RESOLVED FIXED Bug 44149
AX: Images within anchors causes crash 
https://bugs.webkit.org/show_bug.cgi?id=44149
Summary AX: Images within anchors causes crash
Chris Guillory
Reported 2010-08-17 19:34:52 PDT
Created attachment 64662 [details] Layout Test The chromium render is crashing: http://code.google.com/p/chromium/issues/detail?id=52538 I've attached a layout test the reproduces the crash. This is looks similar to the crash from https://bugs.webkit.org/show_bug.cgi?id=42309
Attachments
Layout Test (2.00 KB, patch)
2010-08-17 19:34 PDT, Chris Guillory 		ctguil: review-
DetailsFormatted DiffDiff
anchor-with-image-causes-crash-stderr.txt (622 bytes, text/plain)
2010-08-20 13:39 PDT, Chris Guillory 		no flags
Details
Similar Layout Test - divs within anchors (2.21 KB, text/html)
2010-09-13 14:10 PDT, Chris Guillory 		no flags
Details
Layout Tests that actually causes a crash (1.98 KB, patch)
2010-09-15 18:44 PDT, Chris Guillory 		no flags
DetailsFormatted DiffDiff
Patch (5.94 KB, patch)
2011-09-09 15:14 PDT, Dominic Mazzoni 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
chris fleizach
Comment 1 2010-08-18 12:36:16 PDT
chris i'm not getting a crash with this test on ToT (on a Snow leopard mac). Can you attach the crash log
Chris Guillory
Comment 2 2010-08-20 13:39:36 PDT
Created attachment 64986 [details] anchor-with-image-causes-crash-stderr.txt Hey Chris. Not sure how I missed your message in email. Is this file you wanted? I'm seeing the crash on Vista and my checkout is at r65572.
chris fleizach
Comment 3 2010-08-20 13:45:24 PDT
ah, something caught by the new assert. might be a new case not properly handled. still doesn't explain why it didn't crash for me
Chris Guillory
Comment 4 2010-08-20 14:35:16 PDT
Looking at this again I'm only seeing the assert being hit and no crash occurring (if I remove the assert) for the layout test. Can you see the assert being hit in debug mode?
chris fleizach
Comment 5 2010-08-20 14:39:10 PDT
i was pretty sure i ran my unit test in debug mode, so it should have asserted there and crashed. i must have done something wrong
chris fleizach
Comment 6 2010-08-23 10:47:32 PDT
crashing for me too now
chris fleizach
Comment 7 2010-09-10 18:02:51 PDT
i've been looking at what could be related when you have code like <ul> <li style="display: inline;"><a href="http:"><img style="display: block;" src="" width="200" height="100"></a></li> <li style="display: inline;"><a href="http:"><img style="display: block;" src="" width="200" height="100"></a></li> <li style="display: inline;"><a href="http:"><img style="display: block;" src="" width="200" height="100"></a></li> </ul> the <ul> reports that it has four children. there's a continuation that points to the 2nd image. the problem is that i don't know if it's a logic error in nextSibling(), an unaccounted case, or there's an issue in how continuations are stored in renderers.
Chris Guillory
Comment 8 2010-09-13 14:10:42 PDT
Created attachment 67469 [details] Similar Layout Test - divs within anchors Original URL: http://o.aolcdn.com/cdn.webmail.aol.com/mailtour/affinity/en-us/
Chris Guillory
Comment 9 2010-09-15 18:44:07 PDT
Created attachment 67756 [details] Layout Tests that actually causes a crash This layout test actually causes a crash.
Dominic Mazzoni
Comment 10 2011-09-09 15:14:36 PDT
Created attachment 106928 [details] Patch
chris fleizach
Comment 11 2011-09-09 15:55:08 PDT
Comment on attachment 106928 [details] Patch this looks ok to me, can you also check if this fixes https://bugs.webkit.org/show_bug.cgi?id=58930 r=me
WebKit Review Bot
Comment 12 2011-09-09 16:23:30 PDT
Comment on attachment 106928 [details] Patch Clearing flags on attachment: 106928 Committed r94888: <http://trac.webkit.org/changeset/94888>
WebKit Review Bot
Comment 13 2011-09-09 16:23:35 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.