Bug 9862 - REGRESSION: GMail: Crash in RenderView::repaintViewRectangle when spoofing as FF
: REGRESSION: GMail: Crash in RenderView::repaintViewRectangle when spoofing as FF
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering
: 420+
: Macintosh Mac OS X 10.4
: P1 Normal
Assigned To: Nobody
: GoogleBug, InRadar, NeedsReduction, Regression
Depends on:
Blocks: 9638
  Show dependency treegraph
Reported: 2006-07-11 15:37 PDT by Justin Garcia
Modified: 2006-07-12 21:46 PDT (History)
1 user (show)

See Also:

Test case (163 bytes, text/html)
2006-07-11 23:21 PDT, mitz@webkit.org
no flags Details
Better test case - just click to crash (185 bytes, text/html)
2006-07-11 23:25 PDT, mitz@webkit.org
no flags Details
Add missing null check (4.00 KB, patch)
2006-07-11 23:57 PDT, mitz@webkit.org
adele: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Justin Garcia 2006-07-11 15:37:21 PDT
Spoof as FF
Goto: http://gmail.google.com/

#0	0x01f8eb4c in WebCore::RenderView::repaintViewRectangle at RenderView.cpp:226
#1	0x01fb90bc in WebCore::RenderObject::repaint at RenderObject.cpp:1676
#2	0x01fa9318 in WebCore::RenderLayer::updateLayerPositions at RenderLayer.cpp:181
#3	0x01ec6288 in WebCore::FrameView::layout at FrameView.cpp:484
#4	0x01ec654c in WebCore::FrameView::layoutTimerFired at FrameView.cpp:1168
#5	0x0226f208 in WebCore::Timer<WebCore::FrameView>::fired at Timer.h:94
#6	0x0205811c in WebCore::TimerBase::fireTimers at Timer.cpp:335
#7	0x020581e8 in WebCore::TimerBase::sharedTimerFired at Timer.cpp:352
#8	0x02057594 in WebCore::timerFired at SharedTimerMac.cpp:46

Blocks progress on 9638 since you have to spoof as FF to enable GMail's RT Editor.
Comment 1 Justin Garcia 2006-07-11 17:08:22 PDT
Regressed somewhere between 15197 and 15227.
Comment 2 Alice Liu 2006-07-11 19:24:26 PDT

also at www.liberation.fr without spoofing
Comment 3 mitz@webkit.org 2006-07-11 22:48:52 PDT
I got a similar crash twice when I tried to close the big Flash ad at http://www.ynet.co.il/
Comment 4 mitz@webkit.org 2006-07-11 23:21:25 PDT
Created attachment 9387 [details]
Test case

This test case triggers the same crash, which happens when you attempt to paint the contents of an IFRAME with display:none. Click the button then go ahead and print (or click Preview in the print dialog).
Comment 5 mitz@webkit.org 2006-07-11 23:25:01 PDT
Created attachment 9388 [details]
Better test case - just click to crash
Comment 6 mitz@webkit.org 2006-07-11 23:57:22 PDT
Created attachment 9389 [details]
Add missing null check
Comment 7 David Kilzer (:ddkilzer) 2006-07-12 21:46:32 PDT
Committed revision 15402.