[chromium-bugs] Issue 21743 in chromium: Renderer crash while browsing: http://www.privatemilitaryherald.com/2009/09/05/animal-house-the-real-story/

Sun, 13 Sep 2009 22:31:22 -0700 

Status: Untriaged
Owner: [email protected]
Labels: Type-Bug Pri-2 OS-All Area-Misc Size-Medium

New issue 21743 by [email protected]: Renderer crash while browsing:  
http://www.privatemilitaryherald.com/2009/09/05/animal-house-the-real-story/
http://code.google.com/p/chromium/issues/detail?id=21743

What steps will reproduce the problem?
1. Navigate chrome to:  
http://www.privatemilitaryherald.com/2009/09/05/animal-house-the-real-story/
2. Scroll down a few times

The renderer crashes during paint. The crash is in  
WebCore::RenderLayer::paintLayer due to the node->document is NULL. I could  
repro this on the top of the tree from this
morning.

Here's the call stack:
ChildEBP RetAddr
0012e020 01d9fb89 chrome_1c30000!WebCore::Node::document(void)+0x31  
[z:\code\chrome\src\third_party\webkit\webcore\dom\node.h @ 319]
0012e02c 0215bea1 chrome_1c30000!WebCore::RenderObject::document(void)+0x19  
[z:\code\chrome\src\third_party\webkit\webcore\rendering\renderobject.h @  
399]
0012e3c0 0215c833 chrome_1c30000!WebCore::RenderLayer::paintLayer(
                        class WebCore::RenderLayer * rootLayer = 0x08a7cb4c,
                        class WebCore::GraphicsContext * p = 0x0012ed30,
                        class WebCore::IntRect * paintDirtyRect = 0x0012ecd0,
                        WebCore::PaintRestriction paintRestriction = 
PaintRestrictionNone (0),
                        class WebCore::RenderObject * paintingRoot = 0x00000000,
                        class WTF::HashMap<WebCore::OverlapTestRequestClient  
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient  
*>,WTF::HashTraits<WebCore::IntRect> > * overlapTestRequests = 0x0012eb8c,
                        unsigned int paintFlags = 0)+0x31  
[z:\code\chrome\src\third_party\webkit\webcore\rendering\renderlayer.cpp @  
2104]
0012e770 0215c833 chrome_1c30000!WebCore::RenderLayer::paintLayer(
                        class WebCore::RenderLayer * rootLayer = 0x08a7cb4c,
                        class WebCore::GraphicsContext * p = 0x0012ed30,
                        class WebCore::IntRect * paintDirtyRect = 0x0012ecd0,
                        WebCore::PaintRestriction paintRestriction = 
PaintRestrictionNone (0),
                        class WebCore::RenderObject * paintingRoot = 0x00000000,
                        class WTF::HashMap<WebCore::OverlapTestRequestClient  
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient  
*>,WTF::HashTraits<WebCore::IntRect> > * overlapTestRequests = 0x0012eb8c,
                        unsigned int paintFlags = 0)+0x9c3  
[z:\code\chrome\src\third_party\webkit\webcore\rendering\renderlayer.cpp @  
2263]
0012eb20 0215bcc6 chrome_1c30000!WebCore::RenderLayer::paintLayer(
                        class WebCore::RenderLayer * rootLayer = 0x08a7cb4c,
                        class WebCore::GraphicsContext * p = 0x0012ed30,
                        class WebCore::IntRect * paintDirtyRect = 0x0012ecd0,
                        WebCore::PaintRestriction paintRestriction = 
PaintRestrictionNone (0),
                        class WebCore::RenderObject * paintingRoot = 0x00000000,
                        class WTF::HashMap<WebCore::OverlapTestRequestClient  
*,WebCore::IntRect,WTF::PtrHash<WebCore::OverlapTestRequestClient
*>,WTF::HashTraits<WebCore::OverlapTestRequestClient  
*>,WTF::HashTraits<WebCore::IntRect> > * overlapTestRequests = 0x0012eb8c,
                        unsigned int paintFlags = 0)+0x9c3  
[z:\code\chrome\src\third_party\webkit\webcore\rendering\renderlayer.cpp @  
2263]
0012ebc8 01ea2c85 chrome_1c30000!WebCore::RenderLayer::paint(
                        class WebCore::GraphicsContext * p = 0x0012ed30,
                        class WebCore::IntRect * damageRect = 0x0012ecd0,
                        WebCore::PaintRestriction paintRestriction = 
PaintRestrictionNone (0),
                        class WebCore::RenderObject * paintingRoot = 
0x00000000)+0x46  
[z:\code\chrome\src\third_party\webkit\webcore\rendering\renderlayer.cpp @  
2041]
0012ec1c 01da484b chrome_1c30000!WebCore::FrameView::paintContents(
                        class WebCore::GraphicsContext * p = 0x0012ed30,
                        class WebCore::IntRect * rect = 0x0012ecd0)+0x265  
[z:\code\chrome\src\third_party\webkit\webcore\page\frameview.cpp @ 1565]
0012ece8 01ccb04e chrome_1c30000!WebCore::ScrollView::paint(
                        class WebCore::GraphicsContext * context = 0x0012ed30,
                        class WebCore::IntRect * rect = 0x0012ed94)+0x19b  
[z:\code\chrome\src\third_party\webkit\webcore\platform\scrollview.cpp @  
775]
0012edb8 01d03cf8 chrome_1c30000!WebFrameImpl::Paint(
                        class skia::PlatformCanvas * canvas = 0x01a18e40,
                        struct WebKit::WebRect * rect = 0x0012edf0)+0x11e  
[z:\code\chrome\src\webkit\glue\webframe_impl.cc @ 1584]
0012edd0 02d44723 chrome_1c30000!WebViewImpl::paint(
                        class skia::PlatformCanvas * canvas = 0x01a18e40,
                        struct WebKit::WebRect * rect = 0x0012edf0)+0x38  
[z:\code\chrome\src\webkit\glue\webview_impl.cc @ 1011]
0012ee4c 02d449ed chrome_1c30000!RenderWidget::PaintRect(
                        class gfx::Rect * rect = 0x0012ef7c,
                        class skia::PlatformCanvas * canvas = 0x01a18e40)+0x103 
 
[z:\code\chrome\src\chrome\renderer\render_widget.cc @ 384]
0012ef94 02d44797 chrome_1c30000!RenderWidget::DoDeferredPaint(void)+0x1fd  
[z:\code\chrome\src\chrome\renderer\render_widget.cc @ 434]
0012efa4 02d4d92f  
chrome_1c30000!RenderWidget::CallDoDeferredPaint(void)+0x17  
[z:\code\chrome\src\chrome\renderer\render_widget.cc @ 393]
0012efb0 02d4cb35 chrome_1c30000!DispatchToMethod<RenderWidget,void (
                        class RenderWidget * obj = 0x00e04000,
                        <function> * method = 0x02d44780,
                        struct Tuple0 * arg = 0x08e5250c)+0x1f 
[z:\code\chrome\src\base\tuple.h  
@ 412]
0012efd0 02becd89 chrome_1c30000!RunnableMethod<RenderWidget,void  
(void)+0x45 [z:\code\chrome\src\base\task.h @ 307]
0012f084 02bece35 chrome_1c30000!MessageLoop::RunTask(
                        class Task * task = 0x08e524e0)+0xb9  
[z:\code\chrome\src\base\message_loop.cc @ 314]
0012f094 02bed3d9 chrome_1c30000!MessageLoop::DeferOrRunPendingTask(
                        struct MessageLoop::PendingTask * pending_task = 
0x0012f0b0)+0x35  
[z:\code\chrome\src\base\message_loop.cc @ 325]
0012f0d0 02c4c5fc chrome_1c30000!MessageLoop::DoWork(void)+0xe9  
[z:\code\chrome\src\base\message_loop.cc @ 429]
0012f1b4 02bec60b chrome_1c30000!base::MessagePumpDefault::Run(
                        class base::MessagePump::Delegate * delegate = 
0x0012f57c)+0xbc  
[z:\code\chrome\src\base\message_pump_default.cc @ 23]
0012f264 02bec460 chrome_1c30000!MessageLoop::RunInternal(void)+0x10b  
[z:\code\chrome\src\base\message_loop.cc @ 199]


--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings

--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---

Reply via email to