RESOLVED FIXED 44352
AX: CSS first letter text transform causes crash 
https://bugs.webkit.org/show_bug.cgi?id=44352
Summary AX: CSS first letter text transform causes crash
Chris Guillory
Reported 2010-08-20 13:28:27 PDT
This bug is causing the chromium renderer to crash. http://code.google.com/p/chromium/issues/detail?id=52758 A bad type cast is occurring and this might be a regression from r65095. http://trac.webkit.org/changeset/65095 I've attached a layout tests that reproduces the issue.
Attachments
Layout Tests (2.12 KB, patch)
2010-08-20 13:28 PDT, Chris Guillory 		no flags
DetailsFormatted DiffDiff
Another Layout Test (1.59 KB, patch)
2010-08-20 14:52 PDT, Chris Guillory 		no flags
DetailsFormatted DiffDiff
Patch (4.28 KB, patch)
2010-08-20 15:55 PDT, chris fleizach 		ddkilzer: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Chris Guillory
Comment 1 2010-08-20 13:28:57 PDT
Created attachment 64983 [details] Layout Tests
Chris Guillory
Comment 2 2010-08-20 14:52:55 PDT
Created attachment 64996 [details] Another Layout Test Here's another layout test that reproduces the same issue. DRT crashes if the assert failures are skipped. This is from http://code.google.com/p/chromium/issues/detail?id=52829.
chris fleizach
Comment 3 2010-08-20 15:55:09 PDT
Created attachment 65003 [details] Patch
chris fleizach
Comment 4 2010-08-20 17:07:20 PDT
it looks like isInline() is not the right check to use before casting to RenderInline
Chris Guillory
Comment 5 2010-08-24 15:09:16 PDT
Casting to RenderInline or RenderBlock only when exact class type is known. Change looks good to me. Can someone approve. This is currently a top chromium crasher. http://webkit.org/blog/115/webcore-rendering-ii-blocks-and-inlines
chris fleizach
Comment 6 2010-08-24 16:03:52 PDT
(In reply to comment #5) > Casting to RenderInline or RenderBlock only when exact class type is known. Change looks good to me. Can someone approve. This is currently a top chromium crasher. > http://webkit.org/blog/115/webcore-rendering-ii-blocks-and-inlines Chris, why is accessibility code being run for most people... in general, accessibility code should only be triggered when a screen reader is running
Chris Guillory
Comment 7 2010-08-24 16:21:43 PDT
In general you are correct. However, on certain systems configurations accessibility is being enabled even though no screen reader is in use. On windows tablets the Tablet PC Input Panel program accesses accessibility functions. On mac there are uses of accessibility functions by non screen readers; also if Universal Access System Preferences Pane -> Enable access for assistive devices is checked, accessibility will be on. I don't think the code is being run by most people. But since the crash occurs with relative ease it shows up often.
chris fleizach
Comment 8 2010-08-25 15:37:55 PDT
(In reply to comment #7) > On mac there are uses of accessibility functions by non screen readers; also if Universal Access System Preferences Pane -> Enable access for assistive devices is checked, accessibility will be on. As a FYI, even when this check box is on, accessibility code won't be run unless someone makes an accessibility request (like VoiceOver, Accessibility inspector, or whoever else actually uses accessibility)
David Kilzer (:ddkilzer)
Comment 9 2010-08-25 16:44:10 PDT
Comment on attachment 65003 [details] Patch r=me
chris fleizach
Comment 10 2010-08-25 17:31:44 PDT
http://trac.webkit.org/changeset/66061
WebKit Review Bot
Comment 11 2010-08-25 19:03:31 PDT
http://trac.webkit.org/changeset/66061 might have broken SnowLeopard Intel Release (Tests)
Note You need to log in before you can comment on or make changes to this bug.