Bug 17183 - Crash in RenderObject::lineHeight on launch with r30001 nightly
Summary: Crash in RenderObject::lineHeight on launch with r30001 nightly
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows XP
: P2 Major
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-02-05 12:37 PST by Matt Bishop
Modified: 2008-03-25 09:54 PDT (History)
2 users (show)

See Also:

Attachments
Crash dump file (31.10 KB, application/octet-stream)
2008-02-05 12:39 PST, Matt Bishop 		no flags Details
FontsList.plist as requested (41.28 KB, text/plain)
2008-02-05 15:22 PST, Matt Bishop 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Bishop 2008-02-05 12:37:51 PST 
I downloaded and started WebKit r30001 using 'run-nightly-webkit.cmd' and it crashed before the start page loaded.

I had the latest Safari 3.0.4 installed.  I have not installed WebKit previously.
Comment 1 Matt Bishop 2008-02-05 12:39:15 PST 
Created attachment 18939 [details]
Crash dump file

crash file
Comment 2 Adam Roben (:aroben) 2008-02-05 12:54:33 PST 
Comment on attachment 18939 [details]
Crash dump file

The backtrace seems to include the same frames over and over, but here's what I think it actually is:

 	WebKit.dll!WebCore::RenderObject::lineHeight(bool firstLine=true, bool __formal=false)  Line 2718 + 0x14 bytes	C++
 	WebKit.dll!WebCore::RenderFlow::lineHeight(bool firstLine=true, bool isRootLineBox=true)  Line 321 + 0xb bytes	C++
 	WebKit.dll!WebCore::RenderBlock::lineHeight(bool b=true, bool isRootLineBox=true)  Line 3954 + 0xb bytes	C++
 	WebKit.dll!WebCore::InlineFlowBox::computeLogicalBoxHeights(int & maxPositionTop=0, int & maxPositionBottom=0, int & maxAscent=0, int & maxDescent=0, bool strictMode=false)  Line 426 + 0x1a bytes	C++
 	WebKit.dll!WebCore::InlineFlowBox::verticallyAlignBoxes(int & heightOfBlock=)  Line 374	C++
 	WebKit.dll!WebCore::RenderBlock::constructLine(const WebCore::BidiIterator & start={...}, const WebCore::BidiIterator & end={...})  Line 630	C++
 	WebKit.dll!WebCore::RenderBlock::computeVerticalPositionsForLine(WebCore::RootInlineBox * lineBox=0x00000000)  Line 753	C++
 	WebKit.dll!WebCore::RenderBlock::layoutInlineChildren(bool relayoutChildren=, int & repaintTop=, int & repaintBottom=)  Line 995	C++
 	msvcr80.dll!__msize()  + 0xf8 bytes	
 	WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true)  Line 583	C++
 	WebKit.dll!WebCore::RenderBlock::layout()  Line 495	C++
 	WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatBottom=0)  Line 1234	C++
 	WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=)  Line 587	C++
 	WebKit.dll!WebCore::StringImpl::StringImpl(const char * characters=0x00000001, unsigned int length=0)  Line 110 + 0x21 bytes	C++
 	WebKit.dll!WebCore::RenderBlock::layout()  Line 495	C++
 	WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatBottom=0)  Line 1234	C++
 	WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=)  Line 587	C++
 	WebKit.dll!WebCore::RenderBlock::layout()  Line 495	C++
 	WebKit.dll!WebCore::RenderView::layout()  Line 114	C++
 	WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true)  Line 472	C++
 	WebKit.dll!WebCore::Document::implicitClose()  Line 1534	C++
 	WebKit.dll!WebCore::FrameLoader::checkCompleted()  Line 1263	C++
 	WebKit.dll!WebCore::FrameLoader::finishedParsing()  Line 1211	C++
 	WebKit.dll!WebCore::Document::finishedParsing()  Line 3550	C++
 	WebKit.dll!WebCore::HTMLParser::finished()  Line 1443	C++
 	WebKit.dll!WebCore::HTMLTokenizer::end()  Line 1559	C++
 	ole32.dll!CRetailMalloc_GetSize()  + 0x20 bytes	
 	oleaut32.dll!APP_DATA::FreeCachedMem()  + 0x24 bytes	
 	7fecbba8()	
 	WebKit.dll!WebCore::TimerBase::isActive()  Line 188 + 0x26 bytes	C++
 	WebKit.dll!WebCore::HTMLTokenizer::finish()  Line 1597	C++
 	WebKit.dll!WebCore::FrameLoader::write(const char * str=0x00000000, int len=1309376, bool flush=true)  Line 998 + 0x9 bytes	C++
 	WebKit.dll!WebCore::FrameLoader::endIfNotLoadingMainResource()  Line 1033	C++
 	WebKit.dll!WebCore::FrameLoader::finishedLoading()  Line 2791	C++
 	WebKit.dll!WebCore::MainResourceLoader::didFinishLoading()  Line 311	C++
 	WebKit.dll!WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction contentPolicy=PolicyUse, const WebCore::ResourceResponse & r={...})  Line 245	C++
 	WebKit.dll!WebCore::MainResourceLoader::continueAfterContentPolicy(WebCore::PolicyAction policy=PolicyUse)  Line 260	C++
 	WebKit.dll!WebCore::MainResourceLoader::didReceiveResponse(const WebCore::ResourceResponse & r={...})  Line 287	C++
 	WebKit.dll!WebCore::MainResourceLoader::handleDataLoadNow(WebCore::Timer<WebCore::MainResourceLoader> * __formal=)  Line 343	C++
Comment 3 Adam Roben (:aroben) 2008-02-05 12:58:39 PST 
This looks like the crash we get whenever we can't obtain a CGFontRef. Could you attach your FontsList.plist file? It can be found in:

C:\Documents and Settings\<username>\Local Settings\Application Data\Apple Computer\Safari
Comment 4 Matt Bishop 2008-02-05 15:22:21 PST 
Created attachment 18942 [details]
FontsList.plist as requested
Comment 5 Robert Blaut 2008-03-16 12:31:07 PDT 
(In reply to comment #3)
> This looks like the crash we get whenever we can't obtain a CGFontRef. Could
> you attach your FontsList.plist file? It can be found in:
> 
> C:\Documents and Settings\<username>\Local Settings\Application Data\Apple
> Computer\Safari
> 
Adam, is the crash bug ever confirmed or not?
Comment 6 Matt Bishop 2008-03-25 09:54:23 PDT 
Safari 3.1 appears to have a fix for this bug.  I have been unable to reproduce it in 3.1.