Bug 167756

Summary: Nullptr crash under styleForFirstLetter
Product: WebKit Reporter: Antti Koivisto <koivisto>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, esprehn+autocc, glenn, kondapallykalyan, simon.fraser, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
possible patch
none
possible patch none

Antti Koivisto
Reported 2017-02-02 14:23:36 PST
Thread 0 name: Dispatch queue: com.apple.main-thread Thread 0 Crashed ↩: 0 WebCore 0x1fb5bd26 WebCore::RenderStyle::clone(WebCore::RenderStyle const&) + 0 (Ref.h:142) 1 WebCore 0x1fabdcda WebCore::styleForFirstLetter(WebCore::RenderElement const&, WebCore::RenderObject const&) + 86 (RenderBlock.cpp:3020) 2 WebCore 0x1fabe1ac WebCore::RenderBlock::createFirstLetterRenderer(WebCore::RenderElement*, WebCore::RenderText*) + 24 (RenderBlock.cpp:3144) 3 WebCore 0x1fabe678 WebCore::RenderBlock::updateFirstLetter(WebCore::RenderBlock::RenderTreeMutationIsAllowed) + 96 (RenderBlock.cpp:3296) 4 WebCore 0x1f173ef8 WebCore::RenderBlock::layout() + 30 (RenderBlock.cpp:1056) 5 WebCore 0x1fac6fde WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox&) + 356 (RenderElement.h:129) 6 WebCore 0x1f9d97f6 WebCore::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::FloatingObject*, WebCore::LineWidth&) + 326 (LineBreaker.cpp:69) 7 WebCore 0x1f9d9974 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::LineLayoutState&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) + 174 (LineBreaker.cpp:90) 8 WebCore 0x1fad1fda WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 634 (RenderBlockLineLayout.cpp:1371) 9 WebCore 0x1fad1092 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 680 (RenderBlockLineLayout.cpp:1324) 10 WebCore 0x1fad3fd6 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 1298 (RenderBlockLineLayout.cpp:1750) 11 WebCore 0x1fac5e34 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 880 (RenderBlockFlow.cpp:686) 12 WebCore 0x1f173f06 WebCore::RenderBlock::layout() + 44 (RenderBlock.cpp:1060)
Attachments
possible patch (1.91 KB, application/octet-stream)
2017-02-02 14:38 PST, Antti Koivisto 		no flags
Details
possible patch (1.94 KB, patch)
2017-02-02 14:39 PST, Antti Koivisto 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Antti Koivisto
Comment 1 2017-02-02 14:38:20 PST
Created attachment 300450 [details] possible patch
Antti Koivisto
Comment 2 2017-02-02 14:38:46 PST
rdar://problem/30029354
Antti Koivisto
Comment 3 2017-02-02 14:39:44 PST
Created attachment 300451 [details] possible patch
WebKit Commit Bot
Comment 4 2017-02-09 08:33:46 PST
Comment on attachment 300451 [details] possible patch Clearing flags on attachment: 300451 Committed r211957: <http://trac.webkit.org/changeset/211957>
WebKit Commit Bot
Comment 5 2017-02-09 08:33:51 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.