Bug 30350

Summary: Reproducible crash on :hover below WebCore::RenderLayer::hitTest
Product: WebKit Reporter: Federico Lebrón <federico.lebron>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: bdakin
Priority: P2 Keywords: HasReduction, InRadar
Version: 528+ (Nightly build)   
Hardware: Mac (Intel)   
OS: OS X 10.5   
Attachments:
Description Flags
Minimal test case
none
System information after crash in nightly WebKit none

Description Federico Lebrón 2009-10-13 22:19:12 PDT 
Created attachment 41150 [details]
Minimal test case

I'm not using 528+ but the nightly 532.2+, but there was no option for it. However, it also crashes Safari 4.0.3.
Attached is a minimal test case. The crash is reproducible every time, on both nightly and Safari 4.0.3.
All Safari extensions were disabled at the moment of the crashes.
Steps to reproduce:

Hover "fooooooooo". -> Crash.

Crash report: http://pastebin.com/f65b8e173
System info: http://pastebin.com/f6ebe5864

I'll also be attaching the crash report after submitting, just in case.
Comment 1 Federico Lebrón 2009-10-13 22:21:26 PDT 
Created attachment 41151 [details]
System information after crash in nightly WebKit
Comment 2 Mark Rowe (bdash) 2009-10-13 22:28:18 PDT 
<rdar://problem/7301567>
Comment 3 Mark Rowe (bdash) 2009-10-13 22:41:17 PDT 
Top of my crash log with some line numbers (r49488):

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000210
Crashed Thread:  0  Dispatch queue: com.apple.main-thread

Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x00000001008ac636 WebCore::RenderLayer::updateHoverActiveState(WebCore::HitTestRequest const&, WebCore::HitTestResult&) + 582 (RenderLayer.cpp:3044)
1   com.apple.WebCore             	0x00000001008ab1d0 WebCore::RenderLayer::hitTest(WebCore::HitTestRequest const&, WebCore::HitTestResult&) + 224 (RenderLayer.cpp:2322)
2   com.apple.WebCore             	0x00000001008ab04b WebCore::Document::prepareMouseEvent(WebCore::HitTestRequest const&, WebCore::IntPoint const&, WebCore::PlatformMouseEvent const&) + 91 (Document.cpp:2192)
Comment 4 Mark Rowe (bdash) 2009-10-15 15:28:40 PDT 

*** This bug has been marked as a duplicate of bug 26515 ***