[Webkit-unassigned] [Bug 42020] New: Crash beneath setSelection() during detach()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Jul 9 22:06:53 PDT 2010


https://bugs.webkit.org/show_bug.cgi?id=42020

           Summary: Crash beneath setSelection() during detach()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: NEW
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mitz at webkit.org


<rdar://problem/7527532>

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000

0   com.apple.WebCore                 0x00007fff82fc4e1b WebCore::RenderBox::availableHeightUsing(WebCore::Length const&) const + 507
1   com.apple.WebCore                 0x00007fff82fc4c0f WebCore::RenderBox::availableHeight() const + 31
2   com.apple.WebCore                 0x00007fff82fc4c0f WebCore::RenderBox::availableHeight() const + 31
3   com.apple.WebCore                 0x00007fff82fc4b41 WebCore::RenderBoxModelObject::relativePositionOffsetY() const + 129
4   com.apple.WebCore                 0x00007fff82f47b05 WebCore::RenderBox::offsetFromContainer(WebCore::RenderObject*, WebCore::IntPoint const&) const + 261
5   com.apple.WebCore                 0x00007fff82fc6643 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 275
6   com.apple.WebCore                 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664
7   com.apple.WebCore                 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664
8   com.apple.WebCore                 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664
9   com.apple.WebCore                 0x00007fff83108873 WebCore::RenderBlock::selectionGapRectsForRepaint(WebCore::RenderBoxModelObject*) + 259
10  com.apple.WebCore                 0x00007fff82ed9eb2 WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int, WebCore::RenderView::SelectionRepaintMode) + 1298
11  com.apple.WebCore                 0x00007fff82efc470 WebCore::RenderObjectChildList::removeChildNode(WebCore::RenderObject*, WebCore::RenderObject*, bool) + 592
12  com.apple.WebCore                 0x00007fff830d4224 WebCore::RenderBlock::moveAllChildrenTo(WebCore::RenderObject*, WebCore::RenderObjectChildList*) + 68
13  com.apple.WebCore                 0x00007fff82efbe2a WebCore::RenderBlock::removeChild(WebCore::RenderObject*) + 650
14  com.apple.WebCore                 0x00007fff82efba79 WebCore::RenderObject::destroy() + 137
15  com.apple.WebCore                 0x00007fff82efb947 WebCore::RenderBox::destroy() + 71
16  com.apple.WebCore                 0x00007fff82efb6c3 WebCore::Node::detach() + 35
17  com.apple.WebCore                 0x00007fff82efb57b WebCore::Element::detach() + 107
18  com.apple.WebCore                 0x00007fff82fcf1d7 WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 263
…

Patch forthcoming.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.


More information about the webkit-unassigned mailing list