[Webkit-unassigned] [Bug 70422] New: Crash in WebCore::RenderBox::mapAbsoluteToLocalPoint due to assert failure

Wed Oct 19 08:47:26 PDT 2011

https://bugs.webkit.org/show_bug.cgi?id=70422

           Summary: Crash in WebCore::RenderBox::mapAbsoluteToLocalPoint
                    due to assert failure
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Macintosh Intel
        OS/Version: Mac OS X 10.7
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: New Bugs
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: rex_4539 at yahoo.com

Created an attachment (id=111628)
 --> (https://bugs.webkit.org/attachment.cgi?id=111628&action=review)
Crash log.

r97844

Reproducibility: once

Steps:
I think I clicked into a text filed in JIRA and scrolled the content.

What happened:
Assert failure and then crash.

ASSERTION FAILED: !view() || !view()->layoutStateEnabled()
/Users/rex/WebKit/Source/WebCore/rendering/RenderBox.cpp(1383) : virtual void WebCore::RenderBox::mapAbsoluteToLocalPoint(bool, bool, WebCore::TransformState &) const
1   0x105330d84 WebCore::RenderBox::mapAbsoluteToLocalPoint(bool, bool, WebCore::TransformState&) const
2   0x1053f8e95 WebCore::RenderObject::absoluteToLocal(WebCore::FloatPoint const&, bool, bool) const
3   0x10494e873 WebCore::FrameView::convertToRenderer(WebCore::RenderObject const*, WebCore::IntPoint const&) const
4   0x1053a5c5e WebCore::RenderLayer::convertFromContainingViewToScrollbar(WebCore::Scrollbar const*, WebCore::IntPoint const&) const
5   0x105576fe8 WebCore::Scrollbar::convertFromContainingView(WebCore::IntPoint const&) const
6   0x10556ea48 -[WebScrollbarPainterControllerDelegate scrollerImpPair:convertContentPoint:toScrollerImp:]
7   0x109ad42d8 -[NSScrollerImpPair _updateOverlayScrollersStateWithReason:forceAtLeastKnobsVisible:]
8   0x105571f04 WebCore::ScrollAnimatorMac::notifyPositionChanged()
9   0x105571a18 WebCore::ScrollAnimatorMac::immediateScrollToPoint(WebCore::FloatPoint const&)
10  0x105571963 WebCore::ScrollAnimatorMac::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&)
11  0x10556c1fc WebCore::ScrollableArea::scrollToOffsetWithoutAnimation(WebCore::FloatPoint const&)
12  0x1053a2763 WebCore::RenderLayer::scrollToOffset(int, int, WebCore::RenderLayer::ScrollOffsetClamping)
13  0x1053a7187 WebCore::RenderLayer::updateScrollInfoAfterLayout()
14  0x1052c8f11 WebCore::RenderBlock::updateScrollInfoAfterLayout()
15  0x1052c9cb3 WebCore::RenderBlock::layoutBlock(bool, int, WebCore::RenderBlock::BlockLayoutPass)
16  0x1052c8f67 WebCore::RenderBlock::layout()
17  0x10494664c WebCore::FrameView::layout(bool)
18  0x10468bd11 WebCore::Document::updateLayout()
19  0x10468be44 WebCore::Document::updateLayoutIgnorePendingStylesheets()
20  0x1048276dd WebCore::EditCommand::updateLayout() const
21  0x1046738b2 WebCore::DeleteSelectionCommand::fixupWhitespace()
22  0x104675d22 WebCore::DeleteSelectionCommand::doApply()
23  0x104827628 WebCore::EditCommand::apply()
24  0x104494afd WebCore::CompositeEditCommand::applyCommandToComposite(WTF::PassRefPtr<WebCore::EditCommand>)
25  0x1044970d6 WebCore::CompositeEditCommand::deleteSelection(WebCore::VisibleSelection const&, bool, bool, bool, bool)
26  0x10579f659 WebCore::TypingCommand::deleteKeyPressed(WebCore::TextGranularity, bool)
27  0x1057a190a WebCore::TypingCommand::doApply()
28  0x104827628 WebCore::EditCommand::apply()
29  0x10579e72e WebCore::TypingCommand::deleteKeyPressed(WebCore::Document*, unsigned int, WebCore::TextGranularity)
30  0x10483636e WebCore::Editor::deleteWithDirection(WebCore::SelectionDirection, WebCore::TextGranularity, bool, bool)
31  0x10484c047 _ZN7WebCoreL21executeDeleteBackwardEPNS_5FrameEPNS_5EventENS_19EditorCommandSourceERKN3WTF6StringE

Expected result:
WebKit does not crash.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.