Bug 19525

Summary: -webkit-box-reflect in hyperlink causes webkit to crash
Product: WebKit Reporter: Trevor Downs <cyberskull>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: mitz
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac (PowerPC)   
OS: OS X 10.5   
Attachments:
Description Flags
A FAQ I am performing stylistic cleaning up on.
none
Log for one of the crashes.
none
Another crash log for this incident
none
Suppress reflections of inline flows hyatt: review+

Trevor Downs
Reported 2008-06-12 15:52:00 PDT
I'm using Mac OS X 10.5.3 PPC and today's build of WebKit. In the attached document I tried to put a reflection effect on a link. It did not render and when I tried to select the text it caused the browser to crash. I've tried 3 times. To recreate: 1. open the attached HTML file. 2. On the second line try to highlight "CyberSkull" 3. Spinning marble of doom, then crash.
Attachments
A FAQ I am performing stylistic cleaning up on. (28.87 KB, text/html)
2008-06-12 15:53 PDT, Trevor Downs 		no flags
Details
Log for one of the crashes. (23.56 KB, text/plain)
2008-06-12 15:54 PDT, Trevor Downs 		no flags
Details
Another crash log for this incident (23.56 KB, text/plain)
2008-06-12 15:55 PDT, Trevor Downs 		no flags
Details
Suppress reflections of inline flows (41.57 KB, patch)
2008-07-15 15:00 PDT, mitz 		hyatt: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Trevor Downs
Comment 1 2008-06-12 15:53:37 PDT
Created attachment 21666 [details] A FAQ I am performing stylistic cleaning up on.
Trevor Downs
Comment 2 2008-06-12 15:54:46 PDT
Created attachment 21667 [details] Log for one of the crashes.
Trevor Downs
Comment 3 2008-06-12 15:55:20 PDT
Created attachment 21668 [details] Another crash log for this incident
Matt Lilek
Comment 4 2008-06-12 18:21:45 PDT
Confirmed with ToT. Debug stack trage: Thread 0 Crashed: 0 com.apple.WebCore 0x0286ad73 WebCore::RenderLayer::reflection() const + 9 (RenderLayer.h:220) 1 com.apple.WebCore 0x02873cff WebCore::RenderBox::computeAbsoluteRepaintRect(WebCore::IntRect&, bool) + 245 (RenderBox.cpp:1104) 2 com.apple.WebCore 0x028bd09a WebCore::RenderObject::computeAbsoluteRepaintRect(WebCore::IntRect&, bool) + 448 (RenderObject.cpp:2013) 3 com.apple.WebCore 0x028edcfd WebCore::RenderText::selectionRect(bool) + 519 (RenderText.cpp:1080) 4 com.apple.WebCore 0x0290b87c WebCore::RenderObject::SelectionInfo::SelectionInfo(WebCore::RenderObject*, bool) + 92 5 com.apple.WebCore 0x0290aabd WebCore::RenderView::setSelection(WebCore::RenderObject*, int, WebCore::RenderObject*, int) + 1467 (RenderView.cpp:357) 6 com.apple.WebCore 0x026062c7 WebCore::Frame::selectionLayoutChanged() + 999 (Frame.cpp:631) 7 com.apple.WebCore 0x02a3d368 WebCore::SelectionController::setSelection(WebCore::Selection const&, bool, bool, bool) + 648 (SelectionController.cpp:143)
mitz
Comment 5 2008-06-12 22:11:51 PDT
<rdar://problem/5961768> is essentially the same issue.
mitz
Comment 6 2008-07-15 15:00:15 PDT
Created attachment 22291 [details] Suppress reflections of inline flows This proved to be hard to do in adjustRenderStyle() because there is no easy way to tell the that element is going to be an inline flow, so instead this patch just overrides the flag on the renderer.
Dave Hyatt
Comment 7 2008-07-15 15:00:59 PDT
Comment on attachment 22291 [details] Suppress reflections of inline flows r=me
mitz
Comment 8 2008-07-15 15:53:54 PDT
Fixed in <http://trac.webkit.org/changeset/35186>.
Note You need to log in before you can comment on or make changes to this bug.