Bug 62030

Summary: Crashes in HTMLElement::ieForbidsInsertHTML
Product: WebKit Reporter: Marcus Bulach <bulach>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: ap, bulach, rniwa, zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   

Description Marcus Bulach 2011-06-03 10:47:10 PDT
After rolling WebKit in chromium (r87979:r88005), we started seeing some crashes in HTMLElement::ieForbidsInsertHTML.
Full details:
http://code.google.com/p/chromium/issues/detail?id=84872

Higher up in the call stack, there are something related to SVG, which may be causing this?

chrome_25a0000!WebCore::StyleElement::sheetLoaded+0x26 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\styleelement.cpp @ 182]
chrome_25a0000!WebCore::SVGStyleElement::sheetLoaded+0xc [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\svg\svgstyleelement.h @ 61]
chrome_25a0000!WebCore::CSSStyleSheet::checkLoaded+0x30 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\css\cssstylesheet.cpp @ 230]
chrome_25a0000!WebCore::StyleElement::createSheet+0x2f0 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\styleelement.cpp @ 166]
chrome_25a0000!WebCore::StyleElement::process+0x18f [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\styleelement.cpp @ 134]
chrome_25a0000!WebCore::StyleElement::insertedIntoDocument+0x25 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\dom\styleelement.cpp @ 67]
chrome_25a0000!WebCore::SVGStyleElement::insertedIntoDocument+0x15 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\svg\svgstyleelement.cpp @ 127]
Comment 1 Alexey Proskuryakov 2011-06-06 20:34:55 PDT
According to a comment in bug 62109, this is a duplicate of bug 62116.
Comment 2 Ryosuke Niwa 2011-06-06 21:48:24 PDT

*** This bug has been marked as a duplicate of bug 62116 ***