Bug 48003 - REGRESSION [Chromium] Crash when mousing over <object> with padding or border
Summary: REGRESSION [Chromium] Crash when mousing over <object> with padding or border
Status: RESOLVED DUPLICATE of bug 47956
Alias: None
Product: WebKit
Classification: Unclassified
Component: Plug-ins (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: John Abd-El-Malek
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-10-20 13:21 PDT by Mihai Parparita
Modified: 2010-10-20 13:42 PDT (History)
0 users

See Also:

Attachments
Test case (94 bytes, text/html)
2010-10-20 13:21 PDT, Mihai Parparita 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Mihai Parparita 2010-10-20 13:21:55 PDT 
Created attachment 71326 [details]
Test case

See attached test case. Mousing over the red area (which is the border on the <object> tag) results in a crash with the stack trace :

*CRASHED* ( EXCEPTION_ACCESS_VIOLATION_EXEC @ 0x000000bc )
chromeclientimpl.cpp:600]	WebKit::ChromeClientImpl::mouseDidMoveOverElement(WebCore::HitTestResult const &,unsigned int)
chrome.cpp:333]	WebCore::Chrome::mouseDidMoveOverElement(WebCore::HitTestResult const &,unsigned int)
eventhandler.cpp:1399]	WebCore::EventHandler::mouseMoved(WebCore::PlatformMouseEvent const &)
webviewimpl.cpp:351]	WebKit::WebViewImpl::mouseMove(WebKit::WebMouseEvent const &)
webviewimpl.cpp:1101]	WebKit::WebViewImpl::handleInputEvent(WebKit::WebInputEvent const &)

http://trac.webkit.org/changeset/69154 touched the line that crashes in ChromeClientImpl::mouseDidMoveOverElement, so it's a likely culprit.

(Originally reported as http://crbug.com/58803)
Comment 1 John Abd-El-Malek 2010-10-20 13:42:32 PDT 

*** This bug has been marked as a duplicate of bug 47956 ***