Bug 57900 - Crash in WebCore::RenderMathMLUnderOver::layout()
Summary: Crash in WebCore::RenderMathMLUnderOver::layout()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: MathML (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC OS X 10.5
: P2 Normal
Assignee: Vicki Pfau
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2011-04-05 16:05 PDT by Beth Dakin
Modified: 2011-06-13 16:21 PDT (History)
3 users (show)

See Also:


Attachments
Crashing test (46.63 KB, text/html)
2011-04-05 16:05 PDT, Beth Dakin
no flags Details
Another crashing test (9.97 KB, text/html)
2011-04-05 16:09 PDT, Beth Dakin
no flags Details
Third crashing test (8.51 KB, text/html)
2011-04-05 16:10 PDT, Beth Dakin
no flags Details
Patch (8.62 KB, patch)
2011-06-13 16:01 PDT, Vicki Pfau
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Beth Dakin 2011-04-05 16:05:30 PDT
<rdar://problem/8908386>

Crashing test case attached.

1 com.apple.WebCore              0x7fff8c67293f WebCore::RenderMathMLUnderOver::layout() + 0x19b
   2 com.apple.WebCore              0x7fff8be91a7d WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 0x423
   3 com.apple.WebCore              0x7fff8c645eee WebCore::RenderBlock::layoutBlock(bool, int) + 0x4dc
   4 com.apple.WebCore              0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28
   5 com.apple.WebCore              0x7fff8c671230 WebCore::RenderMathMLRow::layout() + 0x20
   6 com.apple.WebCore              0x7fff8be91a7d WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 0x423
   7 com.apple.WebCore              0x7fff8c645eee WebCore::RenderBlock::layoutBlock(bool, int) + 0x4dc
   8 com.apple.WebCore              0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28
   9 com.apple.WebCore              0x7fff8be90c67 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 0x2db
  10 com.apple.WebCore              0x7fff8be9026b WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 0x2b3
  11 com.apple.WebCore              0x7fff8c645f09 WebCore::RenderBlock::layoutBlock(bool, int) + 0x4f7
  12 com.apple.WebCore              0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28
  13 com.apple.WebCore              0x7fff8be90c67 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 0x2db
  14 com.apple.WebCore              0x7fff8be9026b WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 0x2b3
  15 com.apple.WebCore              0x7fff8c645f09 WebCore::RenderBlock::layoutBlock(bool, int) + 0x4f7
  16 com.apple.WebCore              0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28
  17 com.apple.WebCore              0x7fff8be90c67 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 0x2db
  18 com.apple.WebCore              0x7fff8be9026b WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 0x2b3
  19 com.apple.WebCore              0x7fff8c645f09 WebCore::RenderBlock::layoutBlock(bool, int) + 0x4f7
  20 com.apple.WebCore              0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28
  21 com.apple.WebCore              0x7fff8be8edc5 WebCore::RenderView::layout() + 0x21f
  22 com.apple.WebCore              0x7fff8be8dfc8 WebCore::FrameView::layout(bool) + 0x6c6
  23 com.apple.WebCore              0x7fff8be846ac WebCore::Document::implicitClose() + 0x306
  24 com.apple.WebCore              0x7fff8be8424f WebCore::FrameLoader::checkCompleted() + 0x121
  25 com.apple.WebCore              0x7fff8be83fca WebCore::FrameLoader::finishedParsing() + 0x56
  26 com.apple.WebCore              0x7fff8be81ff7 WebCore::Document::finishedParsing() + 0x10b
  27 com.apple.WebCore              0x7fff8c371795 WebCore::HTMLDocumentParser::prepareToStopParsing() + 0xa1
  28 com.apple.WebCore              0x7fff8be464c1 WebCore::DocumentWriter::endIfNotLoadingMainResource() + 0x6b
  29 com.apple.WebCore              0x7fff8bebac82 WebCore::FrameLoader::finishedLoading() + 0x48
  30 com.apple.WebCore              0x7fff8c60053d WebCore::MainResourceLoader::didFinishLoading(double) + 0x6f
  31 com.apple.Foundation           0x7fff9651a0e6 ___NSURLConnectionDidFinishLoading_block_invoke_1 + 0x7a
  32 com.apple.Foundation           0x7fff9643ce7d _NSURLConnectionDidFinishLoading + 0x51
  33 com.apple.CFNetwork            0x7fff928f8748 URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 0x148
  34 com.apple.CFNetwork            0x7fff929acc37 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 0x171
  35 com.apple.CFNetwork            0x7fff929ace44 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 0x37e
  36 com.apple.CFNetwork            0x7fff928e936b URLConnectionClient::processEvents() + 0xc1
  37 com.apple.CFNetwork            0x7fff928e9230 MultiplexerSource::perform() + 0xd4
  38 com.apple.CoreFoundation       0x108332b1d __CFRunLoopDoSources0 + 0xfd
  39 com.apple.CoreFoundation       0x1083324e9 __CFRunLoopRun + 0x389
  40 com.apple.CoreFoundation       0x108331f26 CFRunLoopRunSpecific + 0xe6
  41 com.apple.HIToolbox            0x7fff9032b067 RunCurrentEventLoopInMode + 0x115
  42 com.apple.HIToolbox            0x7fff9032adb3 ReceiveNextEventCommon + 0xb5
  43 com.apple.HIToolbox            0x7fff9032acee BlockUntilNextEventMatchingListInMode + 0x3e
  44 com.apple.AppKit               0x7fff8e9fa3e5 _DPSNextEvent + 0x293
  45 com.apple.AppKit               0x7fff8e9f9cea -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x87
  46 com.apple.Safari.framework     0x7fff8d65e5a4 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0xab
  47 com.apple.AppKit               0x7fff8e9bebad -[NSApplication run] + 0x1c8
  48 com.apple.AppKit               0x7fff8e9b7988 NSApplicationMain + 0x35c
  49 com.apple.Safari.framework     0x7fff8d7bf8ea SafariMain + 0xc5
  50 com.apple.Safari               0x1082e3f24 start + 0x0
Comment 1 Beth Dakin 2011-04-05 16:05:47 PDT
Created attachment 88327 [details]
Crashing test
Comment 2 Beth Dakin 2011-04-05 16:09:05 PDT
Created attachment 88328 [details]
Another crashing test
Comment 3 Beth Dakin 2011-04-05 16:10:06 PDT
Created attachment 88329 [details]
Third crashing test
Comment 4 Vicki Pfau 2011-06-13 16:01:15 PDT
Created attachment 97025 [details]
Patch
Comment 5 WebKit Review Bot 2011-06-13 16:20:59 PDT
Comment on attachment 97025 [details]
Patch

Clearing flags on attachment: 97025

Committed r88730: <http://trac.webkit.org/changeset/88730>
Comment 6 WebKit Review Bot 2011-06-13 16:21:03 PDT
All reviewed patches have been landed.  Closing bug.