[Webkit-unassigned] [Bug 45920] New: [chromium] Crash with Morphing Power Cubes demo

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Sep 16 14:44:07 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=45920

           Summary: [chromium] Crash with Morphing Power Cubes demo
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh
        OS/Version: Mac OS X 10.6
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: kbr at google.com
                CC: senorblanco at chromium.org, jamesr at chromium.org,
                    vangelis at chromium.org


Created an attachment (id=67843)
 --> (https://bugs.webkit.org/attachment.cgi?id=67843)
Stack trace for crash

The morphing power cubes 3D CSS demo at http://webkit.org/blog-files/3d-transforms/morphing-cubes.html is crashing after the first transition from the cube to the ring shape. It looks like the crash occurs while attempting to render the check box for whether the back faces are visible. This check box has never rendered correctly with Chromium's compositor, but it has also not been crashing before. The top few frames of the stack trace are below; the full stack trace is attached.

#0  0x96df791b in sseCGSBlendXXXX8888 ()
#1  0x96d9bcbe in argb32_image ()
#2  0x99929cd0 in ripl_Mark ()
#3  0x99929c61 in ripl_BltImage ()
#4  0x9992939b in ripc_RenderImage ()
#5  0x9992ed38 in ripc_EndLayer ()
#6  0x96df720d in CGContextEndTransparencyLayer ()
#7  0x95363514 in __-[NSImageRep drawInRect:fromRect:operation:fraction:respectFlipped:hints:]_block_invoke_1 ()
#8  0x9536294d in -[NSImageRep drawInRect:fromRect:operation:fraction:respectFlipped:hints:] ()
#9  0x95361484 in __-[NSImage drawInRect:fromRect:operation:fraction:respectFlipped:hints:]_block_invoke_1 ()
#10 0x9535ed18 in -[NSImage _usingBestRepresentationForRect:context:hints:body:] ()
#11 0x9535e852 in -[NSImage drawInRect:fromRect:operation:fraction:respectFlipped:hints:] ()
#12 0x9535d674 in -[NSImage _drawMappingAlignmentRectToRect:withState:backgroundStyle:operation:fraction:flip:hints:] ()
#13 0x9540e1e5 in -[NSButtonCell drawImage:withFrame:inView:] ()
#14 0x9540d6f9 in -[NSButtonCell _configureAndDrawImageWithRect:cellFrame:controlView:] ()
#15 0x9540b956 in -[NSButtonCell drawInteriorWithFrame:inView:] ()
#16 0x9540af67 in -[NSButtonCell drawWithFrame:inView:] ()
#17 0x021dacd7 in WebCore::paintCheckbox (states=152, context=0xa00e8d0, zoomedRect=@0xbfffb4e4, zoomFactor=1, scrollView=0xc811c00) at /Users/kbr/src/chrome/src/third_party/WebKit/WebCore/WebCore.gyp/../platform/chromium/ThemeChromiumMac.mm:398
#18 0x021dae2f in WebCore::ThemeChromiumMac::paint (this=0x15a06590, part=WebCore::CheckboxPart, states=152, context=0xa00e8d0, zoomedRect=@0xbfffb4e4, zoomFactor=1, scrollView=0xc811c00) at /Users/kbr/src/chrome/src/third_party/WebKit/WebCore/WebCore.gyp/../platform/chromium/ThemeChromiumMac.mm:822
#19 0x023de1a3 in WebCore::RenderTheme::paint (this=0x15a064d0, o=0xa51f89c, paintInfo=@0xbfffb634, r=@0xbfffb4e4) at /Users/kbr/src/chrome/src/third_party/WebKit/WebCore/WebCore.gyp/../rendering/RenderTheme.cpp:270

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list