Bug 28012

Summary: WML causes crash on Slashdot.org main page
Product: WebKit Reporter: red47514f7
Component: Layout and RenderingAssignee: George Staikos <staikos>
Status: RESOLVED FIXED    
Severity: Normal CC: jmalonzo, red47514f7, staikos, zimmermann
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
Attachments:
Description Flags
Reduction for slashdot.org crash
none
Patch and testcase to fix the bug jmalonzo: review+

red47514f7
Reported 2009-08-05 00:44:43 PDT
If I wget http://slashdot.org/ and just open it in a WebKit-based browser, everything is OK; of course, JavaScript loaded by relative URLs is not working. If I open http://slashdot.org/ in a webkit browser built against latest nightly (I tried two different browsers - uzbl and midori, both have the same regression when the same browser code is linked against too fresh WebKit instead of slightly older one), I see the Slashdot scripts composing a page, for a brief moment I even see nearly-complete rendering and then browser crashes.
Attachments
Reduction for slashdot.org crash (261 bytes, text/html)
2009-08-07 02:04 PDT, red47514f7 		no flags
Details
Patch and testcase to fix the bug (2.40 KB, patch)
2009-08-15 16:47 PDT, George Staikos 		jmalonzo: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
red47514f7
Comment 1 2009-08-05 06:27:05 PDT
Maybe I misclassified the bug because disabling one CSS file ( http://c.fsdn.com/sd/idlecore-tidied.css?T_2_5_0_266b ) fixes the problem. Bug was first filed when r46770 was fresh nightly. It appeared a few days earlier. gdb reports WebCore::RenderFieldset::findLegend Full backtrace minus paths and application part: #0 0xb7a0b9bf in WebCore::RenderFieldset::findLegend () #1 0xb7a0c83d in WebCore::RenderFieldset::calcPrefWidths () #2 0xb79f6d9b in WebCore::RenderBox::minPrefWidth () #3 0xb7a003d3 in WebCore::RenderBox::calcWidth () #4 0xb79e8cba in WebCore::RenderBlock::layoutBlock () #5 0xb79d6b18 in WebCore::RenderBlock::layout () #6 0xb79e865b in WebCore::RenderBlock::layoutBlockChildren () #7 0xb79e9311 in WebCore::RenderBlock::layoutBlock () #8 0xb79d6b18 in WebCore::RenderBlock::layout () #9 0xb79e865b in WebCore::RenderBlock::layoutBlockChildren () #10 0xb79e9311 in WebCore::RenderBlock::layoutBlock () #11 0xb79d6b18 in WebCore::RenderBlock::layout () #12 0xb79e865b in WebCore::RenderBlock::layoutBlockChildren () #13 0xb79e9311 in WebCore::RenderBlock::layoutBlock () #14 0xb79d6b18 in WebCore::RenderBlock::layout () #15 0xb79e865b in WebCore::RenderBlock::layoutBlockChildren () #16 0xb79e9311 in WebCore::RenderBlock::layoutBlock () #17 0xb79d6b18 in WebCore::RenderBlock::layout () #18 0xb79d896c in WebCore::RenderBlock::insertFloatingObject () #19 0xb79e3377 in WebCore::RenderBlock::handleFloatingChild () #20 0xb79e6313 in WebCore::RenderBlock::handleSpecialChild () #21 0xb79e84b9 in WebCore::RenderBlock::layoutBlockChildren () #22 0xb79e9311 in WebCore::RenderBlock::layoutBlock () #23 0xb79d6b18 in WebCore::RenderBlock::layout () #24 0xb79e865b in WebCore::RenderBlock::layoutBlockChildren () #25 0xb79e9311 in WebCore::RenderBlock::layoutBlock () #26 0xb79d6b18 in WebCore::RenderBlock::layout () #27 0xb79e865b in WebCore::RenderBlock::layoutBlockChildren () #28 0xb79e9311 in WebCore::RenderBlock::layoutBlock () #29 0xb79d6b18 in WebCore::RenderBlock::layout () #30 0xb79e865b in WebCore::RenderBlock::layoutBlockChildren () #31 0xb79e9311 in WebCore::RenderBlock::layoutBlock () #32 0xb79d6b18 in WebCore::RenderBlock::layout () #33 0xb79e865b in WebCore::RenderBlock::layoutBlockChildren () #34 0xb79e9311 in WebCore::RenderBlock::layoutBlock () #35 0xb79d6b18 in WebCore::RenderBlock::layout () #36 0xb7a6ff17 in WebCore::RenderView::layout () #37 0xb7932682 in WebCore::FrameView::layout () #38 0xb773c250 in WebCore::Document::updateLayout () #39 0xb774f5d9 in WebCore::Document::updateLayoutIgnorePendingStylesheets () #40 0xb76b684b in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue () #41 0xb76bcf98 in WebCore::CSSComputedStyleDeclaration::getPropertyCSSValue () #42 0xb76b5446 in WebCore::CSSComputedStyleDeclaration::getPropertyValue () #43 0xb76f6353 in WebCore::CSSStyleDeclaration::getPropertyValue () #44 0xb7cb66c4 in WebCore::jsCSSStyleDeclarationPrototypeFunctionGetPropertyValue ()
red47514f7
Comment 2 2009-08-05 23:09:33 PDT
Still crashes in r46809 nightly (just in case..)
red47514f7
Comment 3 2009-08-07 02:01:59 PDT
Simple reduction (derived from slashdot.org). <form> tag can be added if you wish so. <html> <head> <style> label{display:block;} </style> </head> <body> <fieldset> <label></label> a </fieldset> </body> </html>
red47514f7
Comment 4 2009-08-07 02:04:22 PDT
Created attachment 34261 [details] Reduction for slashdot.org crash <form> tag around <fieldset> is omitted for brevity. It would make no difference.
red47514f7
Comment 5 2009-08-07 03:32:36 PDT
Further investigating: it only ocurs when WML support was enabled during the build.
Jan Alonzo
Comment 6 2009-08-15 14:10:42 PDT
CC'ing Nikolas as he knows more about WML.
George Staikos
Comment 7 2009-08-15 14:42:46 PDT
I believe this is a regression of a bug that was fixed before. It's platform independent.
George Staikos
Comment 8 2009-08-15 16:47:03 PDT
Created attachment 34908 [details] Patch and testcase to fix the bug
George Staikos
Comment 9 2009-08-15 16:59:32 PDT
Bug # can be added when landing. It's in my local tree.
Jan Alonzo
Comment 10 2009-08-15 17:05:17 PDT
(In reply to comment #9) > Bug # can be added when landing. It's in my local tree. Looks ok. r=me.
George Staikos
Comment 11 2009-08-15 17:17:19 PDT
Checked in r47329
Note You need to log in before you can comment on or make changes to this bug.