Bug 33760

Summary: [iexploder] Crash on test 30490 in all ports
Product: WebKit Reporter: Holger Freyther <zecke>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: rolandsteiner
Priority: P1 Keywords: Qt
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
iexploder test causing a crash, most likely due the ruby element. none

Holger Freyther
Reported 2010-01-16 07:17:10 PST
Created attachment 46740 [details] iexploder test causing a crash, most likely due the ruby element. The attached test case used to crash in the "ruby" handling of RenderBlock (called from RubyElement) after the changes of the 15th it is still crashing but without ruby being in the backtrace. The backtrace is coming from Qt but it was crashing in a recent Chromium build (PPA for Ubuntu) as well. backtrace in a release build: #0 0xb782b962 in WebCore::InlineFlowBox::determineSpacingForFlowBoxes(bool, WebCore::RenderObject*) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #1 0xb7848bb5 in WebCore::RenderBlock::constructLine(unsigned int, WebCore::BidiRun*, WebCore::BidiRun*, bool, bool, WebCore::RenderObject*) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #2 0xb78512a3 in WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #3 0xb7846e39 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #4 0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #5 0xb784554b in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #6 0xb784684c in WebCore::RenderBlock::layoutBlockChildren(bool, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #7 0xb7846b97 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #8 0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #9 0xb7850023 in WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #10 0xb7846e39 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #11 0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #12 0xb784554b in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #13 0xb784684c in WebCore::RenderBlock::layoutBlockChildren(bool, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #14 0xb7846b97 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #15 0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #16 0xb784554b in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #17 0xb784684c in WebCore::RenderBlock::layoutBlockChildren(bool, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #18 0xb7846b97 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #19 0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #20 0xb78cda87 in WebCore::RenderView::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #21 0xb77a1db3 in WebCore::FrameView::layout(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #22 0xb7575628 in WebCore::Document::implicitClose() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #23 0xb772533f in WebCore::FrameLoader::checkCallImplicitClose() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #24 0xb772d6ab in WebCore::FrameLoader::checkCompleted() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #25 0xb772d8be in WebCore::FrameLoader::finishedParsing() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #26 0xb7567aba in WebCore::Document::finishedParsing() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #27 0xb76b5c85 in WebCore::HTMLParser::finished() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #28 0xb76cc64e in WebCore::HTMLTokenizer::end() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #29 0xb76ccb87 in WebCore::HTMLTokenizer::finish() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #30 0xb756184b in WebCore::Document::finishParsing() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #31 0xb772963a in WebCore::FrameLoader::endIfNotLoadingMainResource() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #32 0xb771adde in WebCore::DocumentLoader::finishedLoading() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #33 0xb772d48a in WebCore::FrameLoader::finishedLoading() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4 #34 0xb774b80f in WebCore::MainResourceLoader::didFinishLoading() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
Attachments
iexploder test causing a crash, most likely due the ruby element. (90.28 KB, application/octet-stream)
2010-01-16 07:17 PST, Holger Freyther 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2010-01-16 11:03:57 PST
Repro crash->P1. In debug mode, an assertion fails: ASSERTION FAILED: obj->isRenderInline() || obj == this (/Users/ap/Safari/OpenSource/WebCore/rendering/RenderBlockLineLayout.cpp:512 WebCore::InlineFlowBox* WebCore::RenderBlock::createLineBoxes(WebCore::RenderObject*, bool))
Roland Steiner
Comment 2 2010-01-17 19:36:03 PST
(In reply to comment #0) > Created an attachment (id=46740) [details] > iexploder test causing a crash, most likely due the ruby element. > > The attached test case used to crash in the "ruby" handling of RenderBlock > (called from RubyElement) after the changes of the 15th it is still crashing > but without ruby being in the backtrace. With "changes of the 15th", do you refer to the patch https://bugs.webkit.org/attachment.cgi?id=46665 in https://bugs.webkit.org/show_bug.cgi?id=33266 ? I would have assumed that that patch should also fix the issue here: In a quick test with that patch applied, at least Chrome TestShell did not crash for me with the supplied HTML file (Debug build).
Holger Freyther
Comment 3 2010-01-17 20:47:59 PST
(In reply to comment #2) > I would have assumed that that patch should also fix the issue here: In a quick > test with that patch applied, at least Chrome TestShell did not crash for me > with the supplied HTML file (Debug build). I'm referring to the same bug, and sorry it was the 16th, the svn revision is r52184. The attachment you are referring to is still up for review and has the potential to fix that crash? cool.
Roland Steiner
Comment 4 2010-01-20 00:31:52 PST
Marking as duplicate of 33266. *** This bug has been marked as a duplicate of bug 33266 ***
Note You need to log in before you can comment on or make changes to this bug.