Bug 23985 - Crash on WebCore::InlineFlowBox::addToLine
Summary: Crash on WebCore::InlineFlowBox::addToLine
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Major
Assignee: Dave Hyatt
URL: http://www.familyguyx.net/episode/bab...
Keywords:
: 23998 (view as bug list)
Depends on:
Blocks: 24281
  Show dependency treegraph
 
Reported: 2009-02-16 19:27 PST by Dimitri Glazkov (Google)
Modified: 2009-03-01 17:07 PST (History)
1 user (show)

See Also:

Attachments
Crash log (34.03 KB, text/plain)
2009-02-16 20:23 PST, Dimitri Glazkov (Google) 		no flags Details
Rendering slowness reduction. (287 bytes, text/html)
2009-02-17 10:04 PST, Dimitri Glazkov (Google) 		no flags Details
Force legends to be display:block (1.65 KB, patch)
2009-02-17 10:17 PST, Dave Hyatt 		no flags Details | Formatted Diff | Diff
Force legends to be display:block (931 bytes, patch)
2009-02-17 10:18 PST, Dave Hyatt 		no flags Details | Formatted Diff | Diff
Force legends to be display:block and eliminate the RenderLegend that caused the trouble in the first place (12.77 KB, patch)
2009-02-17 10:30 PST, Dave Hyatt 		hyatt: review-
Details | Formatted Diff | Diff
Force legends to be display:block (60.61 KB, patch)
2009-02-17 10:51 PST, Dave Hyatt 		eric: review+
Details | Formatted Diff | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Dimitri Glazkov (Google) 2009-02-16 19:27:30 PST 
This bug was initially filed here http://crbug.com/7775. Stack trace coming up (see Chromium's for information for now).
Comment 1 Dimitri Glazkov (Google) 2009-02-16 20:23:30 PST 
Created attachment 27717 [details]
Crash log

Here's the crash log. Working on reduction ...
Comment 2 Dimitri Glazkov (Google) 2009-02-17 10:04:20 PST 
Created attachment 27732 [details]
Rendering slowness reduction.

Ok, this is interesting. Here's a reduction that doesn't cause a crash, but it definitely hangs the renderer for a while (up to 30 secs on my machine) and produces clearly invalid output.
Comment 3 Dave Hyatt 2009-02-17 10:17:52 PST 
Created attachment 27733 [details]
Force legends to be display:block
Comment 4 Dave Hyatt 2009-02-17 10:18:28 PST 
Created attachment 27734 [details]
Force legends to be display:block
Comment 5 Dave Hyatt 2009-02-17 10:19:19 PST 
This patch fixes the rendering issues with this test case (and another one Dan pointed out to me a week or so ago).  It might still be worth investigating how we hit the assert in createLineBoxes when we let the legend be inline.
Comment 6 Dave Hyatt 2009-02-17 10:30:06 PST 
Created attachment 27735 [details]
Force legends to be display:block and eliminate the RenderLegend that caused the trouble in the first place
Comment 7 Dave Hyatt 2009-02-17 10:32:24 PST 
Comment on attachment 27735 [details]
Force legends to be display:block and eliminate the RenderLegend that caused the trouble in the first place

Need new changelog and a test case. Minusing myself.
Comment 8 Dave Hyatt 2009-02-17 10:51:55 PST 
Created attachment 27737 [details]
Force legends to be display:block
Comment 9 Dimitri Glazkov (Google) 2009-02-17 10:53:57 PST 
It's gorgeous. Somebody r+ this!
Comment 10 Eric Seidel (no email) 2009-02-17 11:27:36 PST 
Comment on attachment 27737 [details]
Force legends to be display:block

Looks fine.  I can't claim to be an expert here, but Hyatt's change looks sane to me.
Comment 11 Dave Hyatt 2009-02-17 11:34:02 PST 
Fixed in r41041.
Comment 12 Jon@Chromium 2009-02-17 15:43:20 PST 
*** Bug 23998 has been marked as a duplicate of this bug. ***