11765 – REGRESSION: Clicking on a select with size other than 1 and no children results in a crash

RESOLVED FIXED 11765

REGRESSION: Clicking on a select with size other than 1 and no children results in a crash

https://bugs.webkit.org/show_bug.cgi?id=11765

Summary REGRESSION: Clicking on a select with size other than 1 and no children resul...

Jacob Lukas

Reported 2006-12-05 17:15:58 PST

Clicking on a select with size other than 1 and no children results in a crash. This is reproducible every time.

Attachments
Reduced test case (650 bytes, application/xhtml+xml) 2006-12-05 17:16 PST, Jacob Lukas	no flags	Details
First attempt (4.02 KB, patch) 2006-12-08 05:17 PST, Rob Buis	adele: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Jacob Lukas

Comment 1 2006-12-05 17:16:33 PST

Created attachment 11747 [details] Reduced test case

Matt Lilek

Comment 2 2006-12-05 17:44:34 PST

Confirming - I also get the following assertion failure ASSERTION FAILED: i < size() (/Users/matt/Code/WebKit/WebKitBuild/Debug/JavaScriptCore.framework/PrivateHeaders/Vector.h:387 const T& WTF::Vector<T, inlineCapacity>::at(size_t) const [with T = WebCore::HTMLElement*, long unsigned int inlineCapacity = 0ul])

Rob Buis

Comment 3 2006-12-08 05:17:38 PST

Created attachment 11771 [details] First attempt This patch should fix it. The testcase is a bit tricky but I think it does the job, with ToT it shows the crash, with my patch it will say Passed. Cheers, Rob.

Rob Buis

Comment 4 2006-12-08 15:07:42 PST

Landed in r18089.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P1

Severity Normal

Classification Unclassified

Version 420+

Hardware Mac

OS OS X 10.4

Product WebKit

Component New Bugs

Assignee

Nobody

Reported

2006-12-05 17:15 PST

Modified

2006-12-08 15:07 PST History

CC List

1 user Show

URL

Keywords Regression

Depends on

Blocks