[Webkit-unassigned] [Bug 47353] New: WebCore::DragController::concludeEditDrag ReadAV at NULL (37f719744f0b84bd607e9d16c87f2399)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 7 09:04:19 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=47353
Summary: WebCore::DragController::concludeEditDrag ReadAV at NULL
(37f719744f0b84bd607e9d16c87f2399)
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: P1
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org
Created an attachment (id=70094)
--> (https://bugs.webkit.org/attachment.cgi?id=70094)
Repro
What steps will reproduce the problem?
1. Execute javascript "document.open()" in a page.
2. Drag an HTML file into the window of that page.
3. Crash
Repro:
<body onload="document.open()"></body>
Drag that into the same window twice and you get a NULL pointer crash.
Fund in latest Chrome/Chromium, this does not affect stable Safari.
stack: WebCore::DragController::concludeEditDrag
WebCore::DragController::performDrag
WebKit::WebViewImpl::dragTargetDrop
RenderView::OnDragTargetDrop
IPC::MessageWithTuple<...>::Dispatch<RenderView,void
RenderView::OnMessageReceived
MessageRouter::RouteMessage
MessageRouter::OnMessageReceived
ChildThread::OnMessageReceived
RunnableMethod<ExtensionsService,void
MessageLoop::RunTask
MessageLoop::DoWork
base::MessagePumpDefault::Run
MessageLoop::RunInternal
MessageLoop::Run
RendererMain
ChromeMain
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list