[Webkit-unassigned] [Bug 42561] New: Crash when computing pseudo-style of a vanished scrollbar

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Jul 19 06:50:36 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=42561

           Summary: Crash when computing pseudo-style of a vanished
                    scrollbar
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows 7
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: apavlov at chromium.org


1. Open the attached page
2. Open Web Inspector and set a breakpoint on line 8 (return document.getElementById(id);)
3. Click the button.
4. In the Web Inspector, position the mouse pointer over the "zzz" variable. A popup with the variable value appears shortly.
5. Quickly move the pointer over the horizontal scrollbar in the popup and press LMB.
6. If the popup does not disappear shortly, move the pointer outside of the popup with the LMB still pressed.
7. Release LMB after the popup disappears.

The following crash happens:

>	WebKit.dll!WTF::OwnPtr<WebCore::CSSStyleSelector>::operator!()  Line 68 + 0x13 bytes	C++
     WebKit.dll!WebCore::Document::styleSelector()  Line 392 + 0xe bytes    C++
     WebKit.dll!WebCore::RenderObject::getUncachedPseudoStyle(WebCore::PseudoId pseudo=SCROLLBAR_THUMB, WebCore::RenderStyle * parentStyle=0x0a59d4ac, WebCore::RenderStyle * ownStyle=0x00000000)  Line 2381 + 0x21 bytes    C++
     WebKit.dll!WebCore::RenderScrollbar::getScrollbarPseudoStyle(WebCore::ScrollbarPart partType=ThumbPart, WebCore::PseudoId pseudoId=SCROLLBAR_THUMB)  Line 135 + 0x27 bytes    C++
     WebKit.dll!WebCore::RenderScrollbar::updateScrollbarPart(WebCore::ScrollbarPart partType=ThumbPart, bool destroy=false)  Line 202 + 0x25 bytes    C++
     WebKit.dll!WebCore::RenderScrollbar::setPressedPart(WebCore::ScrollbarPart part=NoPart)  Line 112    C++
     WebKit.dll!WebCore::Scrollbar::mouseUp()  Line 385 + 0x11 bytes    C++
     WebKit.dll!WebCore::EventHandler::handleMouseReleaseEvent(const WebCore::PlatformMouseEvent & mouseEvent={...})  Line 1548 + 0x15 bytes    C++
     WebKit.dll!WebView::handleMouseEvent(unsigned int message=514, unsigned int wParam=0, long lParam=13762658)  Line 1397    C++
     WebKit.dll!WebView::WebViewWndProc(HWND__ * hWnd=0x00020dfe, unsigned int message=514, unsigned int wParam=0, long lParam=13762658)  Line 2047 + 0x14 bytes    C++



If this helps debugging, the following crash occurs in Chromium:

>	chrome.dll!WTF::RefCountedBase::ref()  Line 36 + 0x24 bytes	C++
     chrome.dll!WTF::refIfNotNull<WebCore::RenderStyle>(WebCore::RenderStyle * ptr=0x04c0d480)  Line 53    C++
     chrome.dll!WTF::RefPtr<WebCore::RenderStyle>::operator=(WebCore::RenderStyle * optr=0x04c0d480)  Line 129 + 0x9 bytes    C++
     chrome.dll!WebCore::CSSStyleSelector::pseudoStyleForElement(WebCore::PseudoId pseudo=SCROLLBAR_THUMB, WebCore::Element * e=0x050201e0, WebCore::RenderStyle * parentStyle=0x04c0d480, bool matchVisitedPseudoClass=false)  Line 1503    C++
     chrome.dll!WebCore::RenderObject::getUncachedPseudoStyle(WebCore::PseudoId pseudo=SCROLLBAR_THUMB, WebCore::RenderStyle * parentStyle=0x04c0d480, WebCore::RenderStyle * ownStyle=0x00000000)  Line 2381 + 0x28 bytes    C++
     chrome.dll!WebCore::RenderScrollbar::getScrollbarPseudoStyle(WebCore::ScrollbarPart partType=ThumbPart, WebCore::PseudoId pseudoId=SCROLLBAR_THUMB)  Line 135 + 0x27 bytes    C++
     chrome.dll!WebCore::RenderScrollbar::updateScrollbarPart(WebCore::ScrollbarPart partType=ThumbPart, bool destroy=false)  Line 202 + 0x25 bytes    C++
     chrome.dll!WebCore::RenderScrollbar::setPressedPart(WebCore::ScrollbarPart part=NoPart)  Line 112    C++
     chrome.dll!WebCore::Scrollbar::mouseUp()  Line 385 + 0x11 bytes    C++
     chrome.dll!WebCore::EventHandler::handleMouseReleaseEvent(const WebCore::PlatformMouseEvent & mouseEvent={...})  Line 1548 + 0x15 bytes    C++
     chrome.dll!WebKit::WebViewImpl::mouseUp(const WebKit::WebMouseEvent & event={...})  Line 487    C++
     chrome.dll!WebKit::WebViewImpl::handleInputEvent(const WebKit::WebInputEvent & inputEvent={...})  Line 1030    C++
     chrome.dll!RenderWidget::OnHandleInputEvent(const IPC::Message & message={...})  Line 316 + 0x19 bytes    C++

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list