[Webkit-unassigned] [Bug 86166] New: [Regression] Crash in WebCore::RenderSVGText::subtreeChildWillBeDestroyed
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 10 18:53:08 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=86166
Summary: [Regression] Crash in
WebCore::RenderSVGText::subtreeChildWillBeDestroyed
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P1
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: pdr at google.com
CC: darin at apple.com, zimmermann at kde.org,
schenney at chromium.org
Thread 0 *CRASHED* ( EXCEPTION_ACCESS_VIOLATION_READ @ 0x02a48000 )
0x61db9fc4 [chrome.dll] - MEMCPY.ASM:188 memmove
0x6294ab95 [chrome.dll] - rendersvgtext.cpp:188 WebCore::RenderSVGText::subtreeChildWillBeDestroyed(WebCore::RenderSVGInlineText *,WTF::Vector<WebCore::SVGTextLayoutAttributes *,0> &)
0x62946496 [chrome.dll] - rendersvginlinetext.cpp:84 WebCore::RenderSVGInlineText::willBeDestroyed()
0x61fab672 [chrome.dll] - renderobject.cpp:2364 WebCore::RenderObject::destroy()
0x61fab30f [chrome.dll] - node.cpp:1354 WebCore::Node::detach()
0x6228adce [chrome.dll] - containernode.cpp:428 WebCore::ContainerNode::removeBetween(WebCore::Node *,WebCore::Node *,WebCore::Node *)
0x6228ab16 [chrome.dll] - containernode.cpp:409 WebCore::ContainerNode::removeChild(WebCore::Node *,int &)
0x6273cf87 [chrome.dll] - v8nodecustom.cpp:111 WebCore::V8Node::removeChildCallback(v8::Arguments const &)
Original bug: http://crbug.com/127679
Unfortunately our crash reports have very little information beyond what's above. This is a regression caused by http://trac.webkit.org/changeset/116498 which introduced subtreeChildWillBeDestroyed.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list