Bug 50219

Summary: chrome.dll!WebCore::RenderObject::RenderObject ReadAV@NULL (65bf4b7466d7b2a21ddbeba4b5e01f4e)
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: RESOLVED CONFIGURATION CHANGED    
Severity: Normal CC: ahmad.saleem792, ap, bfulgham, eric, hyatt, rniwa
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
URL: http://code.google.com/p/chromium/issues/detail?id=64751
Attachments:
Description Flags
Repro none

Berend-Jan Wever
Reported 2010-11-30 03:06:45 PST
Created attachment 75120 [details] Repro Repro: <style> * { -webkit-column-count:3; -webkit-column-span: all; } </style> <h><table> id: chrome.dll!WebCore::RenderObject::RenderObject ReadAV@NULL (65bf4b7466d7b2a21ddbeba4b5e01f4e) description: Attempt to read from unallocated NULL pointer+0x14 in chrome.dll!WebCore::RenderObject::RenderObject application: Chromium 9.0.596.0 stack: chrome.dll!WebCore::RenderObject::RenderObject chrome.dll!WebCore::RenderBoxModelObject::RenderBoxModelObject chrome.dll!WebCore::RenderBox::RenderBox chrome.dll!WebCore::RenderBlock::clone chrome.dll!WebCore::RenderBlock::splitBlocks chrome.dll!WebCore::RenderBlock::splitFlow chrome.dll!WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks chrome.dll!WebCore::RenderBlock::addChildIgnoringContinuation chrome.dll!WebCore::RenderBlock::addChild chrome.dll!WebCore::RenderInline::splitFlow chrome.dll!WebCore::RenderInline::addChildIgnoringContinuation chrome.dll!WebCore::Node::createRendererIfNeeded chrome.dll!WebCore::Element::attach chrome.dll!WebCore::HTMLConstructionSite::attach<...> chrome.dll!WebCore::HTMLConstructionSite::insertHTMLElement chrome.dll!WebCore::HTMLTreeBuilder::processStartTagForInBody chrome.dll!WebCore::HTMLTreeBuilder::processStartTag chrome.dll!WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken chrome.dll!WebCore::HTMLTreeBuilder::constructTreeFromToken chrome.dll!WebCore::HTMLDocumentParser::pumpTokenizer chrome.dll!WebCore::HTMLDocumentParser::append chrome.dll!WebCore::DecodedDataDocumentParser::appendBytes chrome.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource chrome.dll!WebCore::FrameLoader::finishedLoading chrome.dll!WebCore::MainResourceLoader::didFinishLoading chrome.dll!WebCore::ResourceLoader::didFinishLoading chrome.dll!WebCore::ResourceHandleInternal::didFinishLoading ...
Attachments
Repro (101 bytes, text/html)
2010-11-30 03:06 PST, Berend-Jan Wever 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Ahmad Saleem
Comment 1 2022-08-16 15:58:34 PDT
I am not able to reproduce this crash using attached test case, is it something required to run in "Debug" mode? Chrome bug from the URL field was also tagged as "RESOLVED WONTFIX" since it was not reproducible in Chrome 51. Appreciate if someone can mark this bug accordingly. Thanks!
Ahmad Saleem
Comment 2 2022-08-16 15:59:05 PDT
(In reply to Ahmad Saleem from comment #1) > I am not able to reproduce this crash using attached test case, is it > something required to run in "Debug" mode? > > Chrome bug from the URL field was also tagged as "RESOLVED WONTFIX" since it > was not reproducible in Chrome 51. > > Appreciate if someone can mark this bug accordingly. Thanks! On Safari 15.6 & Safari Technology Preview 151
Note You need to log in before you can comment on or make changes to this bug.