Bug 33760 - [iexploder] Crash on test 30490 in all ports
Summary: [iexploder] Crash on test 30490 in all ports
Status: RESOLVED DUPLICATE of bug 33266
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Normal
Assignee: Nobody
URL:
Keywords: Qt
Depends on:
Blocks:
 
Reported: 2010-01-16 07:17 PST by Holger Freyther
Modified: 2010-01-20 00:31 PST (History)
1 user (show)

See Also:

Attachments
iexploder test causing a crash, most likely due the ruby element. (90.28 KB, application/octet-stream)
2010-01-16 07:17 PST, Holger Freyther 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Holger Freyther 2010-01-16 07:17:10 PST 
Created attachment 46740 [details]
iexploder test causing a crash, most likely due the ruby element.

The attached test case used to crash in the "ruby" handling of RenderBlock (called from RubyElement) after the changes of the 15th it is still crashing but without ruby being in the backtrace.

The backtrace is coming from Qt but it was crashing in a recent Chromium build (PPA for Ubuntu) as well.

backtrace in a release build:
#0  0xb782b962 in WebCore::InlineFlowBox::determineSpacingForFlowBoxes(bool, WebCore::RenderObject*) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#1  0xb7848bb5 in WebCore::RenderBlock::constructLine(unsigned int, WebCore::BidiRun*, WebCore::BidiRun*, bool, bool, WebCore::RenderObject*) ()
   from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#2  0xb78512a3 in WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#3  0xb7846e39 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#4  0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#5  0xb784554b in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#6  0xb784684c in WebCore::RenderBlock::layoutBlockChildren(bool, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#7  0xb7846b97 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#8  0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#9  0xb7850023 in WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#10 0xb7846e39 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#11 0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#12 0xb784554b in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#13 0xb784684c in WebCore::RenderBlock::layoutBlockChildren(bool, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#14 0xb7846b97 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#15 0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#16 0xb784554b in WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#17 0xb784684c in WebCore::RenderBlock::layoutBlockChildren(bool, int&) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#18 0xb7846b97 in WebCore::RenderBlock::layoutBlock(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#19 0xb7835d38 in WebCore::RenderBlock::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#20 0xb78cda87 in WebCore::RenderView::layout() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#21 0xb77a1db3 in WebCore::FrameView::layout(bool) () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#22 0xb7575628 in WebCore::Document::implicitClose() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#23 0xb772533f in WebCore::FrameLoader::checkCallImplicitClose() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#24 0xb772d6ab in WebCore::FrameLoader::checkCompleted() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#25 0xb772d8be in WebCore::FrameLoader::finishedParsing() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#26 0xb7567aba in WebCore::Document::finishedParsing() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#27 0xb76b5c85 in WebCore::HTMLParser::finished() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#28 0xb76cc64e in WebCore::HTMLTokenizer::end() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#29 0xb76ccb87 in WebCore::HTMLTokenizer::finish() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#30 0xb756184b in WebCore::Document::finishParsing() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#31 0xb772963a in WebCore::FrameLoader::endIfNotLoadingMainResource() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#32 0xb771adde in WebCore::DocumentLoader::finishedLoading() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#33 0xb772d48a in WebCore::FrameLoader::finishedLoading() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
#34 0xb774b80f in WebCore::MainResourceLoader::didFinishLoading() () from /home/ich/source/apple/WebKit-tt.git/WebKitBuild/Release/lib/libQtWebKit.so.4
Comment 1 Alexey Proskuryakov 2010-01-16 11:03:57 PST 
Repro crash->P1.

In debug mode, an assertion fails:

ASSERTION FAILED: obj->isRenderInline() || obj == this
(/Users/ap/Safari/OpenSource/WebCore/rendering/RenderBlockLineLayout.cpp:512 WebCore::InlineFlowBox* WebCore::RenderBlock::createLineBoxes(WebCore::RenderObject*, bool))
Comment 2 Roland Steiner 2010-01-17 19:36:03 PST 
(In reply to comment #0)
> Created an attachment (id=46740) [details]
> iexploder test causing a crash, most likely due the ruby element.
> 
> The attached test case used to crash in the "ruby" handling of RenderBlock
> (called from RubyElement) after the changes of the 15th it is still crashing
> but without ruby being in the backtrace.

With "changes of the 15th", do you refer to the patch https://bugs.webkit.org/attachment.cgi?id=46665 in https://bugs.webkit.org/show_bug.cgi?id=33266 ?

I would have assumed that that patch should also fix the issue here: In a quick test with that patch applied, at least Chrome TestShell did not crash for me with the supplied HTML file (Debug build).
Comment 3 Holger Freyther 2010-01-17 20:47:59 PST 
(In reply to comment #2)

> I would have assumed that that patch should also fix the issue here: In a quick
> test with that patch applied, at least Chrome TestShell did not crash for me
> with the supplied HTML file (Debug build).

I'm referring to the same bug, and sorry it was the 16th, the svn revision is  r52184. The attachment you are referring to is still up for review and has the potential to fix that crash? cool.
Comment 4 Roland Steiner 2010-01-20 00:31:52 PST 
Marking as duplicate of 33266.

*** This bug has been marked as a duplicate of bug 33266 ***