70392 2011-10-18 18:08:31 -0700 Multiple crashes in RenderTable during layout 2011-10-19 18:35:41 -0700 1 1 1 Unclassified WebKit Tables 528+ (Nightly build) All All RESOLVED FIXED P1 Normal --- 1 jchaffraix jchaffraix jamesr robert simon.fraser webkit.review.bot oldest_to_newest 486488 0 jchaffraix 2011-10-18 18:08:31 -0700 Following r97555, there is several crashes reported either in RenderTable::layout or RenderTable::computeLogicalWidth. It looks like this is due to the following lines: RenderTable::computeLogicalWidth > if (!node()->hasTagName(tableTag)) { RenderTable::layout > LayoutUnit borders = node()->hasTagName(tableTag) ? (borderAndPaddingBefore + borderAndPaddingAfter) : 0; If we have an anonymous table, Node::hasTagName will happily do a NULL-dereferencing. Patch coming soon in a bugzilla near you. 486509 1 111550 jchaffraix 2011-10-18 18:39:28 -0700 Created attachment 111550 Proposed fix: Check node() in 2 call sites. 487201 2 111550 webkit.review.bot 2011-10-19 18:35:37 -0700 Comment on attachment 111550 Proposed fix: Check node() in 2 call sites. Clearing flags on attachment: 111550 Committed r97907: <http://trac.webkit.org/changeset/97907> 487202 3 webkit.review.bot 2011-10-19 18:35:41 -0700 All reviewed patches have been landed. Closing bug. 111550 2011-10-18 18:39:28 -0700 2011-10-19 18:35:37 -0700 Proposed fix: Check node() in 2 call sites. bug-70392-20111018183927.patch text/plain 6132 jchaffraix U3VidmVyc2lvbiBSZXZpc2lvbjogOTc3OTEKZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJDb3JlL0No YW5nZUxvZyBiL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCA0M2I0Y2IyMWY4MTc1MGZk ZWViNzE5MWVkNTg5YWNiMWE0ZmNmMjUyLi4yZjg0ODUyODIyMmZhNDM5MWNhZGNkYTc5ODNjYmNl ODJiNGViNTc0IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvU291 cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCkBAIC0xLDUgKzEsMjMgQEAKIDIwMTEtMTAtMTggIEp1bGll biBDaGFmZnJhaXggIDxqY2hhZmZyYWl4QHdlYmtpdC5vcmc+CiAKKyAgICAgICAgTXVsdGlwbGUg Y3Jhc2hlcyBpbiBSZW5kZXJUYWJsZSBkdXJpbmcgbGF5b3V0CisgICAgICAgIGh0dHBzOi8vYnVn cy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03MDM5MgorCisgICAgICAgIFJldmlld2VkIGJ5 IE5PQk9EWSAoT09QUyEpLgorCisgICAgICAgIFRlc3RzOiBmYXN0L3RhYmxlL2NyYXNoLWFub255 bW91cy10YWJsZS1jb21wdXRlTG9naWNhbFdpZHRoLmh0bWwKKyAgICAgICAgICAgICAgIGZhc3Qv dGFibGUvY3Jhc2gtYW5vbnltb3VzLXRhYmxlLWxheW91dC5odG1sCisKKyAgICAgICAgcjk3NTU1 IGZvcmdvdCB0byB0YWtlIGludG8gYWNjb3VudCBhbm9ueW1vdXMgdGFibGVzIGR1cmluZyBsYXlv dXQKKyAgICAgICAgd2hlcmUgUmVuZGVyT2JqZWN0Ojpub2RlKCkgaXMgTlVMTC4KKworICAgICAg ICAqIHJlbmRlcmluZy9SZW5kZXJUYWJsZS5jcHA6CisgICAgICAgIChXZWJDb3JlOjpSZW5kZXJU YWJsZTo6Y29tcHV0ZUxvZ2ljYWxXaWR0aCk6CisgICAgICAgIChXZWJDb3JlOjpSZW5kZXJUYWJs ZTo6bGF5b3V0KToKKyAgICAgICAgQWRkZWQgYSBjaGVjayBmb3Igbm9kZSgpIGJlZm9yZSBjYWxs aW5nIE5vZGU6Omhhc1RhZ05hbWUuCisKKzIwMTEtMTAtMTggIEp1bGllbiBDaGFmZnJhaXggIDxq Y2hhZmZyYWl4QHdlYmtpdC5vcmc+CisKICAgICAgICAgQ3Jhc2ggaW4gUmVuZGVyRGVwcmVjYXRl ZEZsZXhpYmxlQm94OjpsYXlvdXRIb3Jpem9udGFsQm94CiAgICAgICAgIGh0dHBzOi8vYnVncy53 ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD03MDE4MwogCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2Vi Q29yZS9yZW5kZXJpbmcvUmVuZGVyVGFibGUuY3BwIGIvU291cmNlL1dlYkNvcmUvcmVuZGVyaW5n L1JlbmRlclRhYmxlLmNwcAppbmRleCAyOGI4MzZjOTRlZTdiZWFiZDgzMGFlN2RjMzU5NDgwOGE5 ZDU1MzdkLi43YzU4ODdmMTM2Y2JlYzI5MmU0Zjk4OGRiYTBjZWY5OGYyN2U4YTYxIDEwMDY0NAot LS0gYS9Tb3VyY2UvV2ViQ29yZS9yZW5kZXJpbmcvUmVuZGVyVGFibGUuY3BwCisrKyBiL1NvdXJj ZS9XZWJDb3JlL3JlbmRlcmluZy9SZW5kZXJUYWJsZS5jcHAKQEAgLTIzOSw3ICsyMzksNyBAQCB2 b2lkIFJlbmRlclRhYmxlOjpjb21wdXRlTG9naWNhbFdpZHRoKCkKICAgICAgICAgLy8gUGVyY2Vu dCBvciBmaXhlZCB0YWJsZQogICAgICAgICAvLyBIVE1MIHRhYmxlcyBzaXplIGFzIHRob3VnaCBD U1Mgd2lkdGggaW5jbHVkZXMgYm9yZGVyL3BhZGRpbmcsIENTUyB0YWJsZXMgZG8gbm90LgogICAg ICAgICBMYXlvdXRVbml0IGJvcmRlcnMgPSAwOwotICAgICAgICBpZiAoIW5vZGUoKS0+aGFzVGFn TmFtZSh0YWJsZVRhZykpIHsKKyAgICAgICAgaWYgKCFub2RlKCkgfHwgIW5vZGUoKS0+aGFzVGFn TmFtZSh0YWJsZVRhZykpIHsKICAgICAgICAgICAgIGJvb2wgY29sbGFwc2luZyA9IGNvbGxhcHNl Qm9yZGVycygpOwogICAgICAgICAgICAgTGF5b3V0VW5pdCBib3JkZXJBbmRQYWRkaW5nQmVmb3Jl ID0gYm9yZGVyQmVmb3JlKCkgKyAoY29sbGFwc2luZyA/IDAgOiBwYWRkaW5nQmVmb3JlKCkpOwog ICAgICAgICAgICAgTGF5b3V0VW5pdCBib3JkZXJBbmRQYWRkaW5nQWZ0ZXIgPSBib3JkZXJBZnRl cigpICsgKGNvbGxhcHNpbmcgPyAwIDogcGFkZGluZ0FmdGVyKCkpOwpAQCAtMzY5LDcgKzM2OSw3 IEBAIHZvaWQgUmVuZGVyVGFibGU6OmxheW91dCgpCiAgICAgTGF5b3V0VW5pdCBjb21wdXRlZExv Z2ljYWxIZWlnaHQgPSAwOwogICAgIGlmIChsb2dpY2FsSGVpZ2h0TGVuZ3RoLmlzRml4ZWQoKSkg ewogICAgICAgICAvLyBIVE1MIHRhYmxlcyBzaXplIGFzIHRob3VnaCBDU1MgaGVpZ2h0IGluY2x1 ZGVzIGJvcmRlci9wYWRkaW5nLCBDU1MgdGFibGVzIGRvIG5vdC4KLSAgICAgICAgTGF5b3V0VW5p dCBib3JkZXJzID0gbm9kZSgpLT5oYXNUYWdOYW1lKHRhYmxlVGFnKSA/IChib3JkZXJBbmRQYWRk aW5nQmVmb3JlICsgYm9yZGVyQW5kUGFkZGluZ0FmdGVyKSA6IDA7CisgICAgICAgIExheW91dFVu aXQgYm9yZGVycyA9IG5vZGUoKSAmJiBub2RlKCktPmhhc1RhZ05hbWUodGFibGVUYWcpID8gKGJv cmRlckFuZFBhZGRpbmdCZWZvcmUgKyBib3JkZXJBbmRQYWRkaW5nQWZ0ZXIpIDogMDsKICAgICAg ICAgY29tcHV0ZWRMb2dpY2FsSGVpZ2h0ID0gbG9naWNhbEhlaWdodExlbmd0aC52YWx1ZSgpIC0g Ym9yZGVyczsKICAgICB9IGVsc2UgaWYgKGxvZ2ljYWxIZWlnaHRMZW5ndGguaXNQZXJjZW50KCkp CiAgICAgICAgIGNvbXB1dGVkTG9naWNhbEhlaWdodCA9IGNvbXB1dGVQZXJjZW50YWdlTG9naWNh bEhlaWdodChsb2dpY2FsSGVpZ2h0TGVuZ3RoKTsKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0No YW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCAzOGQyNTQxODE3NTdiZThhZDNh YjE1NzQ5NWZlMjIyYjM3MmZlMTU5Li44YjE4MjkwZWRmOGQ0MjI5Y2NjM2YxYjQ1OGY4ODcwOWY2 MTkwODljIDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVz dHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTEtMTAtMTggIEp1bGllbiBDaGFmZnJh aXggIDxqY2hhZmZyYWl4QHdlYmtpdC5vcmc+CisKKyAgICAgICAgTXVsdGlwbGUgY3Jhc2hlcyBp biBSZW5kZXJUYWJsZSBkdXJpbmcgbGF5b3V0CisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQu b3JnL3Nob3dfYnVnLmNnaT9pZD03MDM5MgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAo T09QUyEpLgorCisgICAgICAgICogZmFzdC90YWJsZS9jcmFzaC1hbm9ueW1vdXMtdGFibGUtY29t cHV0ZUxvZ2ljYWxXaWR0aC1leHBlY3RlZC50eHQ6IEFkZGVkLgorICAgICAgICAqIGZhc3QvdGFi bGUvY3Jhc2gtYW5vbnltb3VzLXRhYmxlLWNvbXB1dGVMb2dpY2FsV2lkdGguaHRtbDogQWRkZWQu CisgICAgICAgICogZmFzdC90YWJsZS9jcmFzaC1hbm9ueW1vdXMtdGFibGUtbGF5b3V0LWV4cGVj dGVkLnR4dDogQWRkZWQuCisgICAgICAgICogZmFzdC90YWJsZS9jcmFzaC1hbm9ueW1vdXMtdGFi bGUtbGF5b3V0Lmh0bWw6IEFkZGVkLgorCiAyMDExLTEwLTE4ICBHYXZpbiBCYXJyYWNsb3VnaCAg PGJhcnJhY2xvdWdoQGFwcGxlLmNvbT4KIAogICAgICAgICBBcnJheS5wcm90b3R5cGUgbWV0aG9k cyBtaXNzaW5nIGV4Y2VwdGlvbiBjaGVja3MKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3Qv dGFibGUvY3Jhc2gtYW5vbnltb3VzLXRhYmxlLWNvbXB1dGVMb2dpY2FsV2lkdGgtZXhwZWN0ZWQu dHh0IGIvTGF5b3V0VGVzdHMvZmFzdC90YWJsZS9jcmFzaC1hbm9ueW1vdXMtdGFibGUtY29tcHV0 ZUxvZ2ljYWxXaWR0aC1leHBlY3RlZC50eHQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAw MDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC4uYTJlZjViN2NjYzdlYzBmZWM2 MGY0YTRlMWIzYjVjMTMxMWUxZmNjNgotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2Zh c3QvdGFibGUvY3Jhc2gtYW5vbnltb3VzLXRhYmxlLWNvbXB1dGVMb2dpY2FsV2lkdGgtZXhwZWN0 ZWQudHh0CkBAIC0wLDAgKzEsMiBAQAorQnVnIDcwMzkyOiBNdWx0aXBsZSBjcmFzaGVzIGluIFJl bmRlclRhYmxlIGR1cmluZyBsYXlvdXQKK1RoaXMgdGVzdCBwYXNzZXMgaWYgaXQgZG9lcyBub3Qg Q1JBU0guCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L3RhYmxlL2NyYXNoLWFub255bW91 cy10YWJsZS1jb21wdXRlTG9naWNhbFdpZHRoLmh0bWwgYi9MYXlvdXRUZXN0cy9mYXN0L3RhYmxl L2NyYXNoLWFub255bW91cy10YWJsZS1jb21wdXRlTG9naWNhbFdpZHRoLmh0bWwKbmV3IGZpbGUg bW9kZSAxMDA3NTUKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MC4uZjFhOWVjOGUxZWRhMGFlOGM4MmIzMmRlZDRkNGEwMTJiNjFjYTg0ZAotLS0gL2Rldi9udWxs CisrKyBiL0xheW91dFRlc3RzL2Zhc3QvdGFibGUvY3Jhc2gtYW5vbnltb3VzLXRhYmxlLWNvbXB1 dGVMb2dpY2FsV2lkdGguaHRtbApAQCAtMCwwICsxLDE3IEBACis8IURPQ1RZUEUgaHRtbD4KKzxo dG1sPgorPGhlYWQ+Cis8c3R5bGU+CisudGFibGVCZWZvcmU6YmVmb3JlIHsgZGlzcGxheTogaW5s aW5lLXRhYmxlOyBjb250ZW50OiB1cmwoZGF0YTp0ZXh0L3BsYWluLGZvbyk7IHdpZHRoOiAxMHB4 OyB9Cis8L3N0eWxlPgorPHNjcmlwdD4KKyAgICBpZiAod2luZG93LmxheW91dFRlc3RDb250cm9s bGVyKQorICAgICAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7Cis8L3Njcmlw dD4KKzwvaGVhZD4KKzxib2R5PgorPGRpdiBjbGFzcz0idGFibGVCZWZvcmUiPjwvZGl2PgorPGRp dj5CdWcgPGEgaHJlZj0iaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTcw MzkyIj43MDM5MjwvYT46IE11bHRpcGxlIGNyYXNoZXMgaW4gUmVuZGVyVGFibGUgZHVyaW5nIGxh eW91dDwvZGl2PgorPGRpdj5UaGlzIHRlc3QgcGFzc2VzIGlmIGl0IGRvZXMgbm90IENSQVNILjwv ZGl2PgorPC9ib2R5PgorPC9odG1sPgpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvZmFzdC90YWJs ZS9jcmFzaC1hbm9ueW1vdXMtdGFibGUtbGF5b3V0LWV4cGVjdGVkLnR4dCBiL0xheW91dFRlc3Rz L2Zhc3QvdGFibGUvY3Jhc2gtYW5vbnltb3VzLXRhYmxlLWxheW91dC1leHBlY3RlZC50eHQKbmV3 IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMC4uYTJlZjViN2NjYzdlYzBmZWM2MGY0YTRlMWIzYjVjMTMxMWUxZmNjNgotLS0gL2Rl di9udWxsCisrKyBiL0xheW91dFRlc3RzL2Zhc3QvdGFibGUvY3Jhc2gtYW5vbnltb3VzLXRhYmxl LWxheW91dC1leHBlY3RlZC50eHQKQEAgLTAsMCArMSwyIEBACitCdWcgNzAzOTI6IE11bHRpcGxl IGNyYXNoZXMgaW4gUmVuZGVyVGFibGUgZHVyaW5nIGxheW91dAorVGhpcyB0ZXN0IHBhc3NlcyBp ZiBpdCBkb2VzIG5vdCBDUkFTSC4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvdGFibGUv Y3Jhc2gtYW5vbnltb3VzLXRhYmxlLWxheW91dC5odG1sIGIvTGF5b3V0VGVzdHMvZmFzdC90YWJs ZS9jcmFzaC1hbm9ueW1vdXMtdGFibGUtbGF5b3V0Lmh0bWwKbmV3IGZpbGUgbW9kZSAxMDA3NTUK aW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMC4uNDQ1MTM4NGVm NDQ1YjYyZTU3ZTI2MTdmOTQwNDQ1ODcyOWJhODVjZAotLS0gL2Rldi9udWxsCisrKyBiL0xheW91 dFRlc3RzL2Zhc3QvdGFibGUvY3Jhc2gtYW5vbnltb3VzLXRhYmxlLWxheW91dC5odG1sCkBAIC0w LDAgKzEsMTcgQEAKKzwhRE9DVFlQRSBodG1sPgorPGh0bWw+Cis8aGVhZD4KKzxzdHlsZT4KKy50 YWJsZUFmdGVyOjphZnRlciB7IGRpc3BsYXk6IHRhYmxlOyBjb250ZW50OiBhdHRyKGNsYXNzKTsg aGVpZ2h0OiAxcHg7IH0KKzwvc3R5bGU+Cis8c2NyaXB0PgorICAgIGlmICh3aW5kb3cubGF5b3V0 VGVzdENvbnRyb2xsZXIpCisgICAgICAgIGxheW91dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQo KTsKKzwvc2NyaXB0PgorPC9oZWFkPgorPGJvZHk+Cis8ZGl2IGNsYXNzPSJ0YWJsZUFmdGVyIj48 L2Rpdj4KKzxkaXY+QnVnIDxhIGhyZWY9Imh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVn LmNnaT9pZD03MDM5MiI+NzAzOTI8L2E+OiBNdWx0aXBsZSBjcmFzaGVzIGluIFJlbmRlclRhYmxl IGR1cmluZyBsYXlvdXQ8L2Rpdj4KKzxkaXY+VGhpcyB0ZXN0IHBhc3NlcyBpZiBpdCBkb2VzIG5v dCBDUkFTSC48L2Rpdj4KKzwvYm9keT4KKzwvaHRtbD4K