Bug 13243 - REGRESSION (r20506): Repro crash/assert when using scroll wheel on a list box taller than its contents
Summary: REGRESSION (r20506): Repro crash/assert when using scroll wheel on a list box...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Forms (show other bugs)
Version: 523.x (Safari 3)
Hardware: Macintosh OS X 10.4
: P1 Critical
Assignee: Nobody
URL: data:text/html,<select multiple><opti...
Keywords: InRadar, Regression
Depends on:
Blocks:
 
Reported: 2007-03-31 06:10 PDT by mitz
Modified: 2007-03-31 22:24 PDT (History)
0 users

See Also:


Attachments
Patch (1.95 KB, patch)
2007-03-31 07:02 PDT, mitz
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description mitz 2007-03-31 06:10:46 PDT
Open the URL, position the mouse inside the list box and use the scroll wheel to scroll up or down. Crashes r20610. In a debug build you get:

ASSERTION FAILED: i < size()
(JavaScriptCore.framework/PrivateHeaders/Vector.h:406 const T& WTF::Vector<T, inlineCapacity>::at(size_t) const [with T = WebCore::HTMLElement*, long unsigned int inlineCapacity = 0ul])


Thread 0 Crashed:
0   com.apple.WebCore              	0x0165f2b8 WTF::Vector<WebCore::HTMLElement*, (unsigned long)0>::at(unsigned long) const + 120 (Vector.h:406)
1   com.apple.WebCore              	0x0165f320 WTF::Vector<WebCore::HTMLElement*, (unsigned long)0>::operator[](int) const + 44 (Vector.h:415)
2   com.apple.WebCore              	0x0144b4f8 WebCore::RenderListBox::paintItemBackground(WebCore::RenderObject::PaintInfo&, int, int, int) + 96 (RenderListBox.cpp:351)
3   com.apple.WebCore              	0x0144ce20 WebCore::RenderListBox::paintObject(WebCore::RenderObject::PaintInfo&, int, int) + 300 (RenderListBox.cpp:268)
4   com.apple.WebCore              	0x01181bc4 WebCore::RenderBlock::paint(WebCore::RenderObject::PaintInfo&, int, int) + 672 (RenderBlock.cpp:1326)
[...]
Comment 1 mitz 2007-03-31 07:02:36 PDT
Created attachment 13909 [details]
Patch
Comment 2 Darin Adler 2007-03-31 17:33:56 PDT
Comment on attachment 13909 [details]
Patch

r=me
Comment 3 Mark Rowe (bdash) 2007-03-31 22:13:03 PDT
<rdar://problem/5103226>
Comment 4 Mark Rowe (bdash) 2007-03-31 22:24:04 PDT
Landed in r20645.