Bug 9862 - REGRESSION: GMail: Crash in RenderView::repaintViewRectangle when spoofing as FF
: REGRESSION: GMail: Crash in RenderView::repaintViewRectangle when spoofing as FF
Status: RESOLVED FIXED
: WebKit
Layout and Rendering
: 420+
: Macintosh Mac OS X 10.4
: P1 Normal
Assigned To:
:
: GoogleBug, InRadar, NeedsReduction, R...
:
: 9638
  Show dependency treegraph
 
Reported: 2006-07-11 15:37 PST by
Modified: 2006-07-12 21:46 PST (History)


Attachments
Test case (163 bytes, text/html)
2006-07-11 23:21 PST, mitz@webkit.org
no flags Details
Better test case - just click to crash (185 bytes, text/html)
2006-07-11 23:25 PST, mitz@webkit.org
no flags Details
Add missing null check (4.00 KB, patch)
2006-07-11 23:57 PST, mitz@webkit.org
adele: review+
Review Patch | Details | Formatted Diff | Diff


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2006-07-11 15:37:21 PST
Spoof as FF
Goto: http://gmail.google.com/
Login
Crash:

#0    0x01f8eb4c in WebCore::RenderView::repaintViewRectangle at RenderView.cpp:226
#1    0x01fb90bc in WebCore::RenderObject::repaint at RenderObject.cpp:1676
#2    0x01fa9318 in WebCore::RenderLayer::updateLayerPositions at RenderLayer.cpp:181
#3    0x01ec6288 in WebCore::FrameView::layout at FrameView.cpp:484
#4    0x01ec654c in WebCore::FrameView::layoutTimerFired at FrameView.cpp:1168
#5    0x0226f208 in WebCore::Timer<WebCore::FrameView>::fired at Timer.h:94
#6    0x0205811c in WebCore::TimerBase::fireTimers at Timer.cpp:335
#7    0x020581e8 in WebCore::TimerBase::sharedTimerFired at Timer.cpp:352
#8    0x02057594 in WebCore::timerFired at SharedTimerMac.cpp:46

Blocks progress on 9638 since you have to spoof as FF to enable GMail's RT Editor.
------- Comment #1 From 2006-07-11 17:08:22 PST -------
Regressed somewhere between 15197 and 15227.
------- Comment #2 From 2006-07-11 19:24:26 PST -------
<rdar://problem/4622407>

also at www.liberation.fr without spoofing
------- Comment #3 From 2006-07-11 22:48:52 PST -------
I got a similar crash twice when I tried to close the big Flash ad at http://www.ynet.co.il/
------- Comment #4 From 2006-07-11 23:21:25 PST -------
Created an attachment (id=9387) [details]
Test case

This test case triggers the same crash, which happens when you attempt to paint the contents of an IFRAME with display:none. Click the button then go ahead and print (or click Preview in the print dialog).
------- Comment #5 From 2006-07-11 23:25:01 PST -------
Created an attachment (id=9388) [details]
Better test case - just click to crash
------- Comment #6 From 2006-07-11 23:57:22 PST -------
Created an attachment (id=9389) [details]
Add missing null check
------- Comment #7 From 2006-07-12 21:46:32 PST -------
Committed revision 15402.