Comment #4 on issue 7829 by [email protected]: Chrome: Crash Report -
Crash calling std::stable_sort under RenderLayer::updateZOrderLists()
http://code.google.com/p/chromium/issues/detail?id=7829
Ok, the crash point is actually in WebCore::compareZIndex at 0x04
// Helper for the sorting of layers by z-index.
static inline bool compareZIndex(RenderLayer* first, RenderLayer* second)
{
return first->zIndex() < second->zIndex();
}
RenderLayer:
int zIndex() const { return renderer()->style()->zIndex(); }
0x4 could be m_renderer (which would suggest that renderer() is being
called on a
NULL this. m_renderer is the first member of RenderLayer as far as I can
tell which
I would think make the m_renderer pointer 0x0 in that case. It's unlikely
that
style() would be returning 0x4, because I can't think of any cases in which
a
RenderLayer would have a null renderer() (unless the RenderLayer was
already deleted).
So this would suggest that somehow NULL is getting into one of these layer
lists (or
that the RenderLayer is destroyed already).
The only function which modifies these zorder layer lists that I know of is:
void RenderLayer::collectLayers(Vector<RenderLayer*>*& posBuffer,
Vector<RenderLayer*>*& negBuffer)
The only way it seems a NULL layer could get into the lists in that
function is if
"this" is NULL.
No clue. w/o a reproducible case this bug isn't very useful.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
