[Webkit-unassigned] [Bug 78849] New: reproducible crash in RenderObject::~RenderObject()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Feb 16 15:11:30 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=78849

           Summary: reproducible crash in RenderObject::~RenderObject()
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: Layout and Rendering
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: mikelawther at chromium.org


As reported in http://code.google.com/p/chromium/issues/detail?id=110110

Repro steps:

 (1) Load http://blogs.technet.com/b/markrussinovich/archive/2010/03/31/3322423.aspx
 (2) Near the top of the page find the link to the author (Mark Russinovich).
 (3) Hover/unhover over the author's name (may require a few tries)
 (4) Crash

I caught this in the debugger with a debug build (from r107756) on MacOS:

ASSERTION FAILED: !node() || documentBeingDestroyed() || !frame()->view() || frame()->view()->layoutRoot() != this
/Volumes/development/src/chromium-webkit/src/third_party/WebKit/Source/WebCore/rendering/RenderObject.cpp(216) : virtual WebCore::RenderObject::~RenderObject()
1   0x103024143 WebCore::RenderObject::~RenderObject()
2   0x102f8ce26 WebCore::RenderBoxModelObject::~RenderBoxModelObject()
3   0x102f7e6ba WebCore::RenderBox::~RenderBox()
4   0x102f369ec WebCore::RenderBlock::~RenderBlock()
5   0x10301d163 WebCore::RenderObject::arenaDelete(WebCore::RenderArena*, void*)
6   0x10301d1bf WebCore::RenderObject::destroy()
7   0x102e7b28f WebCore::Node::detach()
8   0x1021333c8 WebCore::ContainerNode::detach()
9   0x1026b3123 WebCore::Element::detach()
10  0x1020cc32b WebCore::Node::reattach()
11  0x1026b2983 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
12  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
13  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
14  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
15  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
16  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
17  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
18  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
19  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
20  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
21  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
22  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
23  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
24  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
25  0x1026b2f68 WebCore::Element::recalcStyle(WebCore::Node::StyleChange)
26  0x102345a06 WebCore::Document::recalcStyle(WebCore::Node::StyleChange)
27  0x102346d58 WebCore::Document::updateStyleIfNeeded()
28  0x1023372b2 WebCore::Document::styleRecalcTimerFired(WebCore::Timer<WebCore::Document>*)
29  0x102353953 WebCore::Timer<WebCore::Document>::fired()
30  0x10247031c WebCore::ThreadTimers::sharedTimerFiredInternal()
31  0x10247052f WebCore::ThreadTimers::sharedTimerFired()
Program received signal:  “EXC_BAD_ACCESS”.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list