Bug 13896

Summary: REGRESSION (NativePopup): Reproducible crasher on Google Coop control panel
Product: WebKit Reporter: Olivier Gutknecht <olivierg>
Component: FormsAssignee: Nobody <webkit-unassigned>
Status: VERIFIED FIXED    
Severity: Normal CC: mitz
Priority: P1 Keywords: HasReduction, Regression
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
URL: http://ol.g.free.fr/tests/coop.html
Attachments:
Description Flags
crash report
none
Reduction (will crash)
none
Do not try to compute style for options and option groups if their parents have no style darin: review+

Description Olivier Gutknecht 2007-05-28 04:08:39 PDT 
Version: WebKit 522+, r21819
Platform: Mac OS X 10.4.9 8P135 PowerPC 
System configuration: PowerMac7,3, Dual PowerPC G5, 2 GB, 6800 GT DDL

Summary:

When accessing the control panel for a Google Coop custom search engine, on the "sites" tab, WebKit crashes in WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned) const + 28

This is 100% reproducible in my setup. 

How to reproduce:

The extracted HTML source is sufficient to provoke the crash (uploaded at URL). To recreate the setup:
- go to http://www.google.com/coop
- create a new custom search engine, add a site to search in the list
- go to the control panel for the newly created search
- click on the "sites" settings link  


Regression:

Does not happen on Safari 2.0.4 (419.3)
Does not happen on Gecko/20070309 Firefox/2.0.0.3
Comment 1 Olivier Gutknecht 2007-05-28 04:10:11 PDT 
Created attachment 14754 [details]
crash report

Uploaded crash report
Comment 2 mitz 2007-05-28 05:16:34 PDT 
ASSERTION FAILED: m_fontList
(/WebKit/WebCore/platform/Font.cpp:449 const WebCore::FontData* WebCore::Font::primaryFont() const)
Comment 3 mitz 2007-05-28 05:22:36 PDT 
Created attachment 14755 [details]
Reduction (will crash)
Comment 4 mitz 2007-05-28 06:32:28 PDT 
Created attachment 14757 [details]
Do not try to compute style for options and option groups if their parents have no style
Comment 5 Darin Adler 2007-05-28 09:55:20 PDT 
Comment on attachment 14757 [details]
Do not try to compute style for options and option groups if their parents have no style

Why do these classes do the work in attach instead of recalcStyle?

r=me
Comment 6 Sam Weinig 2007-05-28 13:25:40 PDT 
Landed in r21847.
Comment 7 Olivier Gutknecht 2007-05-29 13:38:29 PDT 
Verified it fixes the initial issue with Google Coop (r21854 nightly)