[Webkit-unassigned] [Bug 107344] New: Crash in RenderBox::removeFloatingOrPositionedChildFromBlockLists()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jan 18 17:13:52 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=107344
Summary: Crash in
RenderBox::removeFloatingOrPositionedChildFromBlockLis
ts()
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: simon.fraser at apple.com
CC: bdakin at apple.com
Recent builds are crashing with a null de-ref:
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000018
Process Model:
Single Web Process
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x0000000119ca52d9 WebCore::RenderBox::removeFloatingOrPositionedChildFromBlockLists() + 313 (RenderObject.h:165)
1 com.apple.WebCore 0x0000000119d45c82 WebCore::RenderObjectChildList::removeChildNode(WebCore::RenderObject*, WebCore::RenderObject*, bool) + 50 (RenderObjectChildList.cpp:62)
2 com.apple.WebCore 0x0000000119cc4ff1 WebCore::RenderBoxModelObject::moveChildTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) + 177 (RenderBoxModelObject.cpp:2851)
3 com.apple.WebCore 0x0000000119cc509a WebCore::RenderBoxModelObject::moveChildrenTo(WebCore::RenderBoxModelObject*, WebCore::RenderObject*, WebCore::RenderObject*, WebCore::RenderObject*, bool) + 122 (RenderObject.h:169)
4 com.apple.WebCore 0x0000000119c6fdb5 WebCore::RenderBlock::collapseAnonymousBoxChild(WebCore::RenderBlock*, WebCore::RenderObject*) + 229 (RenderBlock.cpp:1136)
5 com.apple.WebCore 0x0000000119c6fed5 WebCore::RenderBlock::removeChild(WebCore::RenderObject*) + 197 (RenderBlock.cpp:1216)
6 com.apple.WebCore 0x0000000119d433dd WebCore::RenderObject::willBeDestroyed() + 205 (AXObjectCache.h:117)
7 com.apple.WebCore 0x0000000119cb92e9 WebCore::RenderBoxModelObject::willBeDestroyed() + 137 (RenderBoxModelObject.cpp:349)
8 com.apple.WebCore 0x0000000119ca5148 WebCore::RenderBox::willBeDestroyed() + 136 (RenderBox.cpp:162)
9 com.apple.WebCore 0x0000000119c6d1c4 WebCore::RenderBlock::willBeDestroyed() + 404 (RenderBlock.cpp:294)
10 com.apple.WebCore 0x0000000119d43972 WebCore::RenderObject::destroy() + 18 (RenderObject.h:617)
11 com.apple.WebCore 0x0000000119d45c3c WebCore::RenderObjectChildList::destroyLeftoverChildren() + 172 (RenderObjectChildList.h:43)
12 com.apple.WebCore 0x0000000119c6d052 WebCore::RenderBlock::willBeDestroyed() + 34 (RenderBlock.cpp:253)
13 com.apple.WebCore 0x0000000119d43972 WebCore::RenderObject::destroy() + 18 (RenderObject.h:617)
14 com.apple.WebCore 0x0000000119d45c3c WebCore::RenderObjectChildList::destroyLeftoverChildren() + 172 (RenderObjectChildList.h:43)
15 com.apple.WebCore 0x0000000119c6d052 WebCore::RenderBlock::willBeDestroyed() + 34 (RenderBlock.cpp:253)
16 com.apple.WebCore 0x0000000119d43972 WebCore::RenderObject::destroy() + 18 (RenderObject.h:617)
17 com.apple.WebCore 0x0000000119d45c3c WebCore::RenderObjectChildList::destroyLeftoverChildren() + 172 (RenderObjectChildList.h:43)
18 com.apple.WebCore 0x0000000119c6d052 WebCore::RenderBlock::willBeDestroyed() + 34 (RenderBlock.cpp:253)
19 com.apple.WebCore 0x0000000119d43972 WebCore::RenderObject::destroy() + 18 (RenderObject.h:617)
20 com.apple.WebCore 0x0000000119d45c3c WebCore::RenderObjectChildList::destroyLeftoverChildren() + 172 (RenderObjectChildList.h:43)
21 com.apple.WebCore 0x0000000119c6d052 WebCore::RenderBlock::willBeDestroyed() + 34 (RenderBlock.cpp:253)
22 com.apple.WebCore 0x0000000119d43972 WebCore::RenderObject::destroy() + 18 (RenderObject.h:617)
23 com.apple.WebCore 0x0000000119d45c3c WebCore::RenderObjectChildList::destroyLeftoverChildren() + 172 (RenderObjectChildList.h:43)
24 com.apple.WebCore 0x0000000119c6d052 WebCore::RenderBlock::willBeDestroyed() + 34 (RenderBlock.cpp:253)
25 com.apple.WebCore 0x0000000119d43972 WebCore::RenderObject::destroy() + 18 (RenderObject.h:617)
26 com.apple.WebCore 0x0000000119c0b27b WebCore::Node::detach() + 59 (Node.h:725)
27 com.apple.WebCore 0x00000001193ac1bf WebCore::ContainerNode::detach() + 15 (ContainerNode.h:85)
28 com.apple.WebCore 0x00000001195e3ffd WebCore::Element::detach() + 493 (RenderWidget.h:40)
29 com.apple.WebCore 0x00000001193abb6a WebCore::ContainerNode::removeChildren() + 1370 (Vector.h:544)
30 com.apple.WebCore 0x0000000119bbfc0d WebCore::replaceChildrenWithFragment(WebCore::ContainerNode*, WTF::PassRefPtr<WebCore::DocumentFragment>, int&) + 189 (PassRefPtr.h:105)
31 com.apple.WebCore 0x00000001196f3fb9 WebCore::HTMLElement::setInnerHTML(WTF::String const&, int&) + 73 (PassRefPtr.h:68)
32 com.apple.WebCore 0x0000000119988289 WebCore::setJSHTMLElementInnerHTML(JSC::ExecState*, JSC::JSObject*, JSC::JSValue) + 57 (RefPtr.h:56)
33 com.apple.WebCore 0x0000000119989770 bool JSC::lookupPut<WebCore::JSHTMLElement>(JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::HashTable const*, WebCore::JSHTMLElement*, bool) + 400 (Lookup.h:373)
34 com.apple.WebCore 0x00000001199870ba WebCore::JSHTMLElement::put(JSC::JSCell*, JSC::ExecState*, JSC::PropertyName, JSC::JSValue, JSC::PutPropertySlot&) + 58 (Lookup.h:389)
35 com.apple.JavaScriptCore 0x0000000118f6bbe5 llint_slow_path_put_by_id + 373 (JSValueInlines.h:363)
36 com.apple.JavaScriptCore 0x0000000118f7309f llint_op_put_by_id + 133
37 com.apple.JavaScriptCore 0x0000000118e99316 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 518 (JITCode.h:135)
38 com.apple.JavaScriptCore 0x0000000118da88a5 JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 69 (CallData.cpp:40)
39 com.apple.WebCore 0x00000001199518c9 WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1065 (JSMainThreadExecState.h:56)
40 com.apple.WebCore 0x00000001196092cc WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 684 (InspectorInstrumentation.h:280)
41 com.apple.WebCore 0x0000000119608dbf WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 383 (EventTarget.cpp:203)
42 com.apple.WebCore 0x00000001195aa38b WebCore::DOMWindow::dispatchEvent(WTF::PassRefPtr<WebCore::Event>, WTF::PassRefPtr<WebCore::EventTarget>) + 203 (DOMWindow.cpp:1695)
43 com.apple.WebCore 0x00000001195af4c7 WebCore::DOMWindow::dispatchLoadEvent() + 647 (PassRefPtr.h:68)
44 com.apple.WebCore 0x00000001194a4793 WebCore::Document::implicitClose() + 355 (Document.cpp:3648)
45 com.apple.WebCore 0x000000011965b3fd WebCore::FrameLoader::checkCompleted() + 317 (FrameLoader.cpp:780)
46 com.apple.WebCore 0x000000011936fe91 WebCore::CachedResourceLoader::loadDone(WebCore::CachedResource*) + 65 (CachedResourceLoader.cpp:759)
47 com.apple.WebCore 0x0000000119ef23c2 WebCore::SubresourceLoader::releaseResources() + 82 (ResourceLoader.h:146)
48 com.apple.WebCore 0x0000000119ef20ea WebCore::SubresourceLoader::didFinishLoading(double) + 202 (CachedResourceHandle.h:35)
49 com.apple.Foundation 0x000000010bdb83d5 __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke + 25
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list