41334 2010-06-28 22:40:22 -0700 [chromium]A crash caused by the patch of bug 40608. 2010-06-29 11:08:46 -0700 1 1 1 Unclassified WebKit WebKit API 528+ (Nightly build) All All RESOLVED FIXED P1 Major --- 0 suzhe webkit-unassigned commit-queue oldest_to_newest 244105 0 suzhe 2010-06-28 22:40:22 -0700 See chromium bug report: http://code.google.com/p/chromium/issues/detail?id=47805 The stack trace is: 0x6c80305e [chrome.dll - position.cpp:1014] WebCore::Position::getInlineBoxAndOffset(WebCore::EAffinity,WebCore::TextDirection,WebCore::InlineBox * &,int &) 0x6c802e9b [chrome.dll - position.cpp:949] WebCore::Position::getInlineBoxAndOffset(WebCore::EAffinity,WebCore::InlineBox * &,int &) 0x6c7e6afb [chrome.dll - frame.cpp:311] WebCore::Frame::firstRectForRange(WebCore::Range *) 0x6ca224c1 [chrome.dll - webviewimpl.cpp:1362] WebKit::WebViewImpl::caretOrSelectionBounds() 0x6c4eb04d [chrome.dll - render_widget.cc:877] RenderWidget::UpdateInputMethod() 0x6c4ea4e7 [chrome.dll - render_widget.cc:525] RenderWidget::DoDeferredUpdate() 0x6c4ea14d [chrome.dll - render_widget.cc:426] RenderWidget::CallDoDeferredUpdate() 0x6c4ec0c7 [chrome.dll - task.h:323] RunnableMethod<RenderWidget,void ( RenderWidget::*)(void),Tuple0>::Run() 0x6c48c910 [chrome.dll - message_loop.cc:340] MessageLoop::RunTask(Task *) 0x6c48c99c [chrome.dll - message_loop.cc:349] MessageLoop::DeferOrRunPendingTask(MessageLoop::PendingTask const &) 0x6c48cb32 [chrome.dll - message_loop.cc:460] MessageLoop::DoWork() 0x6c49d878 [chrome.dll - message_pump_default.cc:50] base::MessagePumpDefault::Run(base::MessagePump::Delegate *) 0x6c48c74a [chrome.dll - message_loop.cc:214] MessageLoop::RunInternal() 0x6c48c6cf [chrome.dll - message_loop.cc:186] MessageLoop::RunHandler() 0x6c48c67d [chrome.dll - message_loop.cc:164] MessageLoop::Run() 0x6c4b0173 [chrome.dll - renderer_main.cc:292] RendererMain(MainFunctionParams const &) 0x6c3d3b97 [chrome.dll - chrome_dll_main.cc:760] ChromeMain 0x00083891 [chrome.exe - client_util.cc:256] MainDllLoader::Launch(HINSTANCE__ *,sandbox::SandboxInterfaceInfo *) 0x0008532d [chrome.exe - chrome_exe_main.cc:46] wWinMain 0x000c6d90 [chrome.exe - crt0.c:263] __tmainCRTStartup 0x75b83676 [kernel32.dll + 0x00013676] BaseThreadInitThunk 0x77ce9d71 [ntdll.dll + 0x00039d71] __RtlUserThreadStart 0x77ce9d44 [ntdll.dll + 0x00039d44] _RtlUserThreadStart 244108 1 59987 suzhe 2010-06-28 22:45:30 -0700 Created attachment 59987 Patch to fix this crash. 244383 2 59987 commit-queue 2010-06-29 11:08:42 -0700 Comment on attachment 59987 Patch to fix this crash. Clearing flags on attachment: 59987 Committed r62136: <http://trac.webkit.org/changeset/62136> 244384 3 commit-queue 2010-06-29 11:08:46 -0700 All reviewed patches have been landed. Closing bug. 59987 2010-06-28 22:45:30 -0700 2010-06-29 11:08:42 -0700 Patch to fix this crash. webkit-crash.diff text/plain 1159 suzhe SW5kZXg6IFdlYktpdC9jaHJvbWl1bS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gV2ViS2l0L2No cm9taXVtL0NoYW5nZUxvZwkocmV2aXNpb24gNjIwODYpCisrKyBXZWJLaXQvY2hyb21pdW0vQ2hh bmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTAtMDYtMjggIFpoZSBT dSAgPHN1emhlQGNocm9taXVtLm9yZz4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBBIGNyYXNoIGNhdXNlZCBieSB0aGUgcGF0Y2ggb2YgYnVnIDQwNjA4 LgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9NDEzMzQK KworICAgICAgICAqIHNyYy9XZWJWaWV3SW1wbC5jcHA6CisgICAgICAgIChXZWJLaXQ6OldlYlZp ZXdJbXBsOjpjYXJldE9yU2VsZWN0aW9uQm91bmRzKToKKwogMjAxMC0wNi0yMyAgSm9obiBHcmVn ZyAgPGpvaG5ueWdAZ29vZ2xlLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBieSBLZW50IFRhbXVy YS4KSW5kZXg6IFdlYktpdC9jaHJvbWl1bS9zcmMvV2ViVmlld0ltcGwuY3BwCj09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0K LS0tIFdlYktpdC9jaHJvbWl1bS9zcmMvV2ViVmlld0ltcGwuY3BwCShyZXZpc2lvbiA2MjA4NikK KysrIFdlYktpdC9jaHJvbWl1bS9zcmMvV2ViVmlld0ltcGwuY3BwCSh3b3JraW5nIGNvcHkpCkBA IC0xMjg2LDYgKzEyODYsMTAgQEAgV2ViUmVjdCBXZWJWaWV3SW1wbDo6Y2FyZXRPclNlbGVjdGlv bkJvdQogICAgIGlmICghdmlldykKICAgICAgICAgcmV0dXJuIHJlY3Q7CiAKKyAgICBjb25zdCBO b2RlKiBub2RlID0gY29udHJvbGxlci0+c3RhcnQoKS5ub2RlKCk7CisgICAgaWYgKCFub2RlIHx8 ICFub2RlLT5yZW5kZXJlcigpKQorICAgICAgICByZXR1cm4gcmVjdDsKKwogICAgIGlmIChjb250 cm9sbGVyLT5pc0NhcmV0KCkpCiAgICAgICAgIHJlY3QgPSB2aWV3LT5jb250ZW50c1RvV2luZG93 KGNvbnRyb2xsZXItPmFic29sdXRlQ2FyZXRCb3VuZHMoKSk7CiAgICAgZWxzZSBpZiAoY29udHJv bGxlci0+aXNSYW5nZSgpKSB7Cg==