RESOLVED DUPLICATE of bug 1872218639
REGRESSION (3.1.1 - ToT): Crash in WebCore::RenderBlock:: determineStartPosition() 
https://bugs.webkit.org/show_bug.cgi?id=18639
Summary REGRESSION (3.1.1 - ToT): Crash in WebCore::RenderBlock:: determineStartPosit...
Dave Marquard
Reported 2008-04-20 14:07:01 PDT
I'm seeing a reproducible crash in WebCore::RenderBlock::layoutInlineChildren() in r32268. To reproduce the crash, go to http://www.farecompare.com/fare-search/year.html?type=homepage2&departure=AUS&destination=CLE&t=r&s=r#Select_Depart_Day and click the "September 2008" box.
Attachments
crash log from r32268 (27.73 KB, text/plain)
2008-04-20 14:08 PDT, Dave Marquard 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Dave Marquard
Comment 1 2008-04-20 14:08:19 PDT
Created attachment 20707 [details] crash log from r32268 crash log from r32268 attached.
Matt Lilek
Comment 2 2008-04-20 14:25:11 PDT
Confirmed with r32282, this is a regression from Safari 3.1.1 (5525.18) Top of debug stack trace: Thread 0 Crashed: 0 com.apple.WebCore 0x0224ce32 WebCore::RenderBlock::determineStartPosition(bool&, WebCore::BidiResolver<WebCore::BidiIterator, WebCore::BidiRun>&, WTF::Vector<WebCore::RenderBlock::FloatWithRect, 0ul>&, unsigned int&) + 154 (bidi.cpp:1148) 1 com.apple.WebCore 0x0224df77 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 1605 (bidi.cpp:861) 2 com.apple.WebCore 0x02040a35 WebCore::RenderBlock::layoutBlock(bool) + 1299 (RenderBlock.cpp:580) 3 com.apple.WebCore 0x0202fb58 WebCore::RenderBlock::layout() + 54 (RenderBlock.cpp:494) 4 com.apple.WebCore 0x0224fa2d WebCore::RenderObject::layoutIfNeeded() + 41 (RenderObject.h:500)
Dave Marquard
Comment 3 2008-05-29 13:14:17 PDT
This no longer causes a crash with the original reproduction scenario. Resolving this as WORKSFORME since the underlying defect was most likely fixed.
mitz
Comment 4 2008-05-29 15:02:25 PDT
Reopening to close as duplicate.
mitz
Comment 5 2008-05-29 15:02:44 PDT
*** This bug has been marked as a duplicate of 18722 ***
Note You need to log in before you can comment on or make changes to this bug.