Bug 42020

Summary: Crash beneath setSelection() during detach()
Product: WebKit Reporter: mitz
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal Keywords: InRadar
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Avoid calls to localToAbsolute() from clearSelection() simon.fraser: review+

mitz
Reported 2010-07-09 22:06:53 PDT
<rdar://problem/7527532> Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 0 com.apple.WebCore 0x00007fff82fc4e1b WebCore::RenderBox::availableHeightUsing(WebCore::Length const&) const + 507 1 com.apple.WebCore 0x00007fff82fc4c0f WebCore::RenderBox::availableHeight() const + 31 2 com.apple.WebCore 0x00007fff82fc4c0f WebCore::RenderBox::availableHeight() const + 31 3 com.apple.WebCore 0x00007fff82fc4b41 WebCore::RenderBoxModelObject::relativePositionOffsetY() const + 129 4 com.apple.WebCore 0x00007fff82f47b05 WebCore::RenderBox::offsetFromContainer(WebCore::RenderObject*, WebCore::IntPoint const&) const + 261 5 com.apple.WebCore 0x00007fff82fc6643 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 275 6 com.apple.WebCore 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664 7 com.apple.WebCore 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664 8 com.apple.WebCore 0x00007fff82fc67c8 WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const + 664 9 com.apple.WebCore 0x00007fff83108873 WebCore::RenderBlock::selectionGapRectsForRepaint(WebCore::RenderBoxModelObject*) + 259 10 com.apple.WebCore 0x00007fff82ed9eb2 WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int, WebCore::RenderView::SelectionRepaintMode) + 1298 11 com.apple.WebCore 0x00007fff82efc470 WebCore::RenderObjectChildList::removeChildNode(WebCore::RenderObject*, WebCore::RenderObject*, bool) + 592 12 com.apple.WebCore 0x00007fff830d4224 WebCore::RenderBlock::moveAllChildrenTo(WebCore::RenderObject*, WebCore::RenderObjectChildList*) + 68 13 com.apple.WebCore 0x00007fff82efbe2a WebCore::RenderBlock::removeChild(WebCore::RenderObject*) + 650 14 com.apple.WebCore 0x00007fff82efba79 WebCore::RenderObject::destroy() + 137 15 com.apple.WebCore 0x00007fff82efb947 WebCore::RenderBox::destroy() + 71 16 com.apple.WebCore 0x00007fff82efb6c3 WebCore::Node::detach() + 35 17 com.apple.WebCore 0x00007fff82efb57b WebCore::Element::detach() + 107 18 com.apple.WebCore 0x00007fff82fcf1d7 WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 263 … Patch forthcoming.
Attachments
Avoid calls to localToAbsolute() from clearSelection() (2.78 KB, patch)
2010-07-09 22:16 PDT, mitz
simon.fraser: review+
mitz
Comment 1 2010-07-09 22:16:19 PDT
Created attachment 61142 [details] Avoid calls to localToAbsolute() from clearSelection()
mitz
Comment 2 2010-07-16 14:02:19 PDT
Note You need to log in before you can comment on or make changes to this bug.