RESOLVED FIXED Bug 44207
Empty mfrac and empty munderover cause crashes 
https://bugs.webkit.org/show_bug.cgi?id=44207
Summary Empty mfrac and empty munderover cause crashes
Beth Dakin
Reported 2010-08-18 15:32:35 PDT
I have test cases and a patch. Will post shortly. Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Crashed Thread: 0 Crashed Thread: 0 com.apple.WebCore 0x000000010153bdd0 WebCore::RenderMathMLUnderOver::baselinePosition(bool, bool) const + 192 1 com.apple.WebCore 0x0000000101005ccb WebCore::InlineFlowBox::computeLogicalBoxHeights(int&, int&, int&, int&, bool, WTF::HashMap<WebCore::InlineTextBox const*, std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&) + 939 2 com.apple.WebCore 0x00000001015c7630 WebCore::RootInlineBox::verticallyAlignBoxes(int, WTF::HashMap<WebCore::InlineTextBox const*, std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&) + 176 <rdar://problem/8325160> filefuzz: crash at WebCore::RenderMathMLUnderOver::baselinePosition(bool, bool) const+192
Attachments
Patch + tests (6.34 KB, patch)
2010-08-18 15:38 PDT, Beth Dakin 		sam: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Beth Dakin
Comment 1 2010-08-18 15:38:51 PDT
Created attachment 64782 [details] Patch + tests
Beth Dakin
Comment 2 2010-08-18 17:27:06 PDT
Thanks Sam! http://trac.webkit.org/changeset/65646
Note You need to log in before you can comment on or make changes to this bug.