24003 2009-02-18 10:04:39 -0800 WebKit crashes on certain rtl pages 2009-02-26 11:11:50 -0800 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) PC Windows XP RESOLVED FIXED P2 Major --- 0 kuchhal webkit-unassigned hyatt zwarich oldest_to_newest 110079 0 kuchhal 2009-02-18 10:04:39 -0800 Some rtl pages are causing WebKit to crash when it converts an object to RenderInline. The stack trace (from Chromium builds, but I can reproduce the same crash in Safari with latest WebKit): 0x0143e367 [chrome.dll - inlineflowbox.h:107] WebCore::InlineFlowBox::borderLeft() 0x01442067 [chrome.dll - renderbox.cpp:2037] WebCore::RenderBox::calcAbsoluteHorizontalValues(WebCore::Length,WebCore::RenderBoxModelObject const *,WebCore::TextDirection,int,int,WebCore::Length,WebCore::Length,WebCore::Length,WebCore::Length,int &,int &,int &,int &) 0x01441c6a [chrome.dll - renderbox.cpp:1816] WebCore::RenderBox::calcAbsoluteHorizontal() 0x014408c0 [chrome.dll - renderbox.cpp:1205] WebCore::RenderBox::calcWidth() 0x01471787 [chrome.dll - renderblock.cpp:732] WebCore::RenderBlock::layoutBlock(bool) 0x014716bc [chrome.dll - renderblock.cpp:704] WebCore::RenderBlock::layout() 0x01472d57 [chrome.dll - renderblock.cpp:1521] WebCore::RenderBlock::layoutPositionedObjects(bool) 0x014aa3c8 [chrome.dll - renderflexiblebox.cpp:249] WebCore::RenderFlexibleBox::layoutBlock(bool) 0x014716bc [chrome.dll - renderblock.cpp:704] WebCore::RenderBlock::layout() 0x014eed98 [chrome.dll - bidi.cpp:819] WebCore::RenderBlock::layoutInlineChildren(bool,int &,int &) 0x0147189c [chrome.dll - renderblock.cpp:785] WebCore::RenderBlock::layoutBlock(bool) 0x014716bc [chrome.dll - renderblock.cpp:704] WebCore::RenderBlock::layout() 0x01474a50 [chrome.dll - renderblock.cpp:2354] WebCore::RenderBlock::insertFloatingObject(WebCore::RenderBox *) 110080 1 27752 kuchhal 2009-02-18 10:05:42 -0800 Created attachment 27752 a small test case to reproduce the crash. 110081 2 27753 kuchhal 2009-02-18 10:06:21 -0800 Created attachment 27753 Patch 110215 3 27753 zwarich 2009-02-19 08:31:58 -0800 Comment on attachment 27753 Patch This patch should be accompanied by a layout test. 110230 4 27796 kuchhal 2009-02-19 10:54:28 -0800 Created attachment 27796 New patch (this time with a layout test) 110755 5 27796 hyatt 2009-02-24 09:54:24 -0800 Comment on attachment 27796 New patch (this time with a layout test) r=me 111235 6 dglazkov 2009-02-26 11:11:50 -0800 Landed as http://trac.webkit.org/changeset/41259. 27752 2009-02-18 10:05:42 -0800 2009-02-19 10:54:28 -0800 a small test case to reproduce the crash. test.htm text/html 154 kuchhal PGh0bWwgZGlyPSJydGwiPg0KPGJvZHk+DQo8YnV0dG9uIHN0eWxlPSJwb3NpdGlvbjogcmVsYXRp dmUiIHR5cGU9InN1Ym1pdCI+DQogIDxzcGFuIHN0eWxlPSJwb3NpdGlvbjogYWJzb2x1dGUiPlRl c3Q8L3NwYW4+DQo8L2J1dHRvbj4NCjwvYm9keT4NCjwvaHRtbD4NCg== 27753 2009-02-18 10:06:21 -0800 2009-02-19 10:54:28 -0800 Patch patch.diff text/plain 1361 kuchhal ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg NjZjYTNjNC4uYWQyZWMxMSAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2Vi Q29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxMiBAQAorMjAwOS0wMi0xOCAgUmFodWwgS3VjaGhh bCAgPGt1Y2hoYWxAY2hyb21pdW0ub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAo T09QUyEpLgorCisgICAgICAgIEZpeCBhIGNyYXNoIGNhdXNlZCBieSB1bnNhZmUgdHlwZSBjb252 ZXJzaW9uLgorCisgICAgICAgICogcmVuZGVyaW5nL1JlbmRlckJveC5jcHA6CisgICAgICAgIChX ZWJDb3JlOjpSZW5kZXJCb3g6OmNhbGNBYnNvbHV0ZUhvcml6b250YWxWYWx1ZXMpOgorCiAyMDA5 LTAyLTE4ICBaYW4gRG9iZXJzZWsgIDx6YW5kb2JlcnNla0BnbWFpbC5jb20+CiAKICAgICAgICAg UnViYmVyLXN0YW1wZWQgYnkgSG9sZ2VyIEhhbnMgUGV0ZXIgRnJleXRoZXIuCmRpZmYgLS1naXQg YS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJCb3guY3BwIGIvV2ViQ29yZS9yZW5kZXJpbmcvUmVu ZGVyQm94LmNwcAppbmRleCA2Nzk2ZWQ5Li45MWM4ODZiIDEwMDY0NAotLS0gYS9XZWJDb3JlL3Jl bmRlcmluZy9SZW5kZXJCb3guY3BwCisrKyBiL1dlYkNvcmUvcmVuZGVyaW5nL1JlbmRlckJveC5j cHAKQEAgLTIwMzIsNyArMjAzMiw3IEBAIHZvaWQgUmVuZGVyQm94OjpjYWxjQWJzb2x1dGVIb3Jp em9udGFsVmFsdWVzKExlbmd0aCB3aWR0aCwgY29uc3QgUmVuZGVyQm94TW9kZWxPCiAgICAgLy8g cG9zaXRpb25lZCwgaW5saW5lIGJlY2F1c2UgcmlnaHQgbm93LCBpdCBpcyB1c2luZyB0aGUgeFBv cwogICAgIC8vIG9mIHRoZSBmaXJzdCBsaW5lIGJveCB3aGVuIHJlYWxseSBpdCBzaG91bGQgdXNl IHRoZSBsYXN0IGxpbmUgYm94LiAgV2hlbgogICAgIC8vIHRoaXMgaXMgZml4ZWQgZWxzZXdoZXJl LCB0aGlzIGJsb2NrIHNob3VsZCBiZSByZW1vdmVkLgotICAgIGlmIChjb250YWluZXJCbG9jay0+ aXNJbmxpbmUoKSAmJiBjb250YWluZXJCbG9jay0+c3R5bGUoKS0+ZGlyZWN0aW9uKCkgPT0gUlRM KSB7CisgICAgaWYgKGNvbnRhaW5lckJsb2NrLT5pc1JlbmRlcklubGluZSgpICYmIGNvbnRhaW5l ckJsb2NrLT5zdHlsZSgpLT5kaXJlY3Rpb24oKSA9PSBSVEwpIHsKICAgICAgICAgY29uc3QgUmVu ZGVySW5saW5lKiBmbG93ID0gdG9SZW5kZXJJbmxpbmUoY29udGFpbmVyQmxvY2spOwogICAgICAg ICBJbmxpbmVGbG93Qm94KiBmaXJzdExpbmUgPSBmbG93LT5maXJzdExpbmVCb3goKTsKICAgICAg ICAgSW5saW5lRmxvd0JveCogbGFzdExpbmUgPSBmbG93LT5sYXN0TGluZUJveCgpOwo= 27796 2009-02-19 10:54:28 -0800 2009-02-24 09:54:24 -0800 New patch (this time with a layout test) patch.diff text/plain 3116 kuchhal ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCBkMTY1NDNlLi44ZjVjNzZlIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTIgQEAKKzIwMDktMDIt MTkgIFJhaHVsIEt1Y2hoYWwgIDxrdWNoaGFsQGNocm9taXVtLm9yZz4KKworICAgICAgICBSZXZp ZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworCUZpeCBhIGNyYXNoIGNhdXNlZCBieSB1bnNhZmUg dHlwZSBjb252ZXJzaW9uLgorCisgICAgICAgICogZmFzdC9ibG9jay9wb3NpdGlvbmluZy9hYnNv bHV0ZS1pbi1pbmxpbmUtcnRsLTQtZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBmYXN0 L2Jsb2NrL3Bvc2l0aW9uaW5nL2Fic29sdXRlLWluLWlubGluZS1ydGwtNC5odG1sOiBBZGRlZC4K KwogMjAwOS0wMi0xNyAgUGV0ZXIgQWJyYWhhbXNlbiAgPHJhaW5oZWFkQGdtYWlsLmNvbT4KIAog ICAgICAgICBSZXZpZXdlZCBieSBTYW0gV2VpbmlnLgpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMv ZmFzdC9ibG9jay9wb3NpdGlvbmluZy9hYnNvbHV0ZS1pbi1pbmxpbmUtcnRsLTQtZXhwZWN0ZWQu dHh0IGIvTGF5b3V0VGVzdHMvZmFzdC9ibG9jay9wb3NpdGlvbmluZy9hYnNvbHV0ZS1pbi1pbmxp bmUtcnRsLTQtZXhwZWN0ZWQudHh0Cm5ldyBmaWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAu LmUyNWUxNDEKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRUZXN0cy9mYXN0L2Jsb2NrL3Bvc2l0 aW9uaW5nL2Fic29sdXRlLWluLWlubGluZS1ydGwtNC1leHBlY3RlZC50eHQKQEAgLTAsMCArMSBA QAorVGhpcyB0ZXN0IGNoZWNrcyB0aGF0IGFuIGFic29sdXRlIGVsZW1lbnQgaW5zaWRlIGlubGlu ZWQgZWxlbWVudCBzaG91bGQgbm90IGNhdXNlIGNyYXNoLiBJZiB0aGlzIGZpbGUgb3BlbnMgc3Vj Y2Vzc2Z1bGx5IHRoYXQgbWVhbnMgdGhlIHRlc3QgcGFzc2VkLgpkaWZmIC0tZ2l0IGEvTGF5b3V0 VGVzdHMvZmFzdC9ibG9jay9wb3NpdGlvbmluZy9hYnNvbHV0ZS1pbi1pbmxpbmUtcnRsLTQuaHRt bCBiL0xheW91dFRlc3RzL2Zhc3QvYmxvY2svcG9zaXRpb25pbmcvYWJzb2x1dGUtaW4taW5saW5l LXJ0bC00Lmh0bWwKbmV3IGZpbGUgbW9kZSAxMDA3NTUKaW5kZXggMDAwMDAwMC4uN2VhMzljYgot LS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2Zhc3QvYmxvY2svcG9zaXRpb25pbmcvYWJz b2x1dGUtaW4taW5saW5lLXJ0bC00Lmh0bWwKQEAgLTAsMCArMSwxMyBAQAorPGh0bWwgZGlyPSJy dGwiPgorPGJvZHk+Cis8c2NyaXB0PgorICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVy KQorICAgIGxheW91dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQoKQorPC9zY3JpcHQ+Cis8YnV0 dG9uIHN0eWxlPSJwb3NpdGlvbjogcmVsYXRpdmUiIHR5cGU9InN1Ym1pdCI+Cis8c3BhbiBzdHls ZT0icG9zaXRpb246IGFic29sdXRlIj5UaGlzIHRlc3QgY2hlY2tzIHRoYXQgYW4gYWJzb2x1dGUg ZWxlbWVudAoraW5zaWRlIGlubGluZWQgZWxlbWVudCBzaG91bGQgbm90IGNhdXNlIGNyYXNoLiBJ ZiB0aGlzIGZpbGUgb3BlbnMKK3N1Y2Nlc3NmdWxseSB0aGF0IG1lYW5zIHRoZSB0ZXN0IHBhc3Nl ZC48L3NwYW4+Cis8L2J1dHRvbj4KKzwvYm9keT4KKzwvaHRtbD4KZGlmZiAtLWdpdCBhL1dlYkNv cmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNjZjYTNjNC4uNjc4YjFiNiAx MDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2ViQ29yZS9DaGFuZ2VMb2cKQEAg LTEsMyArMSwxNCBAQAorMjAwOS0wMi0xOSAgUmFodWwgS3VjaGhhbCAgPGt1Y2hoYWxAY2hyb21p dW0ub3JnPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisJRml4IGEg Y3Jhc2ggY2F1c2VkIGJ5IHVuc2FmZSB0eXBlIGNvbnZlcnNpb24uCisKKyAgICAgICAgVGVzdDog ZmFzdC9ibG9jay9wb3NpdGlvbmluZy9hYnNvbHV0ZS1pbi1pbmxpbmUtcnRsLTQuaHRtbAorCisg ICAgICAgICogcmVuZGVyaW5nL1JlbmRlckJveC5jcHA6CisgICAgICAgIChXZWJDb3JlOjpSZW5k ZXJCb3g6OmNhbGNBYnNvbHV0ZUhvcml6b250YWxWYWx1ZXMpOgorCiAyMDA5LTAyLTE4ICBaYW4g RG9iZXJzZWsgIDx6YW5kb2JlcnNla0BnbWFpbC5jb20+CiAKICAgICAgICAgUnViYmVyLXN0YW1w ZWQgYnkgSG9sZ2VyIEhhbnMgUGV0ZXIgRnJleXRoZXIuCmRpZmYgLS1naXQgYS9XZWJDb3JlL3Jl bmRlcmluZy9SZW5kZXJCb3guY3BwIGIvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyQm94LmNwcApp bmRleCA2Nzk2ZWQ5Li45MWM4ODZiIDEwMDY0NAotLS0gYS9XZWJDb3JlL3JlbmRlcmluZy9SZW5k ZXJCb3guY3BwCisrKyBiL1dlYkNvcmUvcmVuZGVyaW5nL1JlbmRlckJveC5jcHAKQEAgLTIwMzIs NyArMjAzMiw3IEBAIHZvaWQgUmVuZGVyQm94OjpjYWxjQWJzb2x1dGVIb3Jpem9udGFsVmFsdWVz KExlbmd0aCB3aWR0aCwgY29uc3QgUmVuZGVyQm94TW9kZWxPCiAgICAgLy8gcG9zaXRpb25lZCwg aW5saW5lIGJlY2F1c2UgcmlnaHQgbm93LCBpdCBpcyB1c2luZyB0aGUgeFBvcwogICAgIC8vIG9m IHRoZSBmaXJzdCBsaW5lIGJveCB3aGVuIHJlYWxseSBpdCBzaG91bGQgdXNlIHRoZSBsYXN0IGxp bmUgYm94LiAgV2hlbgogICAgIC8vIHRoaXMgaXMgZml4ZWQgZWxzZXdoZXJlLCB0aGlzIGJsb2Nr IHNob3VsZCBiZSByZW1vdmVkLgotICAgIGlmIChjb250YWluZXJCbG9jay0+aXNJbmxpbmUoKSAm JiBjb250YWluZXJCbG9jay0+c3R5bGUoKS0+ZGlyZWN0aW9uKCkgPT0gUlRMKSB7CisgICAgaWYg KGNvbnRhaW5lckJsb2NrLT5pc1JlbmRlcklubGluZSgpICYmIGNvbnRhaW5lckJsb2NrLT5zdHls ZSgpLT5kaXJlY3Rpb24oKSA9PSBSVEwpIHsKICAgICAgICAgY29uc3QgUmVuZGVySW5saW5lKiBm bG93ID0gdG9SZW5kZXJJbmxpbmUoY29udGFpbmVyQmxvY2spOwogICAgICAgICBJbmxpbmVGbG93 Qm94KiBmaXJzdExpbmUgPSBmbG93LT5maXJzdExpbmVCb3goKTsKICAgICAgICAgSW5saW5lRmxv d0JveCogbGFzdExpbmUgPSBmbG93LT5sYXN0TGluZUJveCgpOwo=