Version: WebKit 522+, r21819 Platform: Mac OS X 10.4.9 8P135 PowerPC System configuration: PowerMac7,3, Dual PowerPC G5, 2 GB, 6800 GT DDL Summary: When accessing the control panel for a Google Coop custom search engine, on the "sites" tab, WebKit crashes in WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned) const + 28 This is 100% reproducible in my setup. How to reproduce: The extracted HTML source is sufficient to provoke the crash (uploaded at URL). To recreate the setup: - go to http://www.google.com/coop - create a new custom search engine, add a site to search in the list - go to the control panel for the newly created search - click on the "sites" settings link Regression: Does not happen on Safari 2.0.4 (419.3) Does not happen on Gecko/20070309 Firefox/2.0.0.3
Created attachment 14754 [details] crash report Uploaded crash report
ASSERTION FAILED: m_fontList (/WebKit/WebCore/platform/Font.cpp:449 const WebCore::FontData* WebCore::Font::primaryFont() const)
Created attachment 14755 [details] Reduction (will crash)
Created attachment 14757 [details] Do not try to compute style for options and option groups if their parents have no style
Comment on attachment 14757 [details] Do not try to compute style for options and option groups if their parents have no style Why do these classes do the work in attach instead of recalcStyle? r=me
Landed in r21847.
Verified it fixes the initial issue with Google Coop (r21854 nightly)