Bug 18872 - Crash using webkit-box-reflect and position:absolute
Summary: Crash using webkit-box-reflect and position:absolute
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac OS X 10.5
: P1 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-05-03 04:05 PDT by Thomas Steinacher
Modified: 2022-07-11 16:23 PDT (History)
3 users (show)

See Also:

Attachments
crash log (29.28 KB, text/plain)
2008-05-03 10:56 PDT, Thomas Steinacher 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Thomas Steinacher 2008-05-03 04:05:33 PDT 
Create the following page:

<meta http-equiv=refresh content=0.1>
<style type="text/css">
.outer { -webkit-box-reflect:below 1px; }
.inner { position:absolute; }
</style>
<div class="outer"><div class="inner"></div></div>

Leave it running for a few seconds. Latest WebKit will crash. Tested on both PPC and Intel.
Comment 1 Matt Lilek 2008-05-03 10:51:59 PDT 
This doesn't crash for me - can you attach a crash log?
Comment 2 Thomas Steinacher 2008-05-03 10:56:05 PDT 
Created attachment 20949 [details]
crash log
Comment 3 mitz 2008-05-03 23:15:26 PDT 
With guard malloc, I get a crash in RenderLayer::removeChild() when closing the page (even without the refresh).