Updates:
Labels: -SecSeverity-High SecSeverity-None
Comment #5 on issue 28699 by [email protected]: Crash on mouse movement
on sunrise.ch
http://code.google.com/p/chromium/issues/detail?id=28699
I reduced it to this:
<HTML>
<HEAD>
<STYLE>
* { display:block; }
:first-letter { text-transform: uppercase; }
</STYLE>
</HEAD>
<BODY>
<DIV><INPUT type="submit"></DIV>
<STYLE></STYLE>
</BODY>
</HTML>
Details:
http://skypher.com/SkyLined/Repro/WebKit/Bug%2028699%20-
%20webcore..renderbutton..styledidchange%20rea...@null%20(6739b7fe455ecb54a6812c0866c
3b47c)/details.html
Repro:
http://skypher.com/SkyLined/Repro/WebKit/Bug%2028699%20-
%20webcore..renderbutton..styledidchange%20rea...@null%20(6739b7fe455ecb54a6812c0866c
3b47c)/repro.html
I cannot reproduce anything but this NULL pointer, so I suggest you look
again to see
if this is indeed use-after-free on your system. Otherwise, we can move it
out of M4
with the other NULL pointers.
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
