Bug 12044

<html> <head> <title>Test HTML Page</title> <style type="text/css"> object { display: run-in; } </style> </head> <body> <object>object</object> </body> </html> Program received signal EXC_BAD_ACCESS, Could not access memory. Reason: KERN_INVALID_ADDRESS at address: 0xbbadbeef 0x0128f014 in WebCore::RenderPartObject::layout (this=0x1903d5bc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderPartObject.cpp:248 248 ASSERT(minMaxKnown()); (gdb) bt #0 0x0128f014 in WebCore::RenderPartObject::layout (this=0x1903d5bc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderPartObject.cpp:248 #1 0x015093dd in WebCore::RenderObject::layoutIfNeeded (this=0x1903d5bc) at RenderObject.h:509 #2 0x011499b6 in WebCore::RenderBlock::layoutInlineChildren (this=0x1903d74c, relayoutChildren=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/bidi.cpp:1529 #3 0x0115c454 in WebCore::RenderBlock::layoutBlock (this=0x1903d74c, relayoutChildren=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:493 #4 0x01150ac2 in WebCore::RenderBlock::layout (this=0x1903d74c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:421 #5 0x015093dd in WebCore::RenderObject::layoutIfNeeded (this=0x1903d74c) at RenderObject.h:509 #6 0x0115bb94 in WebCore::RenderBlock::layoutBlockChildren (this=0x1c9658ac, relayoutChildren=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:1102 #7 0x0115c493 in WebCore::RenderBlock::layoutBlock (this=0x1c9658ac, relayoutChildren=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:495 #8 0x01150ac2 in WebCore::RenderBlock::layout (this=0x1c9658ac) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:421 #9 0x015093dd in WebCore::RenderObject::layoutIfNeeded (this=0x1c9658ac) at RenderObject.h:509 #10 0x0115bb94 in WebCore::RenderBlock::layoutBlockChildren (this=0x18d2d2fc, relayoutChildren=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:1102 #11 0x0115c493 in WebCore::RenderBlock::layoutBlock (this=0x18d2d2fc, relayoutChildren=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:495 #12 0x01150ac2 in WebCore::RenderBlock::layout (this=0x18d2d2fc) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:421 #13 0x015093dd in WebCore::RenderObject::layoutIfNeeded (this=0x18d2d2fc) at RenderObject.h:509 #14 0x0115bb94 in WebCore::RenderBlock::layoutBlockChildren (this=0x1d316d4c, relayoutChildren=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:1102 #15 0x0115c493 in WebCore::RenderBlock::layoutBlock (this=0x1d316d4c, relayoutChildren=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:495 #16 0x01150ac2 in WebCore::RenderBlock::layout (this=0x1d316d4c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderBlock.cpp:421 #17 0x011674ab in WebCore::RenderView::layout (this=0x1d316d4c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/rendering/RenderView.cpp:111 #18 0x010eb87b in WebCore::FrameView::layout (this=0x17031f20, allowSubtree=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/page/FrameView.cpp:424 #19 0x010ecec6 in WebCore::Document::updateLayout (this=0x269a200) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1021 #20 0x010f983c in WebCore::Document::updateLayoutIgnorePendingStylesheets (this=0x269a200) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1047 #21 0x01241639 in WebCore::Element::offsetHeight (this=0x1c9e6ba0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Element.cpp:214 #22 0x01234580 in WebCore::JSElement::getValueProperty (this=0x16fde200, exec=0xbfffe4c0, token=5) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebKitBuild/Debug/DerivedSources/WebCore/JSElement.cpp:205 #23 0x01534146 in KJS::staticValueGetter<WebCore::JSElement> (exec=0xbfffe4c0, slot=@0xbfffe204) at lookup.h:149 #24 0x005477fd in KJS::PropertySlot::getValue (this=0xbfffe204, exec=0xbfffe4c0, originalObject=0x16fde200, propertyName=@0x1c937e3c) at property_slot.h:47 #25 0x004e5110 in KJS::JSObject::get (this=0x16fde200, exec=0xbfffe4c0, propertyName=@0x1c937e3c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/object.cpp:151 #26 0x004dc8f9 in KJS::DotAccessorNode::evaluate (this=0x1c937e30, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:548 #27 0x004d517d in KJS::AssignExprNode::evaluate (this=0x18d25bd0, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1527 #28 0x004d919c in KJS::VarDeclNode::evaluate (this=0x1c9a7350, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1545 #29 0x004d90ba in KJS::VarDeclListNode::evaluate (this=0x190c3e40, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1592 #30 0x004d8f92 in KJS::VarStatementNode::execute (this=0x1c9a7370, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1616 #31 0x004d6a00 in KJS::SourceElementsNode::execute (this=0x190f8bf0, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:2449 #32 0x004d5338 in KJS::BlockNode::execute (this=0x1be3b140, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/nodes.cpp:1648 #33 0x004c720a in KJS::DeclaredFunctionImp::execute (this=0x16fdffa0, exec=0xbfffe4c0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/function.cpp:359 #34 0x004c94ed in KJS::FunctionImp::callAsFunction (this=0x16fdffa0, exec=0x18d128fc, thisObj=0x18925f50, args=@0xbfffe57c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/function.cpp:108 #35 0x004e5d64 in KJS::JSObject::call (this=0x16fdffa0, exec=0x18d128fc, thisObj=0x18925f50, args=@0xbfffe57c) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/JavaScriptCore/kjs/object.cpp:96 #36 0x01258186 in KJS::JSAbstractEventListener::handleEvent (this=0x1be33f60, ele=0x1c9507b0, isWindowEvent=true) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/bindings/js/kjs_events.cpp:121 #37 0x010f091c in WebCore::Document::handleWindowEvent (this=0x269a200, evt=0x1c9507b0, useCapture=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:2240 #38 0x01225b6d in WebCore::EventTargetNode::dispatchWindowEvent (this=0x269a200, eventType=@0x16421f0, canBubbleArg=false, cancelableArg=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/EventTargetNode.cpp:325 #39 0x010f2ba7 in WebCore::Document::implicitClose (this=0x269a200) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/dom/Document.cpp:1327 #40 0x01394669 in WebCore::FrameLoader::checkEmitLoadEvent (this=0x2062e00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:1074 #41 0x01397fb9 in WebCore::FrameLoader::checkCompleted (this=0x2062e00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:1042 #42 0x013980bb in WebCore::FrameLoader::loadDone (this=0x2062e00) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/FrameLoader.cpp:1016 #43 0x0110b4ee in WebCore::DocLoader::setLoadInProgress (this=0x19060690, load=false) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/DocLoader.cpp:176 #44 0x0110cd7d in WebCore::Loader::receivedAllData (this=0x1640bb8, loader=Internal: static symbol `WebCore::SubresourceLoader' found in /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/SubresourceLoaderMac.mm psymtab but not in symtab. WebCore::SubresourceLoader may be an inlined function, or may be a template function (if a template, try specifying an instantiation: WebCore::SubresourceLoader<type>). ) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/loader.cpp:110 #45 0x0137c65c in WebCore::SubresourceLoader::didFinishLoading (this=0x1d30aa80) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/SubresourceLoaderMac.mm:195 #46 0x0137859c in WebCore::ResourceLoader::didFinishLoading (this=0x1d30aa80) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/loader/mac/ResourceLoaderMac.mm:446 #47 0x013878e3 in -[WebCoreResourceHandleAsDelegate connectionDidFinishLoading:] (self=0x186d2b10, _cmd=0x90a9d160, con=0x18db45d0) at /Users/mrowe/Documents/Source/SVN/WebKit-Nightlies/WebCore/platform/network/mac/ResourceHandleMac.mm:295 #48 0x9265be00 in -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] () #49 0x92659ea5 in -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] () #50 0x92659b41 in _sendCallbacks () #51 0x90829379 in CFRunLoopRunSpecific () #52 0x90828eb5 in CFRunLoopRunInMode () #53 0x92dcdb90 in RunCurrentEventLoopInMode () #54 0x92dcd297 in ReceiveNextEventCommon () #55 0x92dcd0ee in BlockUntilNextEventMatchingListInMode () #56 0x9326f465 in _DPSNextEvent () #57 0x9326f056 in -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] () #58 0x00006f96 in ?? () #59 0x93268ddb in -[NSApplication run] () #60 0x9325cd2f in NSApplicationMain () #61 0x0005f7de in ?? () #62 0x0005f6f9 in ?? () (gdb)