26343 – crash in www.bahn.de with WML turned on

Bug 26343 - crash in www.bahn.de with WML turned on

Summary: crash in www.bahn.de with WML turned on

Status:	RESOLVED WONTFIX

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC OS X 10.5

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2009-06-12 00:17 PDT by zaheer
Modified:	2011-04-29 15:42 PDT (History)
CC List:	2 users (show)

See Also:

Attachments
patch fixes bahn.de crash with WML enabled (700 bytes, patch) 2009-06-12 00:36 PDT, zaheer	eric: review-	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description zaheer 2009-06-12 00:17:59 PDT

here's the crash trace

#0  0x4050efe4 in WebCore::RenderFieldset::findLegend () from /usr/local/lib/libwebkit-1.0.so.1
#1  0x4050f4f0 in WebCore::RenderFieldset::calcPrefWidths () from /usr/local/lib/libwebkit-1.0.so.1
#2  0x40500918 in WebCore::RenderBox::minPrefWidth () from /usr/local/lib/libwebkit-1.0.so.1
#3  0x40508ef8 in WebCore::RenderBox::calcWidth () from /usr/local/lib/libwebkit-1.0.so.1
#4  0x404fa990 in WebCore::RenderBlock::layoutBlock () from /usr/local/lib/libwebkit-1.0.so.1
#5  0x404eb6d0 in WebCore::RenderBlock::layout () from /usr/local/lib/libwebkit-1.0.so.1
#6  0x404f9b14 in WebCore::RenderBlock::layoutBlockChildren () from /usr/local/lib/libwebkit-1.0.so.1
#7  0x404fabd4 in WebCore::RenderBlock::layoutBlock () from /usr/local/lib/libwebkit-1.0.so.1
#8  0x404eb6d0 in WebCore::RenderBlock::layout () from /usr/local/lib/libwebkit-1.0.so.1
#9  0x404f9b14 in WebCore::RenderBlock::layoutBlockChildren () from /usr/local/lib/libwebkit-1.0.so.1
#10 0x404fabd4 in WebCore::RenderBlock::layoutBlock () from /usr/local/lib/libwebkit-1.0.so.1
#11 0x404eb6d0 in WebCore::RenderBlock::layout () from /usr/local/lib/libwebkit-1.0.so.1
#12 0x404f9b14 in WebCore::RenderBlock::layoutBlockChildren () from /usr/local/lib/libwebkit-1.0.so.1
#13 0x404fabd4 in WebCore::RenderBlock::layoutBlock () from /usr/local/lib/libwebkit-1.0.so.1
#14 0x404eb6d0 in WebCore::RenderBlock::layout () from /usr/local/lib/libwebkit-1.0.so.1
#15 0x404f9b14 in WebCore::RenderBlock::layoutBlockChildren () from /usr/local/lib/libwebkit-1.0.so.1
#16 0x404fabd4 in WebCore::RenderBlock::layoutBlock () from /usr/local/lib/libwebkit-1.0.so.1
#17 0x404eb6d0 in WebCore::RenderBlock::layout () from /usr/local/lib/libwebkit-1.0.so.1

The problem is a missing bracket in RenderField::findLegend with WML turned on 
patch follows.

Comment 1 zaheer 2009-06-12 00:36:06 PDT

Created attachment 31194 [details]
patch fixes bahn.de crash with WML enabled

Comment 2 Eric Seidel (no email) 2009-06-12 02:35:51 PDT

Comment on attachment 31194 [details]
patch fixes bahn.de crash with WML enabled

Needs a ChangeLog and a test case.  The test case should trigger the crash and otherwise print SUCCESS or PASS.

Otherwise this looks great!

Comment 3 Nikolas Zimmermann 2009-06-15 10:29:59 PDT

(In reply to comment #1)
> Created an attachment (id=31194) [review]
> patch fixes bahn.de crash with WML enabled
> 
Oh, great that you found it! I found this problem some weeks ago, but indeed forgot to commit the fix!
Thanks for noticing!

As Eric said, we still need a simple layout test. Can you write one?

Comment 4 Laszlo Gombos 2011-04-29 15:42:47 PDT

WML support is removed - http://trac.webkit.org/changeset/85256.