Status: Untriaged Owner: ---- Labels: Type-Bug Pri-2 OS-Linux Area-WebKit Size-Medium Valgrind Fixit
New issue 17247 by [email protected]: Invalid write in WebCore::RenderSVGRoot::mapLocalToContainer() http://code.google.com/p/chromium/issues/detail?id=17247 Happened in LayoutTests/svg/custom/stroke-width-click.svg during the fishing expedition sh tools/valgrind/valgrind_webkit_tests.sh LayoutTests/svg Presumably it would also be reproduced by more specific commands sh tools/valgrind/valgrind_webkit_tests.sh LayoutTests/svg/custom or sh tools/valgrind/valgrind_webkit_tests.sh LayoutTests/svg/custom/ stroke-width-click.svg but I haven't verified that. Valgrind complains Invalid write of size 4 at WebCore::RenderSVGRoot::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const (RenderSVGRoot.cpp:274) by WebCore::RenderBox::mapLocalToContainer(WebCore::RenderBoxModelObject*, bool, bool, WebCore::TransformState&) const (RenderBox.cpp:944) by WebCore::RenderObject::localToAbsolute(WebCore::FloatPoint, bool, bool) const (RenderObject.cpp:1641) by WebCore::RenderBlock::selectionGapRectsForRepaint(WebCore::RenderBoxModelObject*) (RenderBlock.cpp:2004) by WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int, WebCore::RenderView::SelectionRepaintMode) (RenderSelectionInfo.h:85) by WebCore::Frame::selectionLayoutChanged() (Frame.cpp:663) by WebCore::SelectionController::setSelection(WebCore::VisibleSelection const&, bool, bool, bool) (SelectionController.cpp:147) by WebCore::EventHandler::selectClosestWordFromMouseEvent(WebCore::MouseEventWithHitT by WebCore::EventHandler::handleMousePressEventDoubleClick(WebCore::MouseEventWithHit by WebCore::EventHandler::handleMousePressEvent(WebCore::MouseEventWithHitTestResults const&) (EventHandler.cpp:392) by WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) (EventHandler.cpp:1217) by WebViewImpl::MouseDown(WebKit::WebMouseEvent const&) (webview_impl.cc:492) by WebViewImpl::handleInputEvent(WebKit::WebInputEvent const&) (webview_impl.cc:1033) by EventSendingController::mouseDown(std::vector<CppVariant, std::allocator<CppVariant> > const&, CppVariant*) (event_sending_controller.cc:273) by CallbackImpl<EventSendingController, void (EventSendingController::*) Tuple2<std::vector<CppVariant, std::allocator<CppVariant> > const&, CppVariant*> > ::RunWithParams(Tuple2<std::vector<CppVariant, std::allocator<CppVariant> > > const&, CppVariant*> const&) (tuple.h:429) by CppBoundClass::Invoke(void*, _NPVariant const*, unsigned int, _NPVariant*) (task.h:548) ... Address 0xbbadbeef is not stack'd, malloc'd or (recently) free'd -- You received this message because you are listed in the owner or CC fields of this issue, or because you starred this issue. You may adjust your issue notification preferences at: http://code.google.com/hosting/settings --~--~---------~--~----~------------~-------~--~----~ Automated mail from issue updates at http://crbug.com/ Subscription options: http://groups.google.com/group/chromium-bugs -~----------~----~----~----~------~----~------~--~---
