Bug 167756

Summary:

Nullptr crash under styleForFirstLetter

Product:

WebKit

Reporter:

Antti Koivisto <koivisto>

Component:

Layout and Rendering

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, commit-queue, esprehn+autocc, glenn, kondapallykalyan, simon.fraser, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
possible patch	none
possible patch	none

Description Antti Koivisto 2017-02-02 14:23:36 PST

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed ↩:
0   WebCore                       	0x1fb5bd26 WebCore::RenderStyle::clone(WebCore::RenderStyle const&) + 0 (Ref.h:142)
1   WebCore                       	0x1fabdcda WebCore::styleForFirstLetter(WebCore::RenderElement const&, WebCore::RenderObject const&) + 86 (RenderBlock.cpp:3020)
2   WebCore                       	0x1fabe1ac WebCore::RenderBlock::createFirstLetterRenderer(WebCore::RenderElement*, WebCore::RenderText*) + 24 (RenderBlock.cpp:3144)
3   WebCore                       	0x1fabe678 WebCore::RenderBlock::updateFirstLetter(WebCore::RenderBlock::RenderTreeMutationIsAllowed) + 96 (RenderBlock.cpp:3296)
4   WebCore                       	0x1f173ef8 WebCore::RenderBlock::layout() + 30 (RenderBlock.cpp:1056)
5   WebCore                       	0x1fac6fde WebCore::RenderBlockFlow::insertFloatingObject(WebCore::RenderBox&) + 356 (RenderElement.h:129)
6   WebCore                       	0x1f9d97f6 WebCore::LineBreaker::skipLeadingWhitespace(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::FloatingObject*, WebCore::LineWidth&) + 326 (LineBreaker.cpp:69)
7   WebCore                       	0x1f9d9974 WebCore::LineBreaker::nextLineBreak(WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::LineInfo&, WebCore::LineLayoutState&, WebCore::RenderTextInfo&, WebCore::FloatingObject*, unsigned int, WTF::Vector<WebCore::WordMeasurement, 64ul, WTF::CrashOnOverflow, 16ul>&) + 174 (LineBreaker.cpp:90)
8   WebCore                       	0x1fad1fda WebCore::RenderBlockFlow::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolverWithIsolate<WebCore::InlineIterator, WebCore::BidiRun, WebCore::BidiIsolatedRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 634 (RenderBlockLineLayout.cpp:1371)
9   WebCore                       	0x1fad1092 WebCore::RenderBlockFlow::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 680 (RenderBlockLineLayout.cpp:1324)
10  WebCore                       	0x1fad3fd6 WebCore::RenderBlockFlow::layoutLineBoxes(bool, WebCore::LayoutUnit&, WebCore::LayoutUnit&) + 1298 (RenderBlockLineLayout.cpp:1750)
11  WebCore                       	0x1fac5e34 WebCore::RenderBlockFlow::layoutBlock(bool, WebCore::LayoutUnit) + 880 (RenderBlockFlow.cpp:686)
12  WebCore                       	0x1f173f06 WebCore::RenderBlock::layout() + 44 (RenderBlock.cpp:1060)

Comment 1 Antti Koivisto 2017-02-02 14:38:20 PST

Created attachment 300450 [details]
possible patch

Comment 2 Antti Koivisto 2017-02-02 14:38:46 PST

rdar://problem/30029354

Comment 3 Antti Koivisto 2017-02-02 14:39:44 PST

Created attachment 300451 [details]
possible patch

Comment 4 WebKit Commit Bot 2017-02-09 08:33:46 PST

Comment on attachment 300451 [details]
possible patch

Clearing flags on attachment: 300451

Committed r211957: <http://trac.webkit.org/changeset/211957>

Comment 5 WebKit Commit Bot 2017-02-09 08:33:51 PST

All reviewed patches have been landed.  Closing bug.