Status: Untriaged Owner: ---- CC: anan...@chromium.org, lafo...@chromium.org, mal.chromium Labels: Type-Bug Pri-1 OS-All Area-WebKit HTML5 Crash
New issue 26657 by mberkow...@chromium.org: Audio tag: crash in WebCore::RenderBox::addOverflowFromChild http://code.google.com/p/chromium/issues/detail?id=26657 Chrome 4.0.229.0 (Official Build 30554) HTML 5, <audio> tag What steps will reproduce the problem? -------------------------------------- 1. Unzip files from attached archive to a folder. 2. In Chrome, open web page audiotag.htm from attachment. 3. Pass mouse pointer over the audio control. You may have to move the mouse in and out of the control a few times. 4. CRASH Stack trace: ------------ ChildEBP RetAddr 0012ecdc 028f79d4 chrome_24e0000!WebCore::RenderBox::addOverflowFromChild+0x6 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderbox.h @ 106] 0012ed50 028c5d15 chrome_24e0000!WebCore::RenderSlider::layout+0x1e2 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderslider.cpp @ 359] 0012ed68 028c4ac4 chrome_24e0000!WebCore::RenderBlock::layoutPositionedObjects+0x79 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 1440] 0012edec 028c478a chrome_24e0000!WebCore::RenderBlock::layoutBlock+0x31c [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 766] 0012edf8 028c5d15 chrome_24e0000!WebCore::RenderBlock::layout+0x17 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 642] 0012ee10 0293e230 chrome_24e0000!WebCore::RenderBlock::layoutPositionedObjects+0x79 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 1440] 0012ee7c 028c478a chrome_24e0000!WebCore::RenderFlexibleBox::layoutBlock+0x161 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderflexiblebox.cpp @ 253] 0012ee88 028c5d15 chrome_24e0000!WebCore::RenderBlock::layout+0x17 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 642] 0012eea0 028c4ac4 chrome_24e0000!WebCore::RenderBlock::layoutPositionedObjects+0x79 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 1440] 0012ef24 028c478a chrome_24e0000!WebCore::RenderBlock::layoutBlock+0x31c [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 766] 0012ef30 028d26b1 chrome_24e0000!WebCore::RenderBlock::layout+0x17 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 642] 0012ef78 0296dcd5 chrome_24e0000!WebCore::RenderMedia::layout+0x134 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\rendermedia.cpp @ 166] 0012f118 028c4953 chrome_24e0000!WebCore::RenderBlock::layoutInlineChildren+0x2f6 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblocklinelayout.cpp @ 874] 0012f1a4 028c478a chrome_24e0000!WebCore::RenderBlock::layoutBlock+0x1ab [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 713] 0012f1b0 028c5a67 chrome_24e0000!WebCore::RenderBlock::layout+0x17 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 642] 0012f1ec 028c5827 chrome_24e0000!WebCore::RenderBlock::layoutBlockChild+0x1d0 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 1333] 0012f23c 028c4963 chrome_24e0000!WebCore::RenderBlock::layoutBlockChildren+0x1e5 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 1249] 0012f2c4 028c478a chrome_24e0000!WebCore::RenderBlock::layoutBlock+0x1bb [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 717] 0012f2d0 028c5a67 chrome_24e0000!WebCore::RenderBlock::layout+0x17 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 642] 0012f30c 028c5827 chrome_24e0000!WebCore::RenderBlock::layoutBlockChild+0x1d0 [c:\b\slave\chrome-official-2\build\src\third_party\webkit\webcore\rendering\renderblock.cpp @ 1333] Dump: ----- http://go/crashDumps/mberkowitz/audio.dmp Attachments: audiotag-crash.zip 155 KB -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
