Bug 39042

Summary: r59270 causes crashes on some pages
Product: WebKit Reporter: Simon Fraser (smfr) <simon.fraser>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: enrica, slewis
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   

Description Simon Fraser (smfr) 2010-05-12 21:36:39 PDT 
r59270 caused a crash with some internal test content. Crash stack looks like:


Thread 0 Crashed:  Dispatch queue: com.apple.main-thread
0   ???                           	000000000000000000 0 + 0
1   com.apple.WebCore             	0x0000000100dada06 WebCore::RenderInline::destroy() + 38
2   com.apple.WebCore             	0x0000000100c66a9b WebCore::RenderBlock::destroy() + 43
3   com.apple.WebCore             	0x0000000100dada06 WebCore::RenderInline::destroy() + 38
4   com.apple.WebCore             	0x0000000100dada06 WebCore::RenderInline::destroy() + 38
5   com.apple.WebCore             	0x0000000100c66a9b WebCore::RenderBlock::destroy() + 43
6   com.apple.WebCore             	0x0000000100dada06 WebCore::RenderInline::destroy() + 38
7   com.apple.WebCore             	0x0000000100dada06 WebCore::RenderInline::destroy() + 38
8   com.apple.WebCore             	0x0000000100c66a13 WebCore::Node::detach() + 35
9   com.apple.WebCore             	0x0000000100c668cb WebCore::Element::detach() + 107
10  com.apple.WebCore             	0x0000000100c6683c WebCore::ContainerNode::detach() + 44
11  com.apple.WebCore             	0x0000000100c668cb WebCore::Element::detach() + 107
12  com.apple.WebCore             	0x0000000100c6683c WebCore::ContainerNode::detach() + 44
13  com.apple.WebCore             	0x0000000100c668cb WebCore::Element::detach() + 107
14  com.apple.WebCore             	0x0000000100c6683c WebCore::ContainerNode::detach() + 44
15  com.apple.WebCore             	0x0000000100c668cb WebCore::Element::detach() + 107
16  com.apple.WebCore             	0x0000000100c6683c WebCore::ContainerNode::detach() + 44
17  com.apple.WebCore             	0x0000000100c668cb WebCore::Element::detach() + 107
18  com.apple.WebCore             	0x0000000100c6683c WebCore::ContainerNode::detach() + 44
19  com.apple.WebCore             	0x0000000100c668cb WebCore::Element::detach() + 107
20  com.apple.WebCore             	0x0000000100d9da67 WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 263
21  com.apple.WebCore             	0x0000000100e26633 WebCore::HTMLParser::handleResidualStyleCloseTagAcrossBlocks(WebCore::HTMLStackElem*) + 2115
22  com.apple.WebCore             	0x0000000100c80fec WebCore::HTMLParser::popBlock(WebCore::AtomicString const&, bool) + 172
23  com.apple.WebCore             	0x0000000100c7aaeb WebCore::HTMLParser::processCloseTag(WebCore::Token*) + 171
24  com.apple.WebCore             	0x0000000100c76dbb WebCore::HTMLParser::parseToken(WebCore::Token*) + 779
Comment 1 Simon Fraser (smfr) 2010-05-12 21:40:40 PDT 
irc convo:

smfr: but isRenderBlock() is always going to return true there
hyatt: oh that's supposed to be isBlockFlow
hyatt: no that's not right either
hyatt: bah
hyatt: ummm crap there may not be a method to express this
hyatt: but yeah isRenderBlock is wrong since it applies to subclasses
hyatt: like you dont' want to change the state of tables or flexboxes
smfr: maybe we should back out (again)
hyatt: yeah i think this may require a new method
Comment 2 Simon Fraser (smfr) 2010-05-12 21:42:12 PDT 
Rollout via bug 39044.
Comment 3 Simon Fraser (smfr) 2010-05-12 21:46:55 PDT 
Rollout complete: http://trac.webkit.org/changeset/59341