[Webkit-unassigned] [Bug 86035] New: Crash in FrameView::windowClipRectForFrameOwner after r116371
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed May 9 16:24:16 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=86035
Summary: Crash in FrameView::windowClipRectForFrameOwner after
r116371
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: NEW
Severity: Normal
Priority: P2
Component: Plug-ins
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: jchaffraix at webkit.org
Example stack-trace:
0x67258b37 [chrome.dll] - frameview.cpp:2573 WebCore::FrameView::windowClipRectForFrameOwner(WebCore::HTMLFrameOwnerElement const *,bool)
0x67258ae1 [chrome.dll] - frameview.cpp:2564 WebCore::FrameView::windowClipRect(bool)
0x67258bde [chrome.dll] - frameview.cpp:2587 WebCore::FrameView::windowClipRectForFrameOwner(WebCore::HTMLFrameOwnerElement const *,bool)
0x67cde64f [chrome.dll] - webplugincontainerimpl.cpp:718 WebKit::WebPluginContainerImpl::windowClipRect()
0x67cdee3f [chrome.dll] - webplugincontainerimpl.cpp:697 WebKit::WebPluginContainerImpl::calculateGeometry(WebCore::IntRect const &,WebCore::IntRect &,WebCore::IntRect &,WTF::Vector<WebCore::IntRect,0> &)
0x67cdef4e [chrome.dll] - webplugincontainerimpl.cpp:326 WebKit::WebPluginContainerImpl::reportGeometry()
0x67cde32c [chrome.dll] - webplugincontainerimpl.cpp:239 WebKit::WebPluginContainerImpl::setParent(WebCore::ScrollView *)
0x66c64205 [chrome.dll] - scrollview.cpp:74 WebCore::ScrollView::addChild(WTF::PassRefPtr<WebCore::Widget>)
0x671dd73f [chrome.dll] - renderwidget.cpp:91 WebCore::moveWidgetToParentSoon
0x671ddddb [chrome.dll] - renderwidget.cpp:219 WebCore::RenderWidget::setWidget(WTF::PassRefPtr<WebCore::Widget>)
0x671d673a [chrome.dll] - renderpart.cpp:55 WebCore::RenderPart::setWidget(WTF::PassRefPtr<WebCore::Widget>)
0x675a56f2 [chrome.dll] - subframeloader.cpp:383 WebCore::SubframeLoader::loadPlugin(WebCore::HTMLPlugInImageElement *,WebCore::KURL const &,WTF::String const &,WTF::Vector<WTF::String,0> const &,WTF::Vector<WTF::String,0> const &,bool)
0x675a4918 [chrome.dll] - subframeloader.cpp:131 WebCore::SubframeLoader::requestPlugin(WebCore::HTMLPlugInImageElement *,WebCore::KURL const &,WTF::String const &,WTF::Vector<WTF::String,0> const &,WTF::Vector<WTF::String,0> const &,bool)
0x675a4a43 [chrome.dll] - subframeloader.cpp:151 WebCore::SubframeLoader::requestObject(WebCore::HTMLPlugInImageElement *,WTF::String const &,WTF::AtomicString const &,WTF::String const &,WTF::Vector<WTF::String,0> const &,WTF::Vector<WTF::String,0> const &)
0x675efa5f [chrome.dll] - htmlembedelement.cpp:177 WebCore::HTMLEmbedElement::updateWidget(WebCore::PluginCreationOption)
0x67258913 [chrome.dll] - frameview.cpp:2290 WebCore::FrameView::updateWidget(WebCore::RenderEmbeddedObject *)
0x66b599f7 [chrome.dll] - frameview.cpp:2323 WebCore::FrameView::updateWidgets()
0x66b56390 [chrome.dll] - frameview.cpp:2376 WebCore::FrameView::performPostLayoutTasks()
0x66b396e2 [chrome.dll] - frameview.cpp:1166 WebCore::FrameView::layout(bool)
0x67258732 [chrome.dll] - frameview.cpp:2029 WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView> *)
0x66e8815b [chrome.dll] - timer.h:100 WebCore::Timer<WebCore::CachedImage>::fired()
0x66b68a42 [chrome.dll] - threadtimers.cpp:115 WebCore::ThreadTimers::sharedTimerFiredInternal()
0x66b688fc [chrome.dll] - threadtimers.cpp:93 WebCore::ThreadTimers::sharedTimerFired()
0x66a0ebde [chrome.dll] - timer.cc:179 base::Timer::RunScheduledTask()
0x66a0eb49 [chrome.dll] - timer.cc:44 base::BaseTimerTaskInternal::Run()
0x669c772d [chrome.dll] - message_loop.cc:458 MessageLoop::RunTask(base::PendingTask const &)
0x669c6c44 [chrome.dll] - message_loop.cc:685 MessageLoop::DoDelayedWork(base::TimeTicks *)
0x669d81cc [chrome.dll] - message_pump_default.cc:32 base::MessagePumpDefault::Run(base::MessagePump::Delegate *)
0x669c5fa6 [chrome.dll] - message_loop.cc:390 MessageLoop::RunHandler()
0x669c5f54 [chrome.dll] - message_loop.cc:300 MessageLoop::Run()
0x66a48893 [chrome.dll] - renderer_main.cc:271 RendererMain(content::MainFunctionParams const &)
0x669c242b [chrome.dll] - content_main_runner.cc:292 `anonymous namespace'::RunNamedProcessTypeMain(std::basic_string<char,std::char_traits<char>,std::allocator<char> > const &,content::MainFunctionParams const &,content::ContentMainDelegate *)
0x669c23b0 [chrome.dll] - content_main_runner.cc:550 `anonymous namespace'::ContentMainRunnerImpl::Run()
0x669b44d7 [chrome.dll] - content_main.cc:35 content::ContentMain(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *,content::ContentMainDelegate *)
0x669b4462 [chrome.dll] - chrome_main.cc:28 ChromeMain
0x00ee7fa1 [chrome.exe] - client_util.cc:423 MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *)
0x00ee72a4 [chrome.exe] - chrome_exe_main_win.cc:31 RunChrome(HINSTANCE__ *)
0x00ee730f [chrome.exe] - chrome_exe_main_win.cc:47 wWinMain
0x00f07788 [chrome.exe] - crt0.c:263 __tmainCRTStartup
0x75723676 [kernel32.dll] + 0x00013676] BaseThreadInitThunk
0x77d19f41 [ntdll.dll] + 0x00039f41] __RtlUserThreadStart
0x77d19f14 [ntdll.dll] + 0x00039f14] _RtlUserThreadStart
Looking at the error and the code, it seems like it is possible for windowClipRect to get a NULL parentView. I don't have a reproduction case unfortunately.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list