Bug 18872

Summary: Crash using webkit-box-reflect and position:absolute
Product: WebKit Reporter: Thomas Steinacher <tom>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: bfulgham, hyatt, mitz
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
crash log none

Thomas Steinacher
Reported 2008-05-03 04:05:33 PDT
Create the following page: <meta http-equiv=refresh content=0.1> <style type="text/css"> .outer { -webkit-box-reflect:below 1px; } .inner { position:absolute; } </style> <div class="outer"><div class="inner"></div></div> Leave it running for a few seconds. Latest WebKit will crash. Tested on both PPC and Intel.
Attachments
crash log (29.28 KB, text/plain)
2008-05-03 10:56 PDT, Thomas Steinacher 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Matt Lilek
Comment 1 2008-05-03 10:51:59 PDT
This doesn't crash for me - can you attach a crash log?
Thomas Steinacher
Comment 2 2008-05-03 10:56:05 PDT
Created attachment 20949 [details] crash log
mitz
Comment 3 2008-05-03 23:15:26 PDT
With guard malloc, I get a crash in RenderLayer::removeChild() when closing the page (even without the refresh).
Note You need to log in before you can comment on or make changes to this bug.