Bug 119401

Summary: [BlackBerry] Crash at absoluteClippedOverflowRect() in PluginView::calculateClipRect()
Product: WebKit Reporter: Jacky Jiang <jkjiang>
Component: WebKit BlackBerryAssignee: Jacky Jiang <jkjiang>
Status: RESOLVED FIXED    
Severity: Normal CC: staikos
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Jacky Jiang 2013-08-01 10:47:20 PDT 
JIRA 462881.
Back up a fix here. The fix was reviewed by George.

#0 0x7a9b85ac in absoluteClippedOverflowRect (this=0x0) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/rendering/RenderObject.h:859 
#1 WebCore::PluginView::calculateClipRect (this=0x5b80d478) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/plugins/blackberry/PluginViewBlackBerry.cpp:667 
#2 0x7a9b87f0 in WebCore::PluginView::updatePluginWidget (this=0x5b80d478) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/plugins/blackberry/PluginViewBlackBerry.cpp:120 
#3 0x7a449a78 in WebCore::ScrollView::clipRectChanged (this=<optimized out>) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/platform/ScrollView.cpp:946 
#4 0x7a5b71d2 in WebCore::RenderWidget::setWidgetGeometry (this=0x7cad1820, frame=...) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/rendering/RenderWidget.cpp:160 
#5 0x7a5b7cc4 in WebCore::RenderWidget::updateWidgetGeometry (this=0x7cad1820) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/rendering/RenderWidget.cpp:179 
#6 0x7a5b7d08 in WebCore::RenderWidget::updateWidgetPosition (this=0x7cad1820) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/rendering/RenderWidget.cpp:347 
#7 0x7a5b37de in WebCore::RenderView::updateWidgetPositions (this=0x79e7b168) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/rendering/RenderView.cpp:894 
#8 0x7a3fc048 in WebCore::FrameView::performPostLayoutTasks (this=0x79ea6f68) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/page/FrameView.cpp:2716 
#9 0x7a3fe7e2 in WebCore::FrameView::layout (this=0x79ea6f68, allowSubtree=<optimized out>) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/page/FrameView.cpp:1351 
#10 0x7a3feee6 in layout (allowSubtree=true, this=0x79ea6f68) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/page/FrameView.cpp:1099 
#11 WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive (this=0x79ea6f68) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/page/FrameView.cpp:3613 
#12 0x7a0aa344 in requestLayoutIfNeeded (this=0x791807c0) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebKit/blackberry/Api/BackingStore.cpp:1209 
#13 BlackBerry::WebKit::BackingStorePrivate::resumeScreenUpdates (this=0x791807c0, op=BlackBerry::WebKit::BackingStore::RenderAndBlit) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebKit/blackberry/Api/BackingStore.cpp:288 
#14 0x797abf9e in WebPageClientImpl::didPluginExitFullScreen (this=0x792b9128) at /var/build/ramdisk/src/rim/webkit/libwebview/WebPageClientImpl.cpp:4659 
#15 0x7a0b4bd8 in BlackBerry::WebKit::WebPagePrivate::didPluginExitFullScreen (this=0x796e8660) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebKit/blackberry/Api/WebPage.cpp:2045 
#16 0x7a9b8cca in WebCore::PluginView::handleFullScreenExitEvent (this=0x5b80d478) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/plugins/blackberry/PluginViewBlackBerry.cpp:789 
#17 0x7a9b90e4 in WebCore::PluginView::setParent (this=0x5b80d478, parentWidget=0x0) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/plugins/blackberry/PluginViewBlackBerry.cpp:885 
#18 0x7a44c31a in WebCore::ScrollView::removeChild (this=0x77b69e48, child=0x5b80d478) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/platform/ScrollView.cpp:85 
#19 0x7a5b80aa in WebCore::WidgetHierarchyUpdatesSuspensionScope::moveWidgets (this=<optimized out>) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/rendering/RenderWidget.cpp:69 
#20 0x7a1cadfa in ~WidgetHierarchyUpdatesSuspensionScope (this=0x77efe2e4, __in_chrg=<optimized out>) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/rendering/RenderWidget.h:41 
#21 WebCore::Element::detach (this=0x7cb4a440) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/dom/Element.cpp:1310 
#22 0x7a1a021a in detachChildren (this=0x3feecc68) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/dom/ContainerNode.h:219 
#23 WebCore::ContainerNode::detach (this=0x3feecc68) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/dom/ContainerNode.cpp:834 
#24 0x7a1b6c8e in WebCore::Document::detach (this=0x3feecc68) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/dom/Document.cpp:2126 
#25 0x7a1a8510 in WebCore::Document::prepareForDestruction (this=0x3feecc68) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/dom/Document.cpp:2155 
#26 0x7a3f5146 in WebCore::Frame::setView (this=0x7bb2c2b0, view=...) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/page/Frame.cpp:269 
#27 0x7a3805fa in WebCore::FrameLoader::closeAndRemoveChild (this=0x792be2c0, child=<optimized out>) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/FrameLoader.cpp:2376 
#28 0x7a382322 in WebCore::FrameLoader::detachFromParent (this=0x7bb2c2f0) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/FrameLoader.cpp:2456 
#29 0x7a382450 in WebCore::FrameLoader::detachChildren (this=<optimized out>) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/FrameLoader.cpp:2369 
#30 0x7a3824ca in WebCore::FrameLoader::setDocumentLoader (this=0x792be2c0, loader=0x7fa916f0) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/FrameLoader.cpp:1662 
#31 0x7a383082 in WebCore::FrameLoader::transitionToCommitted (this=0x792be2c0, cachedPage=...) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/FrameLoader.cpp:1854 
#32 0x7a384a74 in WebCore::FrameLoader::commitProvisionalLoad (this=0x792be2c0) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/FrameLoader.cpp:1755 
#33 0x7a3742de in commitIfReady (this=0x7fa916f0) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/DocumentLoader.cpp:329 
#34 commitIfReady (this=0x7fa916f0) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/DocumentLoader.cpp:752 
#35 WebCore::DocumentLoader::commitLoad (this=0x7fa916f0, data=0x775a8738 <Address 0x775a8738 out of bounds>, length=8052) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/DocumentLoader.cpp:759 
#36 0x7a374f56 in WebCore::DocumentLoader::continueAfterContentPolicy (this=0x7fa916f0, policy=<optimized out>) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/DocumentLoader.cpp:746 
#37 0x7a377520 in continueAfterContentPolicy (policy=<optimized out>, this=<optimized out>) at /var/build/ramdisk/src/rim/webkit/webkit/Source/WebCore/loader/DocumentLoader.cpp:672 
#38 WebCore::DocumentLoader::responseReceived (this=0x7fa916f0, resource=<optim
Comment 1 Jacky Jiang 2013-08-01 11:14:02 PDT 
Committed r153592: <http://trac.webkit.org/changeset/153592>