Bug 48003

Summary: REGRESSION [Chromium] Crash when mousing over <object> with padding or border
Product: WebKit Reporter: Mihai Parparita <mihai>
Component: Plug-insAssignee: John Abd-El-Malek <jam>
Status: RESOLVED DUPLICATE    
Severity: Normal    
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
Attachments:
Description Flags
Test case none

Description Mihai Parparita 2010-10-20 13:21:55 PDT
Created attachment 71326 [details]
Test case

See attached test case. Mousing over the red area (which is the border on the <object> tag) results in a crash with the stack trace :

*CRASHED* ( EXCEPTION_ACCESS_VIOLATION_EXEC @ 0x000000bc )
chromeclientimpl.cpp:600]	WebKit::ChromeClientImpl::mouseDidMoveOverElement(WebCore::HitTestResult const &,unsigned int)
chrome.cpp:333]	WebCore::Chrome::mouseDidMoveOverElement(WebCore::HitTestResult const &,unsigned int)
eventhandler.cpp:1399]	WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const &)
webviewimpl.cpp:351]	WebKit::WebViewImpl::mouseMove(WebKit::WebMouseEvent const &)
webviewimpl.cpp:1101]	WebKit::WebViewImpl::handleInputEvent(WebKit::WebInputEvent const &)

http://trac.webkit.org/changeset/69154 touched the line that crashes in ChromeClientImpl::mouseDidMoveOverElement, so it's a likely culprit.

(Originally reported as http://crbug.com/58803)
Comment 1 John Abd-El-Malek 2010-10-20 13:42:32 PDT

*** This bug has been marked as a duplicate of bug 47956 ***