24003 – WebKit crashes on certain rtl pages

RESOLVED FIXED 24003

WebKit crashes on certain rtl pages

https://bugs.webkit.org/show_bug.cgi?id=24003

Summary WebKit crashes on certain rtl pages

Rahul Kuchhal

Reported 2009-02-18 10:04:39 PST

Some rtl pages are causing WebKit to crash when it converts an object to RenderInline. The stack trace (from Chromium builds, but I can reproduce the same crash in Safari with latest WebKit): 0x0143e367 [chrome.dll - inlineflowbox.h:107] WebCore::InlineFlowBox::borderLeft() 0x01442067 [chrome.dll - renderbox.cpp:2037] WebCore::RenderBox::calcAbsoluteHorizontalValues(WebCore::Length,WebCore::RenderBoxModelObject const *,WebCore::TextDirection,int,int,WebCore::Length,WebCore::Length,WebCore::Length,WebCore::Length,int &,int &,int &,int &) 0x01441c6a [chrome.dll - renderbox.cpp:1816] WebCore::RenderBox::calcAbsoluteHorizontal() 0x014408c0 [chrome.dll - renderbox.cpp:1205] WebCore::RenderBox::calcWidth() 0x01471787 [chrome.dll - renderblock.cpp:732] WebCore::RenderBlock::layoutBlock(bool) 0x014716bc [chrome.dll - renderblock.cpp:704] WebCore::RenderBlock::layout() 0x01472d57 [chrome.dll - renderblock.cpp:1521] WebCore::RenderBlock::layoutPositionedObjects(bool) 0x014aa3c8 [chrome.dll - renderflexiblebox.cpp:249] WebCore::RenderFlexibleBox::layoutBlock(bool) 0x014716bc [chrome.dll - renderblock.cpp:704] WebCore::RenderBlock::layout() 0x014eed98 [chrome.dll - bidi.cpp:819] WebCore::RenderBlock::layoutInlineChildren(bool,int &,int &) 0x0147189c [chrome.dll - renderblock.cpp:785] WebCore::RenderBlock::layoutBlock(bool) 0x014716bc [chrome.dll - renderblock.cpp:704] WebCore::RenderBlock::layout() 0x01474a50 [chrome.dll - renderblock.cpp:2354] WebCore::RenderBlock::insertFloatingObject(WebCore::RenderBox *)

Attachments
a small test case to reproduce the crash. (154 bytes, text/html) 2009-02-18 10:05 PST, Rahul Kuchhal	no flags	Details
Patch (1.33 KB, patch) 2009-02-18 10:06 PST, Rahul Kuchhal	zwarich: review-	Details Formatted Diff Diff
New patch (this time with a layout test) (3.04 KB, patch) 2009-02-19 10:54 PST, Rahul Kuchhal	hyatt: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Rahul Kuchhal

Comment 1 2009-02-18 10:05:42 PST

Created attachment 27752 [details] a small test case to reproduce the crash.

Rahul Kuchhal

Comment 2 2009-02-18 10:06:21 PST

Created attachment 27753 [details] Patch

Cameron Zwarich (cpst)

Comment 3 2009-02-19 08:31:58 PST

Comment on attachment 27753 [details] Patch This patch should be accompanied by a layout test.

Rahul Kuchhal

Comment 4 2009-02-19 10:54:28 PST

Created attachment 27796 [details] New patch (this time with a layout test)

Dave Hyatt

Comment 5 2009-02-24 09:54:24 PST

Comment on attachment 27796 [details] New patch (this time with a layout test) r=me

Dimitri Glazkov (Google)

Comment 6 2009-02-26 11:11:50 PST

Landed as http://trac.webkit.org/changeset/41259.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Major

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Windows XP

Product WebKit

Component WebCore Misc.

Assignee

Nobody

Reported

2009-02-18 10:04 PST

Modified

2009-02-26 11:11 PST History

CC List

2 users Show

URL

Keywords

Depends on

Blocks