WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED WORKSFORME
66208
Crash in WebKit!WebCore::RenderLayer::scrollTo+0x2ed
https://bugs.webkit.org/show_bug.cgi?id=66208
Summary
Crash in WebKit!WebCore::RenderLayer::scrollTo+0x2ed
Mario Gomes
Reported
2011-08-14 14:50:57 PDT
Repro.html =========================================================== <html> <body> <style type="text/css"> div:first-letter{ float: left; overflow: -webkit-marquee;} </style> <div id="text">A =========================================================== Stacktrace =========================================================== (69c.a20): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=00000000 ecx=0012f308 edx=00000004 esi=7fed5b90 edi=00000000 eip=10252a9d esp=0012f308 ebp=0012f37c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 WebKit!WebCore::RenderLayer::scrollTo+0x2ed: 10252a9d 8b4314 mov eax,dword ptr [ebx+14h] ds:0023:00000014=???????? 1:006> .exr -1 ExceptionAddress: 10252a9d (WebKit!WebCore::RenderLayer::scrollTo+0x000002ed) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 00000014 Attempt to read from address 00000014 1:006> .lastevent Last event: 69c.a20: Access violation - code c0000005 (first chance) debugger time: Sun Aug 14 18:28:55.406 2011 (UTC - 3:00) 1:006> kp ChildEBP RetAddr 0012f37c 10253901 WebKit!WebCore::RenderLayer::scrollTo(int x = 0n-11, int y = 0n0)+0x2ed [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387] 0012f38c 1041ba52 WebKit!WebCore::RenderLayer::setScrollOffset(class WebCore::IntPoint * offset = 0x105cc373)+0x11 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1642] 0012f3c8 105cc600 WebKit!WebCore::ScrollableArea::setScrollOffsetFromAnimation(class WebCore::IntPoint * offset = 0x0012f308)+0x12 [c:\bwa\webcore-7534.50\srcroot\platform\scrollablearea.cpp @ 142] 0012f3e0 105cc373 WebKit!WebCore::ScrollAnimator::notityPositionChanged(void)+0x30 [c:\bwa\webcore-7534.50\srcroot\platform\scrollanimator.cpp @ 130] 0012f3e4 1025279b WebKit!WebCore::ScrollAnimator::scrollToOffsetWithoutAnimation(class WebCore::FloatPoint * offset = 0x10250b87)+0x33 [c:\bwa\webcore-7534.50\srcroot\platform\scrollanimator.cpp @ 82] 0012f3f8 10265c52 WebKit!WebCore::RenderLayer::scrollToOffset(int x = 0n270863239, int y = 0n2143549408)+0x5b [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1295] 0012f418 10265d38 WebKit!WebCore::RenderMarquee::start(void)+0x92 [c:\bwa\webcore-7534.50\srcroot\rendering\rendermarquee.cpp @ 175] 0012f430 10250b87 WebKit!WebCore::RenderMarquee::updateMarqueePosition(void)+0x78 [c:\bwa\webcore-7534.50\srcroot\rendering\rendermarquee.cpp @ 211] 0012f480 10250b53 WebKit!WebCore::RenderLayer::updateLayerPositions(unsigned int flags = 6, class WebCore::IntPoint * cachedOffset = 0x0012f570)+0x2c7 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 366] 0012f4d8 10250b53 WebKit!WebCore::RenderLayer::updateLayerPositions(unsigned int flags = 6, class WebCore::IntPoint * cachedOffset = 0x0012f570)+0x293 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 355] 0012f530 101f02d8 WebKit!WebCore::RenderLayer::updateLayerPositions(unsigned int flags = 6, class WebCore::IntPoint * cachedOffset = 0x0012f570)+0x293 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 355] 0012f5bc 101f175d WebKit!WebCore::FrameView::layout(bool allowSubtree = true)+0x798 [c:\bwa\webcore-7534.50\srcroot\page\frameview.cpp @ 1023] 0012f5d0 10201ff1 WebKit!WebCore::FrameView::visibleContentsResized(void)+0x2d [c:\bwa\webcore-7534.50\srcroot\page\frameview.cpp @ 1603] 0012f624 102018f0 WebKit!WebCore::ScrollView::updateScrollbars(class WebCore::IntSize * desiredOffset = 0x00000003)+0x231 [c:\bwa\webcore-7534.50\srcroot\platform\scrollview.cpp @ 521] 0012f654 101ef350 WebKit!WebCore::ScrollView::setContentsSize(class WebCore::IntSize * newSize = 0x0012f690)+0x70 [c:\bwa\webcore-7534.50\srcroot\platform\scrollview.cpp @ 303] 0012f67c 101ef44c WebKit!WebCore::FrameView::setContentsSize(class WebCore::IntSize * size = 0x0012f690)+0x40 [c:\bwa\webcore-7534.50\srcroot\page\frameview.cpp @ 486] 0012f6b8 101f0283 WebKit!WebCore::FrameView::adjustViewSize(void)+0xac [c:\bwa\webcore-7534.50\srcroot\page\frameview.cpp @ 512] 0012f734 1015c907 WebKit!WebCore::FrameView::layout(bool allowSubtree = true)+0x743 [c:\bwa\webcore-7534.50\srcroot\page\frameview.cpp @ 1014] 00000000 00000000 WebKit!WebCore::Document::implicitClose(void)+0x2c7 [c:\bwa\webcore-7534.50\srcroot\dom\document.cpp @ 2178] 1:006> dv /v 0012f384 this = 0x7fc3f7e0 0012f388 x = 0n-11 0012f38c y = 0n0 0012f32c rectForRepaint = class WebCore::IntRect 0012f328 frame = 0x00000008 0012f320 view = 0x00000000 0012f324 repaintContainer = 0x7fed5700 0012f320 maxX = 0n0 0012f35c quadForFakeMouseMoveEvent = class WebCore::FloatQuad 1:006> dt this Local var @ 0x12f384 Type WebCore::RenderLayer* 0x7fc3f7e0 +0x000 __VFN_table : 0x1075d2c8 +0x004 m_scrollAnimator : WTF::OwnPtr<WebCore::ScrollAnimator> +0x008 m_constrainsScrollingToContentEdge : 0 +0x009 m_inLiveResize : 0 +0x00c m_verticalScrollElasticity : 1 ( ScrollElasticityNone ) +0x010 m_horizontalScrollElasticity : 1 ( ScrollElasticityNone ) +0x014 m_scrollOrigin : WebCore::IntPoint +0x01c m_renderer : 0x7fc3f764 WebCore::RenderBoxModelObject +0x020 m_parent : 0x7fc3f548 WebCore::RenderLayer +0x024 m_previous : (null) +0x028 m_next : (null) +0x02c m_first : (null) +0x030 m_last : (null) +0x034 m_repaintRect : WebCore::IntRect +0x044 m_outlineBox : WebCore::IntRect +0x054 m_relativeOffset : WebCore::IntSize +0x05c m_topLeft : WebCore::IntPoint +0x064 m_layerSize : WebCore::IntSize +0x06c m_scrollOffset : WebCore::IntSize +0x074 m_scrollOverflow : WebCore::IntSize +0x07c m_scrollSize : WebCore::IntSize +0x084 m_hBar : WTF::RefPtr<WebCore::Scrollbar> +0x088 m_vBar : WTF::RefPtr<WebCore::Scrollbar> +0x08c m_inResizeMode : 0 +0x090 m_posZOrderList : (null) +0x094 m_negZOrderList : (null) +0x098 m_normalFlowList : (null) +0x09c m_clipRects : (null) +0x0a0 m_scrollDimensionsDirty : 0y0 +0x0a0 m_zOrderListsDirty : 0y1 +0x0a0 m_normalFlowListDirty : 0y1 +0x0a0 m_isNormalFlowOnly : 0y1 +0x0a0 m_usedTransparency : 0y0 +0x0a0 m_paintingInsideReflection : 0y0 +0x0a0 m_inOverflowRelayout : 0y0 +0x0a0 m_needsFullRepaint : 0y0 +0x0a1 m_overflowStatusDirty : 0y1 +0x0a1 m_horizontalOverflow : 0y0 +0x0a1 m_verticalOverflow : 0y0 +0x0a1 m_visibleContentStatusDirty : 0y0 +0x0a1 m_hasVisibleContent : 0y1 +0x0a1 m_visibleDescendantStatusDirty : 0y0 +0x0a1 m_hasVisibleDescendant : 0y0 +0x0a1 m_isPaginated : 0y0 +0x0a2 m_3DTransformedDescendantStatusDirty : 0y1 +0x0a2 m_has3DTransformedDescendant : 0y0 +0x0a2 m_hasCompositingDescendant : 0y0 +0x0a2 m_mustOverlapCompositedLayers : 0y0 +0x0a2 m_containsDirtyOverlayScrollbars : 0y0 +0x0a4 m_cachedOverlayScrollbarOffset : WebCore::IntPoint +0x0ac m_marquee : 0x7fca9600 WebCore::RenderMarquee +0x0b0 m_staticInlinePosition : 0n0 +0x0b4 m_staticBlockPosition : 0n0 +0x0b8 m_transform : WTF::OwnPtr<WebCore::TransformationMatrix> +0x0bc m_reflection : (null) +0x0c0 m_scrollCorner : (null) +0x0c4 m_resizer : (null) +0x0c8 m_blockSelectionGapsBounds : WebCore::IntRect +0x0d8 m_backing : WTF::OwnPtr<WebCore::RenderLayerBacking> +0x0dc m_scrollableAreaPage : (null) 1:006> R eax=00000000 ebx=00000000 ecx=0012f308 edx=00000004 esi=7fed5b90 edi=00000000 eip=10252a9d esp=0012f308 ebp=0012f37c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246 WebKit!WebCore::RenderLayer::scrollTo+0x2ed: 10252a9d 8b4314 mov eax,dword ptr [ebx+14h] ds:0023:00000014=???????? 1:006> u WebKit!WebCore::RenderLayer::scrollTo+0x2ed [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 10252a9d 8b4314 mov eax,dword ptr [ebx+14h] 10252aa0 8b80b4070000 mov eax,dword ptr [eax+7B4h] 10252aa6 50 push eax 10252aa7 e804a8f1ff call WebKit!WebCore::EventQueue::enqueueOrDispatchScrollEvent (1016d2b0) 10252aac 5f pop edi 10252aad 5e pop esi 10252aae 5b pop ebx 10252aaf 8be5 mov esp,ebp 1:006> uf WebKit!WebCore::RenderLayer::scrollTo WebKit!WebCore::RenderLayer::scrollTo [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1298]: 1298 102527b0 55 push ebp 1298 102527b1 8bec mov ebp,esp 1298 102527b3 83e4f8 and esp,0FFFFFFF8h 1298 102527b6 83ec5c sub esp,5Ch 1298 102527b9 53 push ebx 1298 102527ba 8b5d08 mov ebx,dword ptr [ebp+8] 1298 102527bd 56 push esi 1298 102527be 57 push edi 1299 102527bf 8b7b1c mov edi,dword ptr [ebx+1Ch] 1299 102527c2 33c9 xor ecx,ecx 1299 102527c4 3bf9 cmp edi,ecx 1299 102527c6 7406 je WebKit!WebCore::RenderLayer::scrollTo+0x1e (102527ce) WebKit!WebCore::RenderLayer::scrollTo+0x18 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1299]: 1299 102527c8 f6471910 test byte ptr [edi+19h],10h 1299 102527cc 7502 jne WebKit!WebCore::RenderLayer::scrollTo+0x20 (102527d0) WebKit!WebCore::RenderLayer::scrollTo+0x1e [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1299]: 1299 102527ce 33ff xor edi,edi WebKit!WebCore::RenderLayer::scrollTo+0x20 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1300]: 1300 102527d0 3bf9 cmp edi,ecx 1300 102527d2 0f84d4020000 je WebKit!WebCore::RenderLayer::scrollTo+0x2fc (10252aac) WebKit!WebCore::RenderLayer::scrollTo+0x28 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1303]: 1303 102527d8 8b4704 mov eax,dword ptr [edi+4] 1303 102527db 8b4040 mov eax,dword ptr [eax+40h] 1303 102527de 25001c0000 and eax,1C00h 1303 102527e3 3d00140000 cmp eax,1400h 1303 102527e8 0f84b4000000 je WebKit!WebCore::RenderLayer::scrollTo+0xf2 (102528a2) WebKit!WebCore::RenderLayer::scrollTo+0x3e [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1304]: 1304 102527ee 394d0c cmp dword ptr [ebp+0Ch],ecx 1304 102527f1 7d03 jge WebKit!WebCore::RenderLayer::scrollTo+0x46 (102527f6) WebKit!WebCore::RenderLayer::scrollTo+0x43 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1305]: 1305 102527f3 894d0c mov dword ptr [ebp+0Ch],ecx WebKit!WebCore::RenderLayer::scrollTo+0x46 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1306]: 1306 102527f6 394d10 cmp dword ptr [ebp+10h],ecx 1306 102527f9 7d03 jge WebKit!WebCore::RenderLayer::scrollTo+0x4e (102527fe) WebKit!WebCore::RenderLayer::scrollTo+0x4b [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1307]: 1307 102527fb 894d10 mov dword ptr [ebp+10h],ecx WebKit!WebCore::RenderLayer::scrollTo+0x4e [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1311]: 1311 102527fe f683a000000001 test byte ptr [ebx+0A0h],1 1311 10252805 7409 je WebKit!WebCore::RenderLayer::scrollTo+0x60 (10252810) WebKit!WebCore::RenderLayer::scrollTo+0x57 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1311]: 1311 10252807 51 push ecx 1311 10252808 51 push ecx 1311 10252809 8bc3 mov eax,ebx 1311 1025280b e840270000 call WebKit!WebCore::RenderLayer::computeScrollDimensions (10254f50) WebKit!WebCore::RenderLayer::scrollTo+0x60 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1311]: 1311 10252810 8b4b7c mov ecx,dword ptr [ebx+7Ch] 1311 10252813 8bf7 mov esi,edi 1311 10252815 894c240c mov dword ptr [esp+0Ch],ecx 1311 10252819 e822e9fdff call WebKit!WebCore::RenderBox::clientWidth (10231140) 1311 1025281e 8b4c240c mov ecx,dword ptr [esp+0Ch] 1311 10252822 2bc8 sub ecx,eax 1311 10252824 894c240c mov dword ptr [esp+0Ch],ecx 1312 10252828 7908 jns WebKit!WebCore::RenderLayer::scrollTo+0x82 (10252832) WebKit!WebCore::RenderLayer::scrollTo+0x7a [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1313]: 1313 1025282a c744240c00000000 mov dword ptr [esp+0Ch],0 WebKit!WebCore::RenderLayer::scrollTo+0x82 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1314]: 1314 10252832 f683a000000001 test byte ptr [ebx+0A0h],1 1314 10252839 740b je WebKit!WebCore::RenderLayer::scrollTo+0x96 (10252846) WebKit!WebCore::RenderLayer::scrollTo+0x8b [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1314]: 1314 1025283b 6a00 push 0 1314 1025283d 6a00 push 0 1314 1025283f 8bc3 mov eax,ebx 1314 10252841 e80a270000 call WebKit!WebCore::RenderLayer::computeScrollDimensions (10254f50) WebKit!WebCore::RenderLayer::scrollTo+0x96 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1314]: 1314 10252846 8b9380000000 mov edx,dword ptr [ebx+80h] 1314 1025284c 8b4734 mov eax,dword ptr [edi+34h] 1314 1025284f 89542414 mov dword ptr [esp+14h],edx 1314 10252853 8b17 mov edx,dword ptr [edi] 1314 10252855 89442410 mov dword ptr [esp+10h],eax 1314 10252859 8b8264020000 mov eax,dword ptr [edx+264h] 1314 1025285f 8bcf mov ecx,edi 1314 10252861 ffd0 call eax 1314 10252863 8b17 mov edx,dword ptr [edi] 1314 10252865 8bf0 mov esi,eax 1314 10252867 8b8260020000 mov eax,dword ptr [edx+260h] 1314 1025286d 8bcf mov ecx,edi 1314 1025286f ffd0 call eax 1314 10252871 03f0 add esi,eax 1314 10252873 e898f0fdff call WebKit!WebCore::RenderBox::horizontalScrollbarHeight (10231910) 1314 10252878 2b742410 sub esi,dword ptr [esp+10h] 1314 1025287c 03442414 add eax,dword ptr [esp+14h] 1314 10252880 03f0 add esi,eax 1315 10252882 7902 jns WebKit!WebCore::RenderLayer::scrollTo+0xd6 (10252886) WebKit!WebCore::RenderLayer::scrollTo+0xd4 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1316]: 1316 10252884 33f6 xor esi,esi WebKit!WebCore::RenderLayer::scrollTo+0xd6 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1318]: 1318 10252886 8b450c mov eax,dword ptr [ebp+0Ch] 1318 10252889 8b4c240c mov ecx,dword ptr [esp+0Ch] 1318 1025288d 3bc1 cmp eax,ecx 1318 1025288f 7e05 jle WebKit!WebCore::RenderLayer::scrollTo+0xe6 (10252896) WebKit!WebCore::RenderLayer::scrollTo+0xe1 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1319]: 1319 10252891 894d0c mov dword ptr [ebp+0Ch],ecx 1319 10252894 8bc1 mov eax,ecx WebKit!WebCore::RenderLayer::scrollTo+0xe6 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1320]: 1320 10252896 8b4d10 mov ecx,dword ptr [ebp+10h] 1320 10252899 3bce cmp ecx,esi 1320 1025289b 7e0b jle WebKit!WebCore::RenderLayer::scrollTo+0xf8 (102528a8) WebKit!WebCore::RenderLayer::scrollTo+0xed [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1321]: 1321 1025289d 897510 mov dword ptr [ebp+10h],esi 1321 102528a0 eb03 jmp WebKit!WebCore::RenderLayer::scrollTo+0xf5 (102528a5) WebKit!WebCore::RenderLayer::scrollTo+0xf2 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1321]: 1321 102528a2 8b450c mov eax,dword ptr [ebp+0Ch] WebKit!WebCore::RenderLayer::scrollTo+0xf5 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1321]: 1321 102528a5 8b4d10 mov ecx,dword ptr [ebp+10h] WebKit!WebCore::RenderLayer::scrollTo+0xf8 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1329]: 1329 102528a8 8b5318 mov edx,dword ptr [ebx+18h] 1329 102528ab 2b4314 sub eax,dword ptr [ebx+14h] 1329 102528ae 2bca sub ecx,edx 1330 102528b0 39436c cmp dword ptr [ebx+6Ch],eax 1330 102528b3 7509 jne WebKit!WebCore::RenderLayer::scrollTo+0x10e (102528be) WebKit!WebCore::RenderLayer::scrollTo+0x105 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1330]: 1330 102528b5 394b70 cmp dword ptr [ebx+70h],ecx 1330 102528b8 0f84ee010000 je WebKit!WebCore::RenderLayer::scrollTo+0x2fc (10252aac) WebKit!WebCore::RenderLayer::scrollTo+0x10e [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1336]: 1336 102528be 8b732c mov esi,dword ptr [ebx+2Ch] 1336 102528c1 85f6 test esi,esi 1336 102528c3 89436c mov dword ptr [ebx+6Ch],eax 1336 102528c6 894b70 mov dword ptr [ebx+70h],ecx 1336 102528c9 7412 je WebKit!WebCore::RenderLayer::scrollTo+0x12d (102528dd) WebKit!WebCore::RenderLayer::scrollTo+0x11b [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1337]: 1337 102528cb 6a00 push 0 1337 102528cd 6a00 push 0 1337 102528cf 8bce mov ecx,esi 1337 102528d1 e8eadfffff call WebKit!WebCore::RenderLayer::updateLayerPositions (102508c0) 1337 102528d6 8b7628 mov esi,dword ptr [esi+28h] 1337 102528d9 85f6 test esi,esi 1337 102528db 75ee jne WebKit!WebCore::RenderLayer::scrollTo+0x11b (102528cb) WebKit!WebCore::RenderLayer::scrollTo+0x12d [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1339]: 1339 102528dd 8b431c mov eax,dword ptr [ebx+1Ch] 1339 102528e0 8b4808 mov ecx,dword ptr [eax+8] 1339 102528e3 8b4114 mov eax,dword ptr [ecx+14h] 1339 102528e6 8b4020 mov eax,dword ptr [eax+20h] 1343 102528e9 85c0 test eax,eax 1343 102528eb 8944240c mov dword ptr [esp+0Ch],eax 1343 102528ef 7406 je WebKit!WebCore::RenderLayer::scrollTo+0x147 (102528f7) WebKit!WebCore::RenderLayer::scrollTo+0x141 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1350]: 1350 102528f1 50 push eax 1350 102528f2 e8c9020400 call WebKit!WebCore::RenderView::updateWidgetPositions (10292bc0) WebKit!WebCore::RenderLayer::scrollTo+0x147 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1354]: 1354 102528f7 8b431c mov eax,dword ptr [ebx+1Ch] 1354 102528fa 8b5008 mov edx,dword ptr [eax+8] 1354 102528fd 8b4214 mov eax,dword ptr [edx+14h] 1354 10252900 8b4820 mov ecx,dword ptr [eax+20h] 1354 10252903 e838070400 call WebKit!WebCore::RenderView::compositor (10293040) 1354 10252908 8a4044 mov al,byte ptr [eax+44h] 1354 1025290b 84c0 test al,al 1354 1025290d 0f849c000000 je WebKit!WebCore::RenderLayer::scrollTo+0x1ff (102529af) WebKit!WebCore::RenderLayer::scrollTo+0x163 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252913 8bc3 mov eax,ebx 1357 10252915 e806f1ffff call WebKit!WebCore::RenderLayer::stackingContext (10251a20) 1357 1025291a 83b8d800000000 cmp dword ptr [eax+0D8h],0 1357 10252921 753f jne WebKit!WebCore::RenderLayer::scrollTo+0x1b2 (10252962) WebKit!WebCore::RenderLayer::scrollTo+0x173 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252923 f680a000000008 test byte ptr [eax+0A0h],8 1357 1025292a 7405 je WebKit!WebCore::RenderLayer::scrollTo+0x181 (10252931) WebKit!WebCore::RenderLayer::scrollTo+0x17c [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 1025292c 8b4020 mov eax,dword ptr [eax+20h] 1357 1025292f eb05 jmp WebKit!WebCore::RenderLayer::scrollTo+0x186 (10252936) WebKit!WebCore::RenderLayer::scrollTo+0x181 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252931 e8eaf0ffff call WebKit!WebCore::RenderLayer::stackingContext (10251a20) WebKit!WebCore::RenderLayer::scrollTo+0x186 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252936 85c0 test eax,eax 1357 10252938 7475 je WebKit!WebCore::RenderLayer::scrollTo+0x1ff (102529af) WebKit!WebCore::RenderLayer::scrollTo+0x18a [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 1025293a 8d9b00000000 lea ebx,[ebx] WebKit!WebCore::RenderLayer::scrollTo+0x190 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252940 83b8d800000000 cmp dword ptr [eax+0D8h],0 1357 10252947 7519 jne WebKit!WebCore::RenderLayer::scrollTo+0x1b2 (10252962) WebKit!WebCore::RenderLayer::scrollTo+0x199 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252949 f680a000000008 test byte ptr [eax+0A0h],8 1357 10252950 7405 je WebKit!WebCore::RenderLayer::scrollTo+0x1a7 (10252957) WebKit!WebCore::RenderLayer::scrollTo+0x1a2 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252952 8b4020 mov eax,dword ptr [eax+20h] 1357 10252955 eb05 jmp WebKit!WebCore::RenderLayer::scrollTo+0x1ac (1025295c) WebKit!WebCore::RenderLayer::scrollTo+0x1a7 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252957 e8c4f0ffff call WebKit!WebCore::RenderLayer::stackingContext (10251a20) WebKit!WebCore::RenderLayer::scrollTo+0x1ac [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 1025295c 85c0 test eax,eax 1357 1025295e 75e0 jne WebKit!WebCore::RenderLayer::scrollTo+0x190 (10252940) WebKit!WebCore::RenderLayer::scrollTo+0x1b0 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252960 eb4d jmp WebKit!WebCore::RenderLayer::scrollTo+0x1ff (102529af) WebKit!WebCore::RenderLayer::scrollTo+0x1b2 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1357]: 1357 10252962 8bf0 mov esi,eax 1357 10252964 85f6 test esi,esi 1357 10252966 7447 je WebKit!WebCore::RenderLayer::scrollTo+0x1ff (102529af) WebKit!WebCore::RenderLayer::scrollTo+0x1b8 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1358]: 1358 10252968 8b431c mov eax,dword ptr [ebx+1Ch] 1358 1025296b 8b4008 mov eax,dword ptr [eax+8] 1358 1025296e 8b4014 mov eax,dword ptr [eax+14h] 1358 10252971 8b4820 mov ecx,dword ptr [eax+20h] 1358 10252974 e8c7060400 call WebKit!WebCore::RenderView::compositor (10293040) 1358 10252979 80784200 cmp byte ptr [eax+42h],0 1358 1025297d 741f je WebKit!WebCore::RenderLayer::scrollTo+0x1ee (1025299e) WebKit!WebCore::RenderLayer::scrollTo+0x1cf [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1359]: 1359 1025297f 8b431c mov eax,dword ptr [ebx+1Ch] 1359 10252982 8b4808 mov ecx,dword ptr [eax+8] 1359 10252985 8b4114 mov eax,dword ptr [ecx+14h] 1359 10252988 8b4020 mov eax,dword ptr [eax+20h] 1359 1025298b 56 push esi 1359 1025298c 6a02 push 2 1359 1025298e 8bc8 mov ecx,eax 1359 10252990 e8ab060400 call WebKit!WebCore::RenderView::compositor (10293040) 1359 10252995 8bc8 mov ecx,eax 1359 10252997 e894910000 call WebKit!WebCore::RenderLayerCompositor::updateCompositingLayers (1025bb30) 1360 1025299c eb11 jmp WebKit!WebCore::RenderLayer::scrollTo+0x1ff (102529af) WebKit!WebCore::RenderLayer::scrollTo+0x1ee [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1362]: 1362 1025299e 8bb6d8000000 mov esi,dword ptr [esi+0D8h] 1362 102529a4 6a01 push 1 1362 102529a6 6a01 push 1 1362 102529a8 8bfe mov edi,esi 1362 102529aa e871193500 call WebKit!WebCore::RenderLayerBacking::updateAfterLayout (105a4320) WebKit!WebCore::RenderLayer::scrollTo+0x1ff [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1368]: 1368 102529af 8b4b1c mov ecx,dword ptr [ebx+1Ch] 1368 102529b2 e849880100 call WebKit!WebCore::RenderObject::containerForRepaint (1026b200) 1369 102529b7 8b4b1c mov ecx,dword ptr [ebx+1Ch] 1369 102529ba 8b11 mov edx,dword ptr [ecx] 1369 102529bc 8b92b0010000 mov edx,dword ptr [edx+1B0h] 1369 102529c2 8bf8 mov edi,eax 1369 102529c4 57 push edi 1369 102529c5 8d44241c lea eax,[esp+1Ch] 1369 102529c9 50 push eax 1369 102529ca 897c2418 mov dword ptr [esp+18h],edi 1369 102529ce ffd2 call edx 1371 102529d0 8b431c mov eax,dword ptr [ebx+1Ch] 1371 102529d3 8b4008 mov eax,dword ptr [eax+8] 1371 102529d6 8b4014 mov eax,dword ptr [eax+14h] 1371 102529d9 8bb0f0000000 mov esi,dword ptr [eax+0F0h] 1372 102529df 85f6 test esi,esi 1372 102529e1 89742414 mov dword ptr [esp+14h],esi 1372 102529e5 7471 je WebKit!WebCore::RenderLayer::scrollTo+0x2a8 (10252a58) WebKit!WebCore::RenderLayer::scrollTo+0x237 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1374]: 1374 102529e7 c686d803000001 mov byte ptr [esi+3D8h],1 1376 102529ee db442418 fild dword ptr [esp+18h] 1376 102529f2 8d4c2428 lea ecx,[esp+28h] 1376 102529f6 8d442448 lea eax,[esp+48h] 1376 102529fa d95c2428 fstp dword ptr [esp+28h] 1376 102529fe db44241c fild dword ptr [esp+1Ch] 1376 10252a02 d95c242c fstp dword ptr [esp+2Ch] 1376 10252a06 db442420 fild dword ptr [esp+20h] 1376 10252a0a d95c2430 fstp dword ptr [esp+30h] 1376 10252a0e db442424 fild dword ptr [esp+24h] 1376 10252a12 d95c2434 fstp dword ptr [esp+34h] 1376 10252a16 e8156aeaff call WebKit!WebCore::FloatQuad::FloatQuad (100f9430) 1377 10252a1b 85ff test edi,edi 1377 10252a1d 7428 je WebKit!WebCore::RenderLayer::scrollTo+0x297 (10252a47) WebKit!WebCore::RenderLayer::scrollTo+0x26f [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1378]: 1378 10252a1f 6a00 push 0 1378 10252a21 8d4c242c lea ecx,[esp+2Ch] 1378 10252a25 51 push ecx 1378 10252a26 57 push edi 1378 10252a27 8d442454 lea eax,[esp+54h] 1378 10252a2b e8b0a20100 call WebKit!WebCore::RenderObject::localToContainerQuad (1026cce0) 1378 10252a30 b908000000 mov ecx,8 1378 10252a35 8d742428 lea esi,[esp+28h] 1378 10252a39 8d7c2448 lea edi,[esp+48h] 1378 10252a3d f3a5 rep movs dword ptr es:[edi],dword ptr [esi] 1378 10252a3f 8b742414 mov esi,dword ptr [esp+14h] 1378 10252a43 8b7c2410 mov edi,dword ptr [esp+10h] WebKit!WebCore::RenderLayer::scrollTo+0x297 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1379]: 1379 10252a47 8d542448 lea edx,[esp+48h] 1379 10252a4b 52 push edx 1379 10252a4c 81c690040000 add esi,490h 1379 10252a52 56 push esi 1379 10252a53 e8485d1c00 call WebKit!WebCore::EventHandler::dispatchFakeMouseMoveEventSoonInQuad (104187a0) WebKit!WebCore::RenderLayer::scrollTo+0x2a8 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1383]: 1383 10252a58 837c240c00 cmp dword ptr [esp+0Ch],0 1383 10252a5d 740f je WebKit!WebCore::RenderLayer::scrollTo+0x2be (10252a6e) WebKit!WebCore::RenderLayer::scrollTo+0x2af [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1384]: 1384 10252a5f 8b431c mov eax,dword ptr [ebx+1Ch] 1384 10252a62 6a00 push 0 1384 10252a64 57 push edi 1384 10252a65 8d4c2420 lea ecx,[esp+20h] 1384 10252a69 e802880100 call WebKit!WebCore::RenderObject::repaintUsingContainer (1026b270) WebKit!WebCore::RenderLayer::scrollTo+0x2be [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 1387 10252a6e 8b431c mov eax,dword ptr [ebx+1Ch] 1387 10252a71 b204 mov dl,4 1387 10252a73 845019 test byte ptr [eax+19h],dl 1387 10252a76 7404 je WebKit!WebCore::RenderLayer::scrollTo+0x2cc (10252a7c) WebKit!WebCore::RenderLayer::scrollTo+0x2c8 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 1387 10252a78 33c0 xor eax,eax 1387 10252a7a eb03 jmp WebKit!WebCore::RenderLayer::scrollTo+0x2cf (10252a7f) WebKit!WebCore::RenderLayer::scrollTo+0x2cc [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 1387 10252a7c 8b4008 mov eax,dword ptr [eax+8] WebKit!WebCore::RenderLayer::scrollTo+0x2cf [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 1387 10252a7f 85c0 test eax,eax 1387 10252a81 6a01 push 1 1387 10252a83 51 push ecx 1387 10252a84 8bcc mov ecx,esp 1387 10252a86 8901 mov dword ptr [ecx],eax 1387 10252a88 7404 je WebKit!WebCore::RenderLayer::scrollTo+0x2de (10252a8e) WebKit!WebCore::RenderLayer::scrollTo+0x2da [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 1387 10252a8a 83400801 add dword ptr [eax+8],1 WebKit!WebCore::RenderLayer::scrollTo+0x2de [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 1387 10252a8e 8b5b1c mov ebx,dword ptr [ebx+1Ch] 1387 10252a91 845319 test byte ptr [ebx+19h],dl 1387 10252a94 7404 je WebKit!WebCore::RenderLayer::scrollTo+0x2ea (10252a9a) WebKit!WebCore::RenderLayer::scrollTo+0x2e6 [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 1387 10252a96 33db xor ebx,ebx 1387 10252a98 eb03 jmp WebKit!WebCore::RenderLayer::scrollTo+0x2ed (10252a9d) WebKit!WebCore::RenderLayer::scrollTo+0x2ea [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 1387 10252a9a 8b5b08 mov ebx,dword ptr [ebx+8] WebKit!WebCore::RenderLayer::scrollTo+0x2ed [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1387]: 1387 10252a9d 8b4314 mov eax,dword ptr [ebx+14h] 1387 10252aa0 8b80b4070000 mov eax,dword ptr [eax+7B4h] 1387 10252aa6 50 push eax 1387 10252aa7 e804a8f1ff call WebKit!WebCore::EventQueue::enqueueOrDispatchScrollEvent (1016d2b0) WebKit!WebCore::RenderLayer::scrollTo+0x2fc [c:\bwa\webcore-7534.50\srcroot\rendering\renderlayer.cpp @ 1388]: 1388 10252aac 5f pop edi 1388 10252aad 5e pop esi 1388 10252aae 5b pop ebx 1388 10252aaf 8be5 mov esp,ebp 1388 10252ab1 5d pop ebp 1388 10252ab2 c20c00 ret 0Ch
Attachments
Add attachment
proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1
2011-08-15 14:19:30 PDT
Are you seeing this with Safari 5.1? I can reproduce with Safari/WebKit 5.1 on Mac, but not with a current local build. Could you please try a nightly WebKit build from <
http://nightly.webkit.org
>?
Mario Gomes
Comment 2
2011-08-16 03:25:01 PDT
Yes, i'm running Safari 5.1. i tested in nightly and don't crash.
Alexey Proskuryakov
Comment 3
2011-08-16 08:36:41 PDT
Thank you for confirming this!
Mario Gomes
Comment 4
2012-03-08 14:40:41 PST
***
Bug 80333
has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 5
2012-03-08 14:46:04 PST
Does this need to be reopened now?
Mario Gomes
Comment 6
2012-03-08 14:48:08 PST
No, just closing the duplicate. (In reply to
comment #5
)
> Does this need to be reopened now?
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug