WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
15091
Crash in RenderBlock::skipWhitespace during layout
https://bugs.webkit.org/show_bug.cgi?id=15091
Summary
Crash in RenderBlock::skipWhitespace during layout
Mark Rowe (bdash)
Reported
2007-08-27 05:48:48 PDT
Steps to reproduce: 1) Visit
http://www.wherethebloodyhellareyou.com/
2) Click "View the TV Ad" 3) *crash* Backtrace is as follows: Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x0000000000000090 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x017200b0 WebCore::RenderLayer::setStaticX(int) + 12 (RenderLayer.h:345) 1 com.apple.WebCore 0x0171bba9 WebCore::RenderBox::setStaticX(int) + 147 (RenderBox.cpp:1516) 2 com.apple.WebCore 0x016f36d7 WebCore::RenderBlock::skipWhitespace(WebCore::BidiIterator&, WebCore::BidiResolver<WebCore::BidiIterator, WebCore::BidiRun>&) + 549 (bidi.cpp:1297) 3 com.apple.WebCore 0x016f3833 WebCore::RenderBlock::findNextLineBreak(WebCore::BidiIterator&, WebCore::BidiResolver<WebCore::BidiIterator, WebCore::BidiRun>&) + 43 (bidi.cpp:1317) 4 com.apple.WebCore 0x016f76e8 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 3010 (bidi.cpp:965) 5 com.apple.WebCore 0x01711ff9 WebCore::RenderBlock::layoutBlock(bool) + 1307 (RenderBlock.cpp:579) 6 com.apple.WebCore 0x01702770 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:493) 7 com.apple.WebCore 0x016f8751 WebCore::RenderObject::layoutIfNeeded() + 41 (RenderObject.h:476) 8 com.apple.WebCore 0x01710800 WebCore::RenderBlock::layoutBlockChildren(bool) + 1466 (RenderBlock.cpp:1214) 9 com.apple.WebCore 0x01712011 WebCore::RenderBlock::layoutBlock(bool) + 1331 (RenderBlock.cpp:584) 10 com.apple.WebCore 0x01702770 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:493) 11 com.apple.WebCore 0x016f8751 WebCore::RenderObject::layoutIfNeeded() + 41 (RenderObject.h:476) 12 com.apple.WebCore 0x01710800 WebCore::RenderBlock::layoutBlockChildren(bool) + 1466 (RenderBlock.cpp:1214) 13 com.apple.WebCore 0x01712011 WebCore::RenderBlock::layoutBlock(bool) + 1331 (RenderBlock.cpp:584) 14 com.apple.WebCore 0x01702770 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:493) 15 com.apple.WebCore 0x0172236e WebCore::RenderView::layout() + 310 (RenderView.cpp:114) 16 com.apple.WebCore 0x0169dc4f WebCore::FrameView::layout(bool) + 1919 (FrameView.cpp:430) 17 com.apple.WebCore 0x0169df21 WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView>*) + 25 (FrameView.cpp:646) 18 com.apple.WebCore 0x0169f9ad WebCore::Timer<WebCore::FrameView>::fired() + 89 (Timer.h:98) 19 com.apple.WebCore 0x017e5558 WebCore::TimerBase::fireTimers(double, WTF::Vector<WebCore::TimerBase*, 0ul> const&) + 198 (Timer.cpp:339) 20 com.apple.WebCore 0x017e5600 WebCore::TimerBase::sharedTimerFired() + 110 (Timer.cpp:359) 21 com.apple.WebCore 0x017e4b94 WebCore::timerFired(__CFRunLoopTimer*, void*) + 78 (SharedTimerMac.cpp:85) 22 com.apple.CoreFoundation 0x95c70fee CFRunLoopRunSpecific + 4494 23 com.apple.CoreFoundation 0x95c711a8 CFRunLoopRunInMode + 88 24 com.apple.HIToolbox 0x95d70758 RunCurrentEventLoopInMode + 283 25 com.apple.HIToolbox 0x95d70571 ReceiveNextEventCommon + 374 26 com.apple.HIToolbox 0x95d703e5 BlockUntilNextEventMatchingListInMode + 106 27 com.apple.AppKit 0x93aeb813 _DPSNextEvent + 657 28 com.apple.AppKit 0x93aeb159 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128 29 com.apple.Safari 0x000231b1 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 171 30 com.apple.AppKit 0x93ae430b -[NSApplication run] + 795 31 com.apple.AppKit 0x93ab1758 NSApplicationMain + 663 32 com.apple.Safari 0x000aafe1 main + 90 33 com.apple.Safari 0x000023f2 start + 54
Attachments
Reduction (will crash if Java is disabled)
(103 bytes, text/html)
2007-08-27 07:04 PDT
,
mitz
no flags
Details
Create the right renderer for fallback content
(31.67 KB, patch)
2007-08-27 09:13 PDT
,
mitz
darin
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1
2007-08-27 05:49:48 PDT
<
rdar://problem/5439631
>
Mark Rowe (bdash)
Comment 2
2007-08-27 05:50:17 PDT
I should note that I'm seeing this with
r25259
.
Mark Rowe (bdash)
Comment 3
2007-08-27 06:56:30 PDT
Apparently the fact I have Java disabled is a factor in reproducing this crash.
mitz
Comment 4
2007-08-27 07:04:40 PDT
Created
attachment 16131
[details]
Reduction (will crash if Java is disabled) Reduction: <applet code="" style="position: absolute;"></applet>
mitz
Comment 5
2007-08-27 09:13:15 PDT
Created
attachment 16133
[details]
Create the right renderer for fallback content
Darin Adler
Comment 6
2007-08-27 09:35:30 PDT
Comment on
attachment 16133
[details]
Create the right renderer for fallback content r=me
Mark Rowe (bdash)
Comment 7
2007-08-27 11:03:08 PDT
Fix landed in
r25262
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug