Created attachment 75120 [details] Repro Repro: <style> * { -webkit-column-count:3; -webkit-column-span: all; } </style> <h><table> id: chrome.dll!WebCore::RenderObject::RenderObject ReadAV@NULL (65bf4b7466d7b2a21ddbeba4b5e01f4e) description: Attempt to read from unallocated NULL pointer+0x14 in chrome.dll!WebCore::RenderObject::RenderObject application: Chromium 9.0.596.0 stack: chrome.dll!WebCore::RenderObject::RenderObject chrome.dll!WebCore::RenderBoxModelObject::RenderBoxModelObject chrome.dll!WebCore::RenderBox::RenderBox chrome.dll!WebCore::RenderBlock::clone chrome.dll!WebCore::RenderBlock::splitBlocks chrome.dll!WebCore::RenderBlock::splitFlow chrome.dll!WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks chrome.dll!WebCore::RenderBlock::addChildIgnoringContinuation chrome.dll!WebCore::RenderBlock::addChild chrome.dll!WebCore::RenderInline::splitFlow chrome.dll!WebCore::RenderInline::addChildIgnoringContinuation chrome.dll!WebCore::Node::createRendererIfNeeded chrome.dll!WebCore::Element::attach chrome.dll!WebCore::HTMLConstructionSite::attach<...> chrome.dll!WebCore::HTMLConstructionSite::insertHTMLElement chrome.dll!WebCore::HTMLTreeBuilder::processStartTagForInBody chrome.dll!WebCore::HTMLTreeBuilder::processStartTag chrome.dll!WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken chrome.dll!WebCore::HTMLTreeBuilder::constructTreeFromToken chrome.dll!WebCore::HTMLDocumentParser::pumpTokenizer chrome.dll!WebCore::HTMLDocumentParser::append chrome.dll!WebCore::DecodedDataDocumentParser::appendBytes chrome.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource chrome.dll!WebCore::FrameLoader::finishedLoading chrome.dll!WebCore::MainResourceLoader::didFinishLoading chrome.dll!WebCore::ResourceLoader::didFinishLoading chrome.dll!WebCore::ResourceHandleInternal::didFinishLoading ...
I am not able to reproduce this crash using attached test case, is it something required to run in "Debug" mode? Chrome bug from the URL field was also tagged as "RESOLVED WONTFIX" since it was not reproducible in Chrome 51. Appreciate if someone can mark this bug accordingly. Thanks!
(In reply to Ahmad Saleem from comment #1) > I am not able to reproduce this crash using attached test case, is it > something required to run in "Debug" mode? > > Chrome bug from the URL field was also tagged as "RESOLVED WONTFIX" since it > was not reproducible in Chrome 51. > > Appreciate if someone can mark this bug accordingly. Thanks! On Safari 15.6 & Safari Technology Preview 151