[Webkit-unassigned] [Bug 52819] Crash in WebCore::HistoryController::itemsAreClones
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 21 13:01:24 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=52819
--- Comment #5 from Charles Reis <creis at chromium.org> 2011-01-21 13:01:24 PST ---
Just discovered another crash report from the same logic in recursiveGoToItem before I split it out into itemsAreClones in http://trac.webkit.org/changeset/75336. Still trying to nail down the repro case, but this suggests that the underlying cause could be outside this patch.
My current theory is that we're passing in a corrupt history item with null as one of the child items. That would lead to the stack trace in this crash, both before and after the 75336 patch.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list