Bug 39042
| Summary: | r59270 causes crashes on some pages | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | Simon Fraser (smfr) <simon.fraser> |
| Component: | Layout and Rendering | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED FIXED | ||
| Severity: | Normal | CC: | enrica, slewis |
| Priority: | P2 | ||
| Version: | 528+ (Nightly build) | ||
| Hardware: | PC | ||
| OS: | OS X 10.5 | ||
Simon Fraser (smfr)
r59270 caused a crash with some internal test content. Crash stack looks like:
Thread 0 Crashed: Dispatch queue: com.apple.main-thread
0 ??? 000000000000000000 0 + 0
1 com.apple.WebCore 0x0000000100dada06 WebCore::RenderInline::destroy() + 38
2 com.apple.WebCore 0x0000000100c66a9b WebCore::RenderBlock::destroy() + 43
3 com.apple.WebCore 0x0000000100dada06 WebCore::RenderInline::destroy() + 38
4 com.apple.WebCore 0x0000000100dada06 WebCore::RenderInline::destroy() + 38
5 com.apple.WebCore 0x0000000100c66a9b WebCore::RenderBlock::destroy() + 43
6 com.apple.WebCore 0x0000000100dada06 WebCore::RenderInline::destroy() + 38
7 com.apple.WebCore 0x0000000100dada06 WebCore::RenderInline::destroy() + 38
8 com.apple.WebCore 0x0000000100c66a13 WebCore::Node::detach() + 35
9 com.apple.WebCore 0x0000000100c668cb WebCore::Element::detach() + 107
10 com.apple.WebCore 0x0000000100c6683c WebCore::ContainerNode::detach() + 44
11 com.apple.WebCore 0x0000000100c668cb WebCore::Element::detach() + 107
12 com.apple.WebCore 0x0000000100c6683c WebCore::ContainerNode::detach() + 44
13 com.apple.WebCore 0x0000000100c668cb WebCore::Element::detach() + 107
14 com.apple.WebCore 0x0000000100c6683c WebCore::ContainerNode::detach() + 44
15 com.apple.WebCore 0x0000000100c668cb WebCore::Element::detach() + 107
16 com.apple.WebCore 0x0000000100c6683c WebCore::ContainerNode::detach() + 44
17 com.apple.WebCore 0x0000000100c668cb WebCore::Element::detach() + 107
18 com.apple.WebCore 0x0000000100c6683c WebCore::ContainerNode::detach() + 44
19 com.apple.WebCore 0x0000000100c668cb WebCore::Element::detach() + 107
20 com.apple.WebCore 0x0000000100d9da67 WebCore::ContainerNode::removeChild(WebCore::Node*, int&) + 263
21 com.apple.WebCore 0x0000000100e26633 WebCore::HTMLParser::handleResidualStyleCloseTagAcrossBlocks(WebCore::HTMLStackElem*) + 2115
22 com.apple.WebCore 0x0000000100c80fec WebCore::HTMLParser::popBlock(WebCore::AtomicString const&, bool) + 172
23 com.apple.WebCore 0x0000000100c7aaeb WebCore::HTMLParser::processCloseTag(WebCore::Token*) + 171
24 com.apple.WebCore 0x0000000100c76dbb WebCore::HTMLParser::parseToken(WebCore::Token*) + 779
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Simon Fraser (smfr)
irc convo:
smfr: but isRenderBlock() is always going to return true there
hyatt: oh that's supposed to be isBlockFlow
hyatt: no that's not right either
hyatt: bah
hyatt: ummm crap there may not be a method to express this
hyatt: but yeah isRenderBlock is wrong since it applies to subclasses
hyatt: like you dont' want to change the state of tables or flexboxes
smfr: maybe we should back out (again)
hyatt: yeah i think this may require a new method
Simon Fraser (smfr)
Rollout via bug 39044.
Simon Fraser (smfr)
Rollout complete: http://trac.webkit.org/changeset/59341