Bug 13896 - REGRESSION (NativePopup): Reproducible crasher on Google Coop control panel
Summary: REGRESSION (NativePopup): Reproducible crasher on Google Coop control panel
Status: VERIFIED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Forms (show other bugs)
Version: 523.x (Safari 3)
Hardware: Mac OS X 10.4
: P1 Normal
Assignee: Nobody
URL: http://ol.g.free.fr/tests/coop.html
Keywords: HasReduction, Regression
Depends on:
Blocks:
 
Reported: 2007-05-28 04:08 PDT by Olivier Gutknecht
Modified: 2007-05-29 13:38 PDT (History)
1 user (show)

See Also:


Attachments
crash report (25.58 KB, text/plain)
2007-05-28 04:10 PDT, Olivier Gutknecht
no flags Details
Reduction (will crash) (85 bytes, text/html)
2007-05-28 05:22 PDT, mitz
no flags Details
Do not try to compute style for options and option groups if their parents have no style (31.36 KB, patch)
2007-05-28 06:32 PDT, mitz
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Olivier Gutknecht 2007-05-28 04:08:39 PDT
Version: WebKit 522+, r21819
Platform: Mac OS X 10.4.9 8P135 PowerPC 
System configuration: PowerMac7,3, Dual PowerPC G5, 2 GB, 6800 GT DDL

Summary:

When accessing the control panel for a Google Coop custom search engine, on the "sites" tab, WebKit crashes in WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned) const + 28

This is 100% reproducible in my setup. 

How to reproduce:

The extracted HTML source is sufficient to provoke the crash (uploaded at URL). To recreate the setup:
- go to http://www.google.com/coop
- create a new custom search engine, add a site to search in the list
- go to the control panel for the newly created search
- click on the "sites" settings link  


Regression:

Does not happen on Safari 2.0.4 (419.3)
Does not happen on Gecko/20070309 Firefox/2.0.0.3
Comment 1 Olivier Gutknecht 2007-05-28 04:10:11 PDT
Created attachment 14754 [details]
crash report

Uploaded crash report
Comment 2 mitz 2007-05-28 05:16:34 PDT
ASSERTION FAILED: m_fontList
(/WebKit/WebCore/platform/Font.cpp:449 const WebCore::FontData* WebCore::Font::primaryFont() const)

Comment 3 mitz 2007-05-28 05:22:36 PDT
Created attachment 14755 [details]
Reduction (will crash)
Comment 4 mitz 2007-05-28 06:32:28 PDT
Created attachment 14757 [details]
Do not try to compute style for options and option groups if their parents have no style
Comment 5 Darin Adler 2007-05-28 09:55:20 PDT
Comment on attachment 14757 [details]
Do not try to compute style for options and option groups if their parents have no style

Why do these classes do the work in attach instead of recalcStyle?

r=me
Comment 6 Sam Weinig 2007-05-28 13:25:40 PDT
Landed in r21847.
Comment 7 Olivier Gutknecht 2007-05-29 13:38:29 PDT
Verified it fixes the initial issue with Google Coop (r21854 nightly)