Bug 7566

Summary:

REGRESSION: Reproducible crash in getWebCoreFont()

Product:

WebKit

Reporter:

Shawn Smith <chezsmithy>

Component:

Layout and Rendering

Assignee:

Beth Dakin <bdakin>

Status:

RESOLVED FIXED

Severity:

Critical

CC:

amishbit, ap, bdakin, d.rudie, gavin.sharp, hyatt, pumpkingod, webkit-bugs, webkitbugz

Priority:

Keywords:

InRadar, Regression

Version:

420+

Hardware:

Mac

OS:

OS X 10.4

Attachments:

Description	Flags
Crash Log	none
random fix	bdakin: review-
Very reduced test case	none
new patch	bdakin: review+

Shawn Smith

Reported 2006-03-02 20:27:06 PST

Random crashes while browsing. No pattern found but crash reports all point to QFontMetricsPrivate::getWebCoreFont(). Crash log attached.

Attachments
Crash Log (29.46 KB, text/plain) 2006-03-02 20:27 PST, Shawn Smith	no flags	Details
random fix (561 bytes, patch) 2006-03-05 10:00 PST, Alexey Proskuryakov	bdakin: review-	Details Formatted Diff Diff
Very reduced test case (400 bytes, text/html) 2006-03-06 10:43 PST, Beth Dakin	no flags	Details
new patch (2.01 KB, patch) 2006-03-06 15:11 PST, Beth Dakin	bdakin: review+	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Shawn Smith

Comment 1 2006-03-02 20:27:54 PST

Created attachment 6818 [details] Crash Log

Eric Seidel (no email)

Comment 2 2006-03-02 22:16:30 PST

Is this a new crash? If so this should be a P1 and have the Regression keyword. The crashlog shows you're running a nightly, which might indicate this is related to hyatt's recent Font rewrite.

Shawn Smith

Comment 3 2006-03-03 05:46:12 PST

This is a new crash with the latest nightly. I suspect it has something to do with the font rewrite as it is crashing in that area of the code. I still can't narrow it down to a specific web page with a good repro. It is fairly random. I have only seen it 3 times in normal nightly browsing. Added Regression Keyword and set the Priority to P1.

Alexander Romanovich

Comment 4 2006-03-03 08:33:33 PST

I can repro this 100% by viewing the structure of a table in phpMyAdmin. Same crash as the original reporter. Hope that helps.

Shawn Smith

Comment 5 2006-03-05 07:38:52 PST

Found a good repro. Go here: http://www.regence.com/careers/ Click on "Search and Apply" button. (Need to allow Pop-ups) When pop-up window displays click on "Search Openings" button ... crash. This is with this nightly: WebKit Sun Mar 5 11:59:00 GMT 2006

Alexey Proskuryakov

Comment 6 2006-03-05 09:35:44 PST

0 WebCore::FontRenderer::getWebCoreFont(WebCore::FontDescription const&) const + 40 (FontMac.mm:51) 1 WebCore::Font::getWebCoreFont() const + 68 (FontMac.mm:95) 2 QListBox::sizeForNumberOfLines(int) const + 960 (KWQListBox.mm:295) 3 WebCore::RenderSelect::layout() + 328 (render_form.cpp:798) 4 WebCore::RenderObject::layoutIfNeeded() + 76 (Font.h:458) 5 WebCore::RenderSelect::calcMinMaxWidth() + 192 (render_form.cpp:768) 6 WebCore::RenderObject::recalcMinMaxWidths() + 896 (render_object.cpp:2285) 7 WebCore::RenderObject::recalcMinMaxWidths() + 408 (render_object.cpp:2270)

Alexey Proskuryakov

Comment 7 2006-03-05 09:37:15 PST

*** Bug 7598 has been marked as a duplicate of this bug. ***

Alexey Proskuryakov

Comment 8 2006-03-05 10:00:14 PST

Created attachment 6870 [details] random fix The bug here is pretty obvious (a font is created without a renderer, then this null renderer is used), but my solution is kind of random - I don't really understand what Font::update() means.

Alexey Proskuryakov

Comment 9 2006-03-05 11:05:12 PST

*** Bug 7614 has been marked as a duplicate of this bug. ***

Darin Adler

Comment 10 2006-03-05 12:13:11 PST

Comment on attachment 6870 [details] random fix I think the correct fix is to add a call to update() to QListBox. On the other hand, I don't like the design here where you have to know when to call update(). Hyatt is the one who should review this and the one who should fix this too.

Andrew Wellington

Comment 11 2006-03-06 01:59:30 PST

*** Bug 7623 has been marked as a duplicate of this bug. ***

Beth Dakin

Comment 12 2006-03-06 10:43:40 PST

Created attachment 6899 [details] Very reduced test case Chris filed this in radar over the weekend also as <rdar://problem/4467128>. He attached this great reduced test case to the radar, so I thought I would put it here too.

Beth Dakin

Comment 13 2006-03-06 15:01:30 PST

Comment on attachment 6870 [details] random fix Darin and Hyatt discussed this on IRC and this is not the way Dave thinks the bug should be fixed. The callers should call update() instead. I am making a patch now...

Beth Dakin

Comment 14 2006-03-06 15:11:55 PST

Created attachment 6903 [details] new patch

Beth Dakin

Comment 15 2006-03-06 15:44:31 PST

Comment on attachment 6903 [details] new patch Darin reviewed this, and I committed the fix.

Daniel Peebles

Comment 16 2006-03-13 14:22:26 PST

*** Bug 7757 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.