RESOLVED FIXED 7566
REGRESSION: Reproducible crash in getWebCoreFont() 
https://bugs.webkit.org/show_bug.cgi?id=7566
Summary REGRESSION: Reproducible crash in getWebCoreFont()
Shawn Smith
Reported 2006-03-02 20:27:06 PST
Random crashes while browsing. No pattern found but crash reports all point to QFontMetricsPrivate::getWebCoreFont(). Crash log attached.
Attachments
Crash Log (29.46 KB, text/plain)
2006-03-02 20:27 PST, Shawn Smith 		no flags
Details
random fix (561 bytes, patch)
2006-03-05 10:00 PST, Alexey Proskuryakov 		bdakin: review-
DetailsFormatted DiffDiff
Very reduced test case (400 bytes, text/html)
2006-03-06 10:43 PST, Beth Dakin 		no flags
Details
new patch (2.01 KB, patch)
2006-03-06 15:11 PST, Beth Dakin 		bdakin: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Shawn Smith
Comment 1 2006-03-02 20:27:54 PST
Created attachment 6818 [details] Crash Log
Eric Seidel (no email)
Comment 2 2006-03-02 22:16:30 PST
Is this a new crash? If so this should be a P1 and have the Regression keyword. The crashlog shows you're running a nightly, which might indicate this is related to hyatt's recent Font rewrite.
Shawn Smith
Comment 3 2006-03-03 05:46:12 PST
This is a new crash with the latest nightly. I suspect it has something to do with the font rewrite as it is crashing in that area of the code. I still can't narrow it down to a specific web page with a good repro. It is fairly random. I have only seen it 3 times in normal nightly browsing. Added Regression Keyword and set the Priority to P1.
Alexander Romanovich
Comment 4 2006-03-03 08:33:33 PST
I can repro this 100% by viewing the structure of a table in phpMyAdmin. Same crash as the original reporter. Hope that helps.
Shawn Smith
Comment 5 2006-03-05 07:38:52 PST
Found a good repro. Go here: http://www.regence.com/careers/ Click on "Search and Apply" button. (Need to allow Pop-ups) When pop-up window displays click on "Search Openings" button ... crash. This is with this nightly: WebKit Sun Mar 5 11:59:00 GMT 2006
Alexey Proskuryakov
Comment 6 2006-03-05 09:35:44 PST
0 WebCore::FontRenderer::getWebCoreFont(WebCore::FontDescription const&) const + 40 (FontMac.mm:51) 1 WebCore::Font::getWebCoreFont() const + 68 (FontMac.mm:95) 2 QListBox::sizeForNumberOfLines(int) const + 960 (KWQListBox.mm:295) 3 WebCore::RenderSelect::layout() + 328 (render_form.cpp:798) 4 WebCore::RenderObject::layoutIfNeeded() + 76 (Font.h:458) 5 WebCore::RenderSelect::calcMinMaxWidth() + 192 (render_form.cpp:768) 6 WebCore::RenderObject::recalcMinMaxWidths() + 896 (render_object.cpp:2285) 7 WebCore::RenderObject::recalcMinMaxWidths() + 408 (render_object.cpp:2270)
Alexey Proskuryakov
Comment 7 2006-03-05 09:37:15 PST
*** Bug 7598 has been marked as a duplicate of this bug. ***
Alexey Proskuryakov
Comment 8 2006-03-05 10:00:14 PST
Created attachment 6870 [details] random fix The bug here is pretty obvious (a font is created without a renderer, then this null renderer is used), but my solution is kind of random - I don't really understand what Font::update() means.
Alexey Proskuryakov
Comment 9 2006-03-05 11:05:12 PST
*** Bug 7614 has been marked as a duplicate of this bug. ***
Darin Adler
Comment 10 2006-03-05 12:13:11 PST
Comment on attachment 6870 [details] random fix I think the correct fix is to add a call to update() to QListBox. On the other hand, I don't like the design here where you have to know when to call update(). Hyatt is the one who should review this and the one who should fix this too.
Andrew Wellington
Comment 11 2006-03-06 01:59:30 PST
*** Bug 7623 has been marked as a duplicate of this bug. ***
Beth Dakin
Comment 12 2006-03-06 10:43:40 PST
Created attachment 6899 [details] Very reduced test case Chris filed this in radar over the weekend also as <rdar://problem/4467128>. He attached this great reduced test case to the radar, so I thought I would put it here too.
Beth Dakin
Comment 13 2006-03-06 15:01:30 PST
Comment on attachment 6870 [details] random fix Darin and Hyatt discussed this on IRC and this is not the way Dave thinks the bug should be fixed. The callers should call update() instead. I am making a patch now...
Beth Dakin
Comment 14 2006-03-06 15:11:55 PST
Created attachment 6903 [details] new patch
Beth Dakin
Comment 15 2006-03-06 15:44:31 PST
Comment on attachment 6903 [details] new patch Darin reviewed this, and I committed the fix.
Daniel Peebles
Comment 16 2006-03-13 14:22:26 PST
*** Bug 7757 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.