Bug 55215

Summary: crash in QtWebKitd4.dll!WebCore::setUpIterator line Line 59
Product: WebKit Reporter: stawel
Component: WebKit QtAssignee: Nobody <webkit-unassigned>
Status: RESOLVED DUPLICATE    
Severity: Normal CC: kling
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows XP   

Description stawel 2011-02-25 06:12:03 PST
I'm getting a crash in c:\qt\4.7.1\src\3rdparty\webkit\webcore\platform\text\qt\textbreakiteratorqt.cpp line 59

Qt version 4.7.1


the iterator.string is invalid.


    TextBreakIterator* setUpIterator(TextBreakIterator& iterator, QTextBoundaryFinder::BoundaryType type, const UChar* string, int length)
    {
        if (!string || !length)
            return 0;

        if (iterator.isValid() && type == iterator.type() && length == iterator.length
            && memcmp(string, iterator.string, length) == 0) {  -<--------crash
            iterator.toStart();
            return &iterator;
        }

        iterator = TextBreakIterator(type, string, length);

        return &iterator;
    }

"Access violation reading location 0x210b8ce4"


the callstack:

	msvcr80d.dll!cmpDWORD(const void * lhs=0x13bbdcb4, const void * rhs=0x210b8ce4)  + 0x1a bytes	C
 	msvcr80d.dll!unaligned_memcmp(const unsigned char * bLHS=0x13bbdcb4, const unsigned char * bRHS=0x210b8ce4, unsigned int siz=75)  + 0x1d bytes	C
 	msvcr80d.dll!memcmp(const void * lhs=0x13bbdcb4, const void * rhs=0x210b8ce4, unsigned int siz=75)  + 0x19a bytes	C
>	QtWebKitd4.dll!WebCore::setUpIterator(WebCore::TextBreakIterator & iterator={...}, QTextBoundaryFinder::BoundaryType type=Line, const wchar_t * string=0x13bbdcb4, int length=75)  Line 59 + 0x3d bytes	C++
 	QtWebKitd4.dll!WebCore::lineBreakIterator(const wchar_t * string=0x13bbdcb4, int length=75)  Line 89 + 0x14 bytes	C++
 	QtWebKitd4.dll!WebCore::nextBreakablePosition(const wchar_t * str=0x13bbdcb4, int pos=37, int len=75, bool treatNoBreakSpaceAsBreak=false)  Line 120 + 0xd bytes	C++
 	QtWebKitd4.dll!WebCore::isBreakable(const wchar_t * str=0x13bbdcb4, int pos=37, int len=75, int & nextBreakable=36, bool breakNBSP=false)  Line 33 + 0x15 bytes	C++
 	QtWebKitd4.dll!WebCore::RenderText::calcPrefWidths(int leadWidth=0, WTF::HashSet<WebCore::SimpleFontData const *,WTF::PtrHash<WebCore::SimpleFontData const *>,WTF::HashTraits<WebCore::SimpleFontData const *> > & fallbackFonts={...}, WebCore::GlyphOverflow & glyphOverflow={...})  Line 668 + 0x21 bytes	C++
 	QtWebKitd4.dll!WebCore::RenderText::calcPrefWidths(int leadWidth=0)  Line 581	C++
 	QtWebKitd4.dll!WebCore::RenderText::trimmedPrefWidths(int leadWidth=0, int & beginMinW=48, bool & beginWS=false, int & endMinW=48, bool & endWS=true, bool & hasBreakableChar=true, bool & hasBreak=false, int & beginMaxW=0, int & endMaxW=135071240, int & minW=0, int & maxW=0, bool & stripFrontSpaces=true)  Line 480	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::calcInlinePrefWidths()  Line 4287	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::calcPrefWidths()  Line 3966	C++
 	QtWebKitd4.dll!WebCore::RenderBox::minPrefWidth()  Line 461	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::calcBlockPrefWidths()  Line 4411 + 0x10 bytes	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::calcPrefWidths()  Line 3969	C++
 	QtWebKitd4.dll!WebCore::RenderBox::minPrefWidth()  Line 461	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::calcBlockPrefWidths()  Line 4411 + 0x10 bytes	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::calcPrefWidths()  Line 3969	C++
 	QtWebKitd4.dll!WebCore::RenderBox::minPrefWidth()  Line 461	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::calcBlockPrefWidths()  Line 4411 + 0x10 bytes	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::calcPrefWidths()  Line 3969	C++
 	QtWebKitd4.dll!WebCore::RenderTableCell::calcPrefWidths()  Line 133	C++
 	QtWebKitd4.dll!WebCore::FixedTableLayout::calcWidthArray(int __formal=0)  Line 161	C++
 	QtWebKitd4.dll!WebCore::FixedTableLayout::calcPrefWidths(int & minWidth=-1, int & maxWidth=-1)  Line 207 + 0xc bytes	C++
 	QtWebKitd4.dll!WebCore::RenderTable::calcPrefWidths()  Line 539	C++
 	QtWebKitd4.dll!WebCore::RenderBox::minPrefWidth()  Line 461	C++
 	QtWebKitd4.dll!WebCore::RenderTable::calcWidth()  Line 206 + 0x1b bytes	C++
 	QtWebKitd4.dll!WebCore::RenderTable::layout()  Line 254	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x210559e4, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0)  Line 1364	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=false, int & maxFloatBottom=0)  Line 1304	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false)  Line 749	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layout()  Line 674	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x21055968, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=4158, int & maxFloatBottom=0)  Line 1364	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=false, int & maxFloatBottom=0)  Line 1304	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false)  Line 749	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layout()  Line 674	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1388e83c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0)  Line 1364	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=false, int & maxFloatBottom=0)  Line 1304	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false)  Line 749	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layout()  Line 674	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1388e7c0, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0)  Line 1364	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=false, int & maxFloatBottom=0)  Line 1304	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false)  Line 749	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layout()  Line 674	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x1388e688, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatBottom=0, int & maxFloatBottom=0)  Line 1364	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=false, int & maxFloatBottom=0)  Line 1304	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=false)  Line 749	C++
 	QtWebKitd4.dll!WebCore::RenderBlock::layout()  Line 674	C++
 	QtWebKitd4.dll!WebCore::RenderView::layout()  Line 125	C++
 	QtWebKitd4.dll!WebCore::FrameView::layout(bool allowSubtree=true)  Line 720	C++
 	QtWebKitd4.dll!WebCore::FrameView::layoutTimerFired(WebCore::Timer<WebCore::FrameView> * __formal=0x1367a998)  Line 1263	C++
 	QtWebKitd4.dll!WebCore::Timer<WebCore::FrameView>::fired()  Line 98 + 0x1f bytes	C++
 	QtWebKitd4.dll!WebCore::ThreadTimers::sharedTimerFiredInternal()  Line 115	C++
 	QtWebKitd4.dll!WebCore::ThreadTimers::sharedTimerFired()  Line 91	C++
 	QtWebKitd4.dll!WebCore::SharedTimerQt::timerEvent(QTimerEvent * ev=0x038cd018)  Line 118	C++
 	QtCored4.dll!QObject::event(QEvent * e=0x038cd018)  Line 1176	C++
 	QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x12bc4650, QEvent * e=0x038cd018)  Line 4445 + 0x11 bytes	C++
 	QtGuid4.dll!QApplication::notify(QObject * receiver=0x12bc4650, QEvent * e=0x038cd018)  Line 3845 + 0x10 bytes	C++
 	test.exe!TestApplication::notify(QObject * receiver=0x12bc4650, QEvent * event=0x038cd018)  Line 205 + 0x13 bytes	C++
 	QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x12bc4650, QEvent * event=0x038cd018)  Line 732 + 0x15 bytes	C++
 	QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x12bc4650, QEvent * event=0x038cd018)  Line 215 + 0x39 bytes	C++
 	QtCored4.dll!QEventDispatcherWin32::event(QEvent * e=0x139ddbb0)  Line 1133 + 0x10 bytes	C++
 	QtGuid4.dll!QApplicationPrivate::notify_helper(QObject * receiver=0x08af60d8, QEvent * e=0x139ddbb0)  Line 4445 + 0x11 bytes	C++
 	QtGuid4.dll!QApplication::notify(QObject * receiver=0x08af60d8, QEvent * e=0x139ddbb0)  Line 3845 + 0x10 bytes	C++
 	test.exe!TestApplication::notify(QObject * receiver=0x08af60d8, QEvent * event=0x139ddbb0)  Line 205 + 0x13 bytes	C++
 	QtCored4.dll!QCoreApplication::notifyInternal(QObject * receiver=0x08af60d8, QEvent * event=0x139ddbb0)  Line 732 + 0x15 bytes	C++
 	QtCored4.dll!QCoreApplication::sendEvent(QObject * receiver=0x08af60d8, QEvent * event=0x139ddbb0)  Line 215 + 0x39 bytes	C++
 	QtCored4.dll!QCoreApplicationPrivate::sendPostedEvents(QObject * receiver=0x00000000, int event_type=0, QThreadData * data=0x080e6598)  Line 1373 + 0xd bytes	C++
 	QtCored4.dll!qt_internal_proc(HWND__ * hwnd=0x000b0aa6, unsigned int message=1025, unsigned int wp=0, long lp=0)  Line 506 + 0x10 bytes	C++
 	user32.dll!_InternalCallWinProc@20()  + 0x28 bytes	
 	user32.dll!_UserCallWinProcCheckWow@32()  + 0xc8 bytes	
 	user32.dll!_DispatchMessageWorker@8()  + 0xe9 bytes	
 	user32.dll!_DispatchMessageW@4()  + 0xf bytes	
 	QtCored4.dll!QEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 807	C++
 	QtGuid4.dll!QGuiEventDispatcherWin32::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 1170 + 0x15 bytes	C++
 	QtCored4.dll!QEventLoop::processEvents(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 150	C++
 	QtCored4.dll!QEventLoop::exec(QFlags<enum QEventLoop::ProcessEventsFlag> flags={...})  Line 201 + 0x2d bytes	C++
 	QtCored4.dll!QCoreApplication::exec()  Line 1009 + 0x15 bytes	C++
.
.
.
Comment 1 Andreas Kling 2011-02-25 06:22:43 PST
Fixed yesterday! :3

*** This bug has been marked as a duplicate of bug 55139 ***