RESOLVED FIXED 17183
Crash in RenderObject::lineHeight on launch with r30001 nightly 
https://bugs.webkit.org/show_bug.cgi?id=17183
Summary Crash in RenderObject::lineHeight on launch with r30001 nightly
Matt Bishop
Reported 2008-02-05 12:37:51 PST
I downloaded and started WebKit r30001 using 'run-nightly-webkit.cmd' and it crashed before the start page loaded. I had the latest Safari 3.0.4 installed. I have not installed WebKit previously.
Attachments
Crash dump file (31.10 KB, application/octet-stream)
2008-02-05 12:39 PST, Matt Bishop 		no flags
Details
FontsList.plist as requested (41.28 KB, text/plain)
2008-02-05 15:22 PST, Matt Bishop 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Matt Bishop
Comment 1 2008-02-05 12:39:15 PST
Created attachment 18939 [details] Crash dump file crash file
Adam Roben (:aroben)
Comment 2 2008-02-05 12:54:33 PST
Comment on attachment 18939 [details] Crash dump file The backtrace seems to include the same frames over and over, but here's what I think it actually is: WebKit.dll!WebCore::RenderObject::lineHeight(bool firstLine=true, bool __formal=false) Line 2718 + 0x14 bytes C++ WebKit.dll!WebCore::RenderFlow::lineHeight(bool firstLine=true, bool isRootLineBox=true) Line 321 + 0xb bytes C++ WebKit.dll!WebCore::RenderBlock::lineHeight(bool b=true, bool isRootLineBox=true) Line 3954 + 0xb bytes C++ WebKit.dll!WebCore::InlineFlowBox::computeLogicalBoxHeights(int & maxPositionTop=0, int & maxPositionBottom=0, int & maxAscent=0, int & maxDescent=0, bool strictMode=false) Line 426 + 0x1a bytes C++ WebKit.dll!WebCore::InlineFlowBox::verticallyAlignBoxes(int & heightOfBlock=) Line 374 C++ WebKit.dll!WebCore::RenderBlock::constructLine(const WebCore::BidiIterator & start={...}, const WebCore::BidiIterator & end={...}) Line 630 C++ WebKit.dll!WebCore::RenderBlock::computeVerticalPositionsForLine(WebCore::RootInlineBox * lineBox=0x00000000) Line 753 C++ WebKit.dll!WebCore::RenderBlock::layoutInlineChildren(bool relayoutChildren=, int & repaintTop=, int & repaintBottom=) Line 995 C++ msvcr80.dll!__msize() + 0xf8 bytes WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true) Line 583 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 495 C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatBottom=0) Line 1234 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=) Line 587 C++ WebKit.dll!WebCore::StringImpl::StringImpl(const char * characters=0x00000001, unsigned int length=0) Line 110 + 0x21 bytes C++ WebKit.dll!WebCore::RenderBlock::layout() Line 495 C++ WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatBottom=0) Line 1234 C++ WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=) Line 587 C++ WebKit.dll!WebCore::RenderBlock::layout() Line 495 C++ WebKit.dll!WebCore::RenderView::layout() Line 114 C++ WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true) Line 472 C++ WebKit.dll!WebCore::Document::implicitClose() Line 1534 C++ WebKit.dll!WebCore::FrameLoader::checkCompleted() Line 1263 C++ WebKit.dll!WebCore::FrameLoader::finishedParsing() Line 1211 C++ WebKit.dll!WebCore::Document::finishedParsing() Line 3550 C++ WebKit.dll!WebCore::HTMLParser::finished() Line 1443 C++ WebKit.dll!WebCore::HTMLTokenizer::end() Line 1559 C++ ole32.dll!CRetailMalloc_GetSize() + 0x20 bytes oleaut32.dll!APP_DATA::FreeCachedMem() + 0x24 bytes 7fecbba8() WebKit.dll!WebCore::TimerBase::isActive() Line 188 + 0x26 bytes C++ WebKit.dll!WebCore::HTMLTokenizer::finish() Line 1597 C++ WebKit.dll!WebCore::FrameLoader::write(const char * str=0x00000000, int len=1309376, bool flush=true) Line 998 + 0x9 bytes C++ WebKit.dll!WebCore::FrameLoader::endIfNotLoadingMainResource() Line 1033 C++ WebKit.dll!WebCore::FrameLoader::finishedLoading() Line 2791 C++ WebKit.dll!WebCore::MainResourceLoader::didFinishLoading() Line 311 C++ WebKit.dll!WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction contentPolicy=PolicyUse, const WebCore::ResourceResponse & r={...}) Line 245 C++ WebKit.dll!WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction policy=PolicyUse) Line 260 C++ WebKit.dll!WebCore::MainResourceLoader::didReceiveResponse(const WebCore::ResourceResponse & r={...}) Line 287 C++ WebKit.dll!WebCore::MainResourceLoader::handleDataLoadNow(WebCore::Timer<WebCore::MainResourceLoader> * __formal=) Line 343 C++
Adam Roben (:aroben)
Comment 3 2008-02-05 12:58:39 PST
This looks like the crash we get whenever we can't obtain a CGFontRef. Could you attach your FontsList.plist file? It can be found in: C:\Documents and Settings\<username>\Local Settings\Application Data\Apple Computer\Safari
Matt Bishop
Comment 4 2008-02-05 15:22:21 PST
Created attachment 18942 [details] FontsList.plist as requested
Robert Blaut
Comment 5 2008-03-16 12:31:07 PDT
(In reply to comment #3) > This looks like the crash we get whenever we can't obtain a CGFontRef. Could > you attach your FontsList.plist file? It can be found in: > > C:\Documents and Settings\<username>\Local Settings\Application Data\Apple > Computer\Safari > Adam, is the crash bug ever confirmed or not?
Matt Bishop
Comment 6 2008-03-25 09:54:23 PDT
Safari 3.1 appears to have a fix for this bug. I have been unable to reproduce it in 3.1.
Note You need to log in before you can comment on or make changes to this bug.