Bug 9862

Summary: REGRESSION: GMail: Crash in RenderView::repaintViewRectangle when spoofing as FF
Product: WebKit Reporter: Justin Garcia <justin.garcia>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: mitz
Priority: P1 Keywords: GoogleBug, InRadar, NeedsReduction, Regression
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Bug Depends on:    
Bug Blocks: 9638    
Attachments:
Description Flags
Test case
none
Better test case - just click to crash
none
Add missing null check adele: review+

Justin Garcia
Reported 2006-07-11 15:37:21 PDT
Spoof as FF Goto: http://gmail.google.com/ Login Crash: #0 0x01f8eb4c in WebCore::RenderView::repaintViewRectangle at RenderView.cpp:226 #1 0x01fb90bc in WebCore::RenderObject::repaint at RenderObject.cpp:1676 #2 0x01fa9318 in WebCore::RenderLayer::updateLayerPositions at RenderLayer.cpp:181 #3 0x01ec6288 in WebCore::FrameView::layout at FrameView.cpp:484 #4 0x01ec654c in WebCore::FrameView::layoutTimerFired at FrameView.cpp:1168 #5 0x0226f208 in WebCore::Timer<WebCore::FrameView>::fired at Timer.h:94 #6 0x0205811c in WebCore::TimerBase::fireTimers at Timer.cpp:335 #7 0x020581e8 in WebCore::TimerBase::sharedTimerFired at Timer.cpp:352 #8 0x02057594 in WebCore::timerFired at SharedTimerMac.cpp:46 Blocks progress on 9638 since you have to spoof as FF to enable GMail's RT Editor.
Attachments
Test case (163 bytes, text/html)
2006-07-11 23:21 PDT, mitz 		no flags
Details
Better test case - just click to crash (185 bytes, text/html)
2006-07-11 23:25 PDT, mitz 		no flags
Details
Add missing null check (4.00 KB, patch)
2006-07-11 23:57 PDT, mitz 		adele: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Justin Garcia
Comment 1 2006-07-11 17:08:22 PDT
Regressed somewhere between 15197 and 15227.
Alice Liu
Comment 2 2006-07-11 19:24:26 PDT
<rdar://problem/4622407> also at www.liberation.fr without spoofing
mitz
Comment 3 2006-07-11 22:48:52 PDT
I got a similar crash twice when I tried to close the big Flash ad at http://www.ynet.co.il/
mitz
Comment 4 2006-07-11 23:21:25 PDT
Created attachment 9387 [details] Test case This test case triggers the same crash, which happens when you attempt to paint the contents of an IFRAME with display:none. Click the button then go ahead and print (or click Preview in the print dialog).
mitz
Comment 5 2006-07-11 23:25:01 PDT
Created attachment 9388 [details] Better test case - just click to crash
mitz
Comment 6 2006-07-11 23:57:22 PDT
Created attachment 9389 [details] Add missing null check
David Kilzer (:ddkilzer)
Comment 7 2006-07-12 21:46:32 PDT
Committed revision 15402.
Note You need to log in before you can comment on or make changes to this bug.