[Webkit-unassigned] [Bug 82896] Segmentation fault in JS drop-down menus in facebook.com
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Apr 3 00:00:29 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=82896
--- Comment #3 from Mario Sanchez Prada <msanchez at igalia.com> 2012-04-03 00:00:29 PST ---
(In reply to comment #1)
> It's not happening for me with safari, but all i have is a fake Facebook account for testing so maybe i'm missing something.
In theory, if you seen a JavaScript drop-down menu showing up and then going away without problems, I'd say the problem is not happening there. Thanks for trying.
> the backtrace would indicate that m_rendender is 0 while in
>
> #1 0x00007ffff643c9b5 in WebCore::AccessibilityRenderObject::renderBoxModelObject() const () from /opt/gnome-3.0/lib64/libwebkitgtk-3.0.so.0
>
> but there are checks for m_renderer in that method.
>
> if (!m_renderer || !m_renderer->isBoxModelObject())
> return 0;
>
> maybe those checks fixed the problem.
As Claudio said, those checks are already in place.
Actually I did the following change in the code:
- if (!m_renderer || !m_renderer->isBoxModelObject())
+ if (!m_renderer)
return 0;
+
+ if (!m_renderer->isBoxModelObject())
+ return 0;
+
And it's still crashing in m_renderer->isBoxModelObject(), where m_renderer is not null. Perhaps it points to corrupt memory? It's very weird because if I call from gdb to methods of RenderObject over that m_renderer, they work with no problem...
I will keep investigating.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list