Bug 167295 - Crash in WebCore::RenderObject::repaintSlowRepaintObject()
Summary: Crash in WebCore::RenderObject::repaintSlowRepaintObject()
Status: RESOLVED DUPLICATE of bug 167011
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: Safari Technology Preview
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
URL: http://sonnreich.at
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2017-01-22 14:55 PST by Dieter Komendera
Modified: 2017-01-26 01:19 PST (History)
1 user (show)

See Also:

Attachments
crash log (87.04 KB, text/plain)
2017-01-22 14:55 PST, Dieter Komendera 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dieter Komendera 2017-01-22 14:55:04 PST 
Created attachment 299486 [details]
crash log

I can almost reliably reproduce this crash:

1) go to http://sonnreich.at
2) click a link at the bottom of the page, i.e "WOHNEN"
3) use the back button to navigate back
4) scroll down

Sometimes it crashes at 3), sometimes at 4) and sometimes not at all.

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x000000010fb3a670 WebCore::RenderObject::repaintSlowRepaintObject() const + 32
1   com.apple.WebCore             	0x000000010ee85a19 WebCore::FrameView::scrollContentsSlowPath(WebCore::IntRect const&) + 121
2   com.apple.WebCore             	0x000000010edf682a WebCore::ScrollView::scrollContents(WebCore::IntSize const&) + 362
3   com.apple.WebCore             	0x000000010fc16cf6 WebCore::ScrollView::scrollTo(WebCore::IntPoint const&) + 150
4   com.apple.WebCore             	0x000000010f26d635 WebCore::FrameView::scrollTo(WebCore::IntPoint const&) + 53

Release 21 (Safari 10.2, WebKit 12604.1.2)
macOS 10.12.2 (16C67)
Comment 1 Alexey Proskuryakov 2017-01-24 23:32:38 PST 
Apple employees, see rdar://problem/18969355 and related.
Comment 2 Simon Fraser (smfr) 2017-01-25 07:23:51 PST 
Thank you for the steps!
Comment 3 Simon Fraser (smfr) 2017-01-25 07:46:19 PST 
This was fixed in http://trac.webkit.org/changeset/210777

*** This bug has been marked as a duplicate of bug 167011 ***
Comment 4 Dieter Komendera 2017-01-26 01:19:41 PST 
That was quick :) Thanks a lot!