Bug 122776

Summary:

Crash in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine

Product:

WebKit

Reporter:

Ryosuke Niwa <rniwa>

Component:

Layout and Rendering

Assignee:

Ryosuke Niwa <rniwa>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

commit-queue, darin, enrica, esprehn+autocc, glenn, kondapallykalyan, mitz, mmaxfield, roger_fong, webkit-bug-importer

Priority:

Keywords:

BlinkMergeCandidate, InRadar

Version:

528+ (Nightly build)

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Fixes the bug	darin: review+, darin: commit-queue-

Ryosuke Niwa

Reported 2013-10-14 13:57:55 PDT

Crash in WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>::createBidiRunsForLine

Attachments
Fixes the bug (4.76 KB, patch) 2013-10-14 13:58 PDT, Ryosuke Niwa	darin: review+ darin: commit-queue-	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Ryosuke Niwa

Comment 1 2013-10-14 13:58:49 PDT

Created attachment 214185 [details] Fixes the bug

Ryosuke Niwa

Comment 2 2013-10-14 14:25:08 PDT

Merge https://chromium.googlesource.com/chromium/blink/+/aca89bc4d984705a1f94b623dae0ab03e239a248 https://code.google.com/p/chromium/issues/detail?id=166847

Alexey Proskuryakov

Comment 3 2013-10-14 14:44:17 PDT

Comment on attachment 214185 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=214185&action=review > LayoutTests/fast/text/whitespace/whitespace-and-margin-wrap-after-list-marker-crash.html:7 > + testRunner.dumpAsText(); Indentation.

Ryosuke Niwa

Comment 4 2013-10-14 14:50:48 PDT

(In reply to comment #3) > (From update of attachment 214185 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=214185&action=review > > > LayoutTests/fast/text/whitespace/whitespace-and-margin-wrap-after-list-marker-crash.html:7 > > + testRunner.dumpAsText(); > > Indentation. Will fix.

Darin Adler

Comment 5 2013-10-14 16:01:42 PDT

Comment on attachment 214185 [details] Fixes the bug View in context: https://bugs.webkit.org/attachment.cgi?id=214185&action=review > Source/WebCore/ChangeLog:29 > + While looking at the code, I also discovered we used INT_MAX as a magic value > + for a midpoint's position, but the variable is actually an unsigned. I changed > + the magic value to be UINT_MAX. I don’t see this change.

Ryosuke Niwa

Comment 6 2013-10-14 16:57:09 PDT

(In reply to comment #5) > (From update of attachment 214185 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=214185&action=review > > > Source/WebCore/ChangeLog:29 > > + While looking at the code, I also discovered we used INT_MAX as a magic value > > + for a midpoint's position, but the variable is actually an unsigned. I changed > > + the magic value to be UINT_MAX. > > I don’t see this change. Oops, you're right. That's because we already have this fix in WebKit.

Ryosuke Niwa

Comment 7 2013-10-14 20:00:15 PDT

Landed in http://trac.webkit.org/changeset/157436.

Radar WebKit Bug Importer

Comment 8 2013-10-14 23:18:09 PDT

<rdar://problem/15228657>

Note You need to log in before you can comment on or make changes to this bug.