Bug 42020] New: Crash beneath setSelection() during detach()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 9 22:06:53 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=42020
Summary: Crash beneath setSelection() during detach()
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Keywords: InRadar
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: mitz at webkit.org
<rdar://problem/7527532>
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000
0 com.apple.WebCore 0x00007fff82fc4e1b WebCore::RenderBox::availableHeightUsing(WebCore::Length const&) const + 507
1 com.apple.WebCore 0x00007fff82fc4c0f WebCore::RenderBox::availableHeight() const + 31
2 com.apple.WebCore 0x00007fff82fc4c0f WebCore::RenderBox::availableHeight() const + 31
3 com.apple.WebCore 0x00007fff82fc4b41 WebCore::RenderBoxModelObject::relativePositionOffsetY() const + 129
4 com.apple.WebCore 0x00007fff82f47b05 WebCore::RenderBox::offsetFromContainer(WebCore::RenderObject*, WebCore::IntPoint const&) const + 261
5 com.apple.WebCore 0x00007fff82fc6643 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 275
6 com.apple.WebCore 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664
7 com.apple.WebCore 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664
8 com.apple.WebCore 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664
9 com.apple.WebCore 0x00007fff83108873 WebCore::RenderBlock::selectionGapRectsForRepaint(WebCore::RenderBoxModelObject*) + 259
10 com.apple.WebCore 0x00007fff82ed9eb2 WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int, WebCore::RenderView::SelectionRepaintMode) + 1298
11 com.apple.WebCore 0x00007fff82efc470 WebCore::RenderObjectChildList::removeChildNode(WebCore::RenderObject*, WebCore::RenderObject*, bool) + 592
12 com.apple.WebCore 0x00007fff830d4224 WebCore::RenderBlock::moveAllChildrenTo(WebCore::RenderObject*, WebCore::RenderObjectChildList*) + 68
13 com.apple.WebCore 0x00007fff82efbe2a WebCore::RenderBlock::removeChild(WebCore::RenderObject*) + 650
14 com.apple.WebCore 0x00007fff82efba79 WebCore::RenderObject::destroy() + 137
15 com.apple.WebCore 0x00007fff82efb947 WebCore::RenderBox::destroy() + 71
16 com.apple.WebCore 0x00007fff82efb6c3 WebCore::Node::detach() + 35
17 com.apple.WebCore 0x00007fff82efb57b WebCore::Element::detach() + 107
18 com.apple.WebCore 0x00007fff82fcf1d7 WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 263
…
Patch forthcoming.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list