WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
44801
Crash in RenderMathMLSubSup::layout()
https://bugs.webkit.org/show_bug.cgi?id=44801
Summary
Crash in RenderMathMLSubSup::layout()
Beth Dakin
Reported
2010-08-27 16:00:29 PDT
<
rdar://problem/8325203
> Process: Safari [63532] Path: /Applications/Safari.app/Contents/MacOS/Safari Identifier: org.webkit.nightly.WebKit Version:
r65398
(65398) Code Type: X86-64 (Native) Parent Process: exc_handler [63530] Date/Time: 2010-08-18 07:45:54.110 -0700 OS Version: Mac OS X 10.6.4 (10F569) Report Version: 6 Exception Type: EXC_BAD_ACCESS (SIGSEGV) Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000000 Crashed Thread: 0 Crashed Thread: 0 com.apple.WebCore 0x000000010153b32c WebCore::RenderMathMLSubSup::layout() + 1196 1 com.apple.WebCore 0x00000001014d7b00 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 1056 2 com.apple.WebCore 0x00000001014c921b WebCore::RenderBlock::layoutBlock(bool) + 779 3 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 4 com.apple.WebCore 0x0000000101538c09 WebCore::RenderMathMLRow::layout() + 25 5 com.apple.WebCore 0x00000001014d7b00 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 1056 6 com.apple.WebCore 0x00000001014c921b WebCore::RenderBlock::layoutBlock(bool) + 779 7 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 8 com.apple.WebCore 0x00000001014c82f1 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 369 9 com.apple.WebCore 0x00000001014c8923 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 547 10 com.apple.WebCore 0x00000001014c981f WebCore::RenderBlock::layoutBlock(bool) + 2319 11 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 12 com.apple.WebCore 0x000000010153544d WebCore::RenderMathMLFraction::layout() + 93 13 com.apple.WebCore 0x00000001014d7b00 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 1056 14 com.apple.WebCore 0x00000001014c921b WebCore::RenderBlock::layoutBlock(bool) + 779 15 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 16 com.apple.WebCore 0x0000000101538c09 WebCore::RenderMathMLRow::layout() + 25 17 com.apple.WebCore 0x00000001014d7b00 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 1056 18 com.apple.WebCore 0x00000001014c921b WebCore::RenderBlock::layoutBlock(bool) + 779 19 com.apple.WebCore 0x0000000101575c00 WebCore::RenderTableCell::layout() + 32 20 com.apple.WebCore 0x0000000101578738 WebCore::RenderTableRow::layout() + 152 21 com.apple.WebCore 0x000000010157c85c WebCore::RenderTableSection::layout() + 140 22 com.apple.WebCore 0x000000010157245c WebCore::RenderTable::layout() + 1004 23 com.apple.WebCore 0x00000001014d7b00 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 1056 24 com.apple.WebCore 0x00000001014c921b WebCore::RenderBlock::layoutBlock(bool) + 779 25 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 26 com.apple.WebCore 0x0000000101538c09 WebCore::RenderMathMLRow::layout() + 25 27 com.apple.WebCore 0x00000001014d7b00 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 1056 28 com.apple.WebCore 0x00000001014c921b WebCore::RenderBlock::layoutBlock(bool) + 779 29 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 30 com.apple.WebCore 0x00000001014c82f1 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 369 31 com.apple.WebCore 0x00000001014c8923 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 547 32 com.apple.WebCore 0x00000001014c981f WebCore::RenderBlock::layoutBlock(bool) + 2319 33 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 34 com.apple.WebCore 0x00000001014c82f1 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 369 35 com.apple.WebCore 0x00000001014c8923 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 547 36 com.apple.WebCore 0x00000001014c981f WebCore::RenderBlock::layoutBlock(bool) + 2319 37 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 38 com.apple.WebCore 0x00000001014c82f1 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 369 39 com.apple.WebCore 0x00000001014c8923 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 547 40 com.apple.WebCore 0x00000001014c981f WebCore::RenderBlock::layoutBlock(bool) + 2319 41 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 42 com.apple.WebCore 0x00000001014c82f1 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 369 43 com.apple.WebCore 0x00000001014c8923 WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 547 44 com.apple.WebCore 0x00000001014c981f WebCore::RenderBlock::layoutBlock(bool) + 2319 45 com.apple.WebCore 0x00000001014b7773 WebCore::RenderBlock::layout() + 35 46 com.apple.WebCore 0x00000001015a3977 WebCore::RenderView::layout() + 279 47 com.apple.WebCore 0x0000000100f0719e WebCore::FrameView::layout(bool) + 1134 48 com.apple.WebCore 0x0000000100dbacc8 WebCore::Document::implicitClose() + 616 49 com.apple.WebCore 0x0000000100eed3bf WebCore::FrameLoader::checkCompleted() + 159 50 com.apple.WebCore 0x000000010142eff0 WebCore::Loader::Host::didFail(WebCore::SubresourceLoader*, bool) + 368 51 com.apple.WebCore 0x00000001016388ee WebCore::SubresourceLoader::didFail(WebCore::ResourceError const&) + 62 52 com.apple.WebCore 0x00000001015b69fe -[WebCoreResourceHandleAsDelegate connection:didFailWithError:] + 206 53 com.apple.Foundation 0x7fff8163c812 _NSURLConnectionDidFail + 123 (/SourceCache/Foundation/Foundation-751.29/URL.subproj/Connection.subproj/NSURLConnection.m:886) 54 com.apple.CFNetwork 0x7fff84aa18bb URLConnectionClient::_clientDidFailWithError(__CFError*, URLConnectionClient::ClientConnectionEventQueue*) + 605 (/SourceCache/CFNetwork/CFNetwork-454.9.7/Connection/URLConnectionClient.cpp:1342) 55 com.apple.CFNetwork 0x7fff84aa13f8 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 276 (/SourceCache/CFNetwork/CFNetwork-454.9.7/Connection/URLConnectionClient.cpp:1684) 56 com.apple.CFNetwork 0x7fff84a2879f URLConnectionClient::processEvents() + 121 (/SourceCache/CFNetwork/CFNetwork-454.9.7/Connection/ConnectionEventQueue.h:177) 57 com.apple.CFNetwork 0x7fff84a2857c MultiplexerSource::perform() + 160 (/SourceCache/CFNetwork/CFNetwork-454.9.7/SharedCode/ThreadSupportMach.h:34) 58 com.apple.CoreFoundation 0x7fff869dde91 __CFRunLoopDoSources0 + 1361 (/SourceCache/CF/CF-550.29/RunLoop.subproj/CFRunLoop.c:1656) 59 com.apple.CoreFoundation 0x7fff869dc089 __CFRunLoopRun + 873 (/SourceCache/CF/CF-550.29/RunLoop.subproj/CFRunLoop.c:2050) 60 com.apple.CoreFoundation 0x7fff869db84f CFRunLoopRunSpecific + 575 (/SourceCache/CF/CF-550.29/RunLoop.subproj/CFRunLoop.c:2383) 61 com.apple.HIToolbox 0x7fff8707b91a RunCurrentEventLoopInMode + 333 (Events/EventsCore/EventLoop.c:737) 62 com.apple.HIToolbox 0x7fff8707b71f ReceiveNextEventCommon + 310 (Events/EventsCore/EventBlocking.c:456) 63 com.apple.HIToolbox 0x7fff8707b5d8 BlockUntilNextEventMatchingListInMode + 59 (Events/EventsCore/EventBlocking.c:362) 64 com.apple.AppKit 0x7fff84f2229e _DPSNextEvent + 708 (/SourceCache/AppKit/AppKit-1038.32/GraphicsContext.subproj/CGDPSReplacement.m:451) 65 com.apple.AppKit 0x7fff84f21bed -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 155 (/SourceCache/AppKit/AppKit-1038.32/AppKit.subproj/NSApplication.m:3759) 66 com.apple.Safari 0x100015940 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 177 (/SourceCache/WebBrowser/WebBrowser-7533.17.8/mac/BrowserApplication.mm:411) 67 com.apple.AppKit 0x7fff84ee78d3 -[NSApplication run] + 395 (/SourceCache/AppKit/AppKit-1038.32/AppKit.subproj/NSApplication.m:2598) 68 com.apple.AppKit 0x7fff84ee05f8 NSApplicationMain + 364 (/SourceCache/AppKit/AppKit-1038.32/AppKit.subproj/NSApplication.m:7159) 69 com.apple.Safari 0x10000980c start + 52
Attachments
Test case that crashed
(41.41 KB, application/xhtml+xml)
2010-08-27 16:01 PDT
,
Beth Dakin
no flags
Details
Patch
(1.41 KB, patch)
2010-08-27 16:02 PDT
,
Beth Dakin
darin
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Beth Dakin
Comment 1
2010-08-27 16:01:16 PDT
Created
attachment 65779
[details]
Test case that crashed This is a test that crashes. It needs to be reduced into a small enough test to be a layout test.
Beth Dakin
Comment 2
2010-08-27 16:02:37 PDT
Created
attachment 65780
[details]
Patch This cannot be committed until the test case is reduced into a layout test, but I am attaching it anyway.
Darin Adler
Comment 3
2010-08-29 11:47:05 PDT
Comment on
attachment 65780
[details]
Patch Please land this along with a regression test, as you said you planned to do.
Beth Dakin
Comment 4
2010-08-30 11:56:24 PDT
I have a test for this now. Will land shortly.
Beth Dakin
Comment 5
2010-08-30 12:57:51 PDT
Fixed with
http://trac.webkit.org/changeset/66402
I forgot to check in the test with that revision, so I will check in the test momentarily.
Beth Dakin
Comment 6
2010-08-30 13:04:32 PDT
Test committed with
http://trac.webkit.org/changeset/66403
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug