RESOLVED FIXED6931
REGRESSION: assertion failure mousing over DHTML menus at www.worldofwarcraft.com 
https://bugs.webkit.org/show_bug.cgi?id=6931
Summary REGRESSION: assertion failure mousing over DHTML menus at www.worldofwarcraft...
Darin Adler
Reported 2006-01-30 01:21:24 PST
Go to www.worldofwarcraft.com. Mouse over menus at the left side of the page, dragging into one of them and back out. Then see a crash. Dies in a call to last() inside render_layer.cpp.
Attachments
fix the crash (2.16 KB, patch)
2006-01-30 03:20 PST, Maciej Stachowiak 		darin: review-
DetailsFormatted DiffDiff
a fix that should actually work, w/ test case (7.23 KB, patch)
2006-01-31 20:17 PST, Maciej Stachowiak 		darin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Darin Adler
Comment 1 2006-01-30 01:23:04 PST
0 com.apple.WebCore 0x020ff158 KXMLCore::Vector<WebCore::RenderLayer*, (unsigned long)0>::at(unsigned long) + 120 (Vector.h:313) 1 com.apple.WebCore 0x021840f0 KXMLCore::Vector<WebCore::RenderLayer*, (unsigned long)0>::last() + 52 (Vector.h:341) 2 com.apple.WebCore 0x020095ec WebCore::RenderLayer::hitTestLayer(WebCore::RenderLayer*, WebCore::RenderObject::NodeInfo&, int, int, WebCore::IntRect const&) + 188 (render_layer.cpp:1150) 3 com.apple.WebCore 0x0200961c WebCore::RenderLayer::hitTestLayer(WebCore::RenderLayer*, WebCore::RenderObject::NodeInfo&, int, int, WebCore::IntRect const&) + 236 (render_layer.cpp:1151) 4 com.apple.WebCore 0x0200961c WebCore::RenderLayer::hitTestLayer(WebCore::RenderLayer*, WebCore::RenderObject::NodeInfo&, int, int, WebCore::IntRect const&) + 236 (render_layer.cpp:1151) 5 com.apple.WebCore 0x02009bc8 WebCore::RenderLayer::hitTest(WebCore::RenderObject::NodeInfo&, int, int) + 192 (render_layer.cpp:1113) 6 com.apple.WebCore 0x01daf334 WebCore::MouseRelatedEventImpl::computePositions() + 636 (dom2_eventsimpl.cpp:276) 7 com.apple.WebCore 0x01db06b4 WebCore::MouseRelatedEventImpl::MouseRelatedEventImpl[not-in-charge](WebCore::AtomicString const&, bool, bool, WebCore::AbstractViewImpl*, int, int, int, int, int, bool, bool, bool, bool, bool) + 192 (dom2_eventsimpl.cpp:222)
Maciej Stachowiak
Comment 2 2006-01-30 03:20:41 PST
Created attachment 6103 [details] fix the crash
Geoffrey Garen
Comment 3 2006-01-30 09:59:10 PST
seems off by one. isn't size() - 1 the index of the last valid item?
Darin Adler
Comment 4 2006-01-30 11:23:41 PST
Comment on attachment 6103 [details] fix the crash Looks wrong. The value of i needs to start as size - 1, not size. Also the second of the two loops is using size_t and needs to use int.
Maciej Stachowiak
Comment 5 2006-01-30 15:31:44 PST
That's what I get for coding past my bedtime.
Maciej Stachowiak
Comment 6 2006-01-31 20:17:28 PST
Created attachment 6172 [details] a fix that should actually work, w/ test case
Darin Adler
Comment 7 2006-01-31 22:21:27 PST
Comment on attachment 6172 [details] a fix that should actually work, w/ test case I reviewed this earlier, not sure why it didn't get marked review+. r=me
Note You need to log in before you can comment on or make changes to this bug.