Bug 17464 - REGRESSION: Crash in RenderBlock::findNextLineBreak reading r30444 commit email in GMail
Summary: REGRESSION: Crash in RenderBlock::findNextLineBreak reading r30444 commit ema...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Normal
Assignee: mitz
URL:
Keywords: GoogleBug, NeedsReduction, Regression
Depends on:
Blocks:
 
Reported: 2008-02-20 18:57 PST by Matt Lilek
Modified: 2008-04-21 10:55 PDT (History)
2 users (show)

See Also:


Attachments
Fix (31.63 KB, patch)
2008-02-20 20:49 PST, mitz
hyatt: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matt Lilek 2008-02-20 18:57:50 PST
Reading the webkit-changes email for r30444 in GMail crashes ToT:

Thread 0 Crashed:
0   com.apple.WebCore             	0x02108150 WebCore::RenderBlock::findNextLineBreak(WebCore::BidiIterator&, WebCore::BidiResolver<WebCore::BidiIterator, WebCore::BidiRun>&) + 6074 (bidi.cpp:1703)
1   com.apple.WebCore             	0x0210aa1f WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 3079 (bidi.cpp:969)
2   com.apple.WebCore             	0x01ef8e7f WebCore::RenderBlock::layoutBlock(bool) + 1319 (RenderBlock.cpp:581)
3   com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
4   com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
5   com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
6   com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
7   com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
8   com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
9   com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
10  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
11  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
12  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
13  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
14  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
15  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
16  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
17  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
18  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
19  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
20  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
21  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
22  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
23  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
24  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
25  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
26  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
27  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
28  com.apple.WebCore             	0x01ef9d1f WebCore::RenderObject::layoutIfNeeded() + 41 (RenderObject.h:487)
29  com.apple.WebCore             	0x0210a219 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 1025 (bidi.cpp:876)
30  com.apple.WebCore             	0x01ef8e7f WebCore::RenderBlock::layoutBlock(bool) + 1319 (RenderBlock.cpp:581)
31  com.apple.WebCore             	0x01f6d145 WebCore::RenderTableCell::layout() + 45 (RenderTableCell.cpp:137)
32  com.apple.WebCore             	0x01f71aaf WebCore::RenderTableRow::layout() + 239 (RenderTableRow.cpp:129)
33  com.apple.WebCore             	0x01ef9d1f WebCore::RenderObject::layoutIfNeeded() + 41 (RenderObject.h:487)
34  com.apple.WebCore             	0x01f0ae32 WebCore::RenderContainer::layout() + 176 (RenderContainer.cpp:497)
35  com.apple.WebCore             	0x01f6a4ce WebCore::RenderTable::layout() + 874 (RenderTable.cpp:298)
36  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
37  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
38  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
39  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
40  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
41  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
42  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
43  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
44  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
45  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
46  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
47  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
48  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
49  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
50  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
51  com.apple.WebCore             	0x01ef7e03 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 1515 (RenderBlock.cpp:1233)
52  com.apple.WebCore             	0x01ef8ea1 WebCore::RenderBlock::layoutBlock(bool) + 1353 (RenderBlock.cpp:586)
53  com.apple.WebCore             	0x01ee95f6 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494)
54  com.apple.WebCore             	0x01f92b7e WebCore::RenderView::layout() + 310 (RenderView.cpp:114)
55  com.apple.WebCore             	0x01cf087a WebCore::FrameView::layout(bool) + 2160 (FrameView.cpp:471)
56  com.apple.WebCore             	0x01f49c87 WebCore::RenderPart::updateWidgetPosition() + 727 (RenderPart.cpp:115)
57  com.apple.WebCore             	0x01f93817 WebCore::RenderView::updateWidgetPositions() + 87 (RenderView.cpp:446)
58  com.apple.WebCore             	0x01cefe1f WebCore::FrameView::performPostLayoutTasks() + 51 (FrameView.cpp:887)
59  com.apple.WebCore             	0x01cf0b19 WebCore::FrameView::layout(bool) + 2831 (FrameView.cpp:516)
60  com.apple.WebCore             	0x01ccbc8f WebCore::Frame::forceLayout(bool) + 57 (Frame.cpp:1376)
61  com.apple.WebCore             	0x020cb252 -[WebCoreFrameBridge forceLayoutAdjustingViewSize:] + 40 (WebCoreFrameBridge.mm:403)
62  com.apple.WebKit              	0x001c8cd0 -[WebHTMLView layoutToMinimumPageWidth:maximumPageWidth:adjustingViewSize:] + 234 (WebHTMLView.mm:2664)
63  com.apple.WebKit              	0x001c8de0 -[WebHTMLView layout] + 68 (WebHTMLView.mm:2678)
64  com.apple.WebKit              	0x001cfc0b -[WebHTMLView(WebInternal) _layoutIfNeeded] + 195 (WebHTMLView.mm:4811)
65  com.apple.WebKit              	0x001cfcec -[WebHTMLView(WebInternal) _web_layoutIfNeededRecursive] + 218 (WebHTMLView.mm:4826)
66  com.apple.WebKit              	0x001c3d7c -[WebHTMLView(WebPrivate) viewWillDraw] + 94 (WebHTMLView.mm:1063)
67  com.apple.AppKit              	0x917c5516 -[NSView viewWillDraw] + 579
68  com.apple.AppKit              	0x917c5516 -[NSView viewWillDraw] + 579
69  com.apple.AppKit              	0x917c5516 -[NSView viewWillDraw] + 579
70  com.apple.AppKit              	0x917c5516 -[NSView viewWillDraw] + 579
71  com.apple.AppKit              	0x917c5516 -[NSView viewWillDraw] + 579
72  com.apple.AppKit              	0x917c5516 -[NSView viewWillDraw] + 579
73  com.apple.AppKit              	0x917c5516 -[NSView viewWillDraw] + 579
74  com.apple.AppKit              	0x917c5516 -[NSView viewWillDraw] + 579
75  com.apple.AppKit              	0x917c4bf8 -[NSView _sendViewWillDrawInRect:] + 1015
76  com.apple.AppKit              	0x91706ec9 -[NSView displayIfNeeded] + 869
77  com.apple.AppKit              	0x91706ab9 -[NSWindow displayIfNeeded] + 189
78  com.apple.Safari              	0x000233a9 0x1000 + 140201
79  com.apple.AppKit              	0x917068e0 _handleWindowNeedsDisplay + 436
80  com.apple.CoreFoundation      	0x943ad9c2 __CFRunLoopDoObservers + 466
81  com.apple.CoreFoundation      	0x943aed25 CFRunLoopRunSpecific + 853
82  com.apple.CoreFoundation      	0x943afd18 CFRunLoopRunInMode + 88
83  com.apple.HIToolbox           	0x910986a0 RunCurrentEventLoopInMode + 283
84  com.apple.HIToolbox           	0x910984b9 ReceiveNextEventCommon + 374
85  com.apple.HIToolbox           	0x9109832d BlockUntilNextEventMatchingListInMode + 106
86  com.apple.AppKit              	0x917047d9 _DPSNextEvent + 657
87  com.apple.AppKit              	0x9170408e -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 128
88  com.apple.Safari              	0x0000965e 0x1000 + 34398
89  com.apple.AppKit              	0x916fd0c5 -[NSApplication run] + 795
90  com.apple.AppKit              	0x916ca30a NSApplicationMain + 574
91  com.apple.Safari              	0x00002a76 0x1000 + 6774
Comment 1 mitz 2008-02-20 20:49:54 PST
Created attachment 19248 [details]
Fix
Comment 2 Dave Hyatt 2008-02-20 20:54:24 PST
Comment on attachment 19248 [details]
Fix

r=me
Comment 3 mitz 2008-02-20 21:01:29 PST
Fixed in <http://trac.webkit.org/projects/webkit/changeset/30454>.
Comment 4 Eric Seidel (no email) 2008-04-21 10:41:35 PDT
Looks like this never made it into 3.1.  :sigh:  I just saw a crash in GMail which I think was this bug.
Comment 5 mitz 2008-04-21 10:55:51 PDT
(In reply to comment #4)
> Looks like this never made it into 3.1.  :sigh:  I just saw a crash in GMail
> which I think was this bug.

This bug was introduced in <http://trac.webkit.org/projects/webkit/changeset/30412> which is not in 3.1 either.