Bug 83479 - Infinite loop in SVGTextLayoutEngine::currentLogicalCharacterMetrics
Summary: Infinite loop in SVGTextLayoutEngine::currentLogicalCharacterMetrics
Status: RESOLVED DUPLICATE of bug 83405
Alias: None
Product: WebKit
Classification: Unclassified
Component: SVG (show other bugs)
Version: 528+ (Nightly build)
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2012-04-09 09:39 PDT by Stephen Chenney
Modified: 2012-04-09 13:29 PDT (History)
2 users (show)

See Also:


Note You need to log in before you can comment on or make changes to this bug.
Description Stephen Chenney 2012-04-09 09:39:10 PDT
A Chrome user reports an infinite loop in SVGTextLayoutEngine::currentLogicalCharacterMetrics in Chrome 18, which is probably a result of the change in http://trac.webkit.org/changeset/105143. We have a dump that I can look at sometime soon, but otherwise not much info ...


Chrome Version       : 18.0.1025.142 (Official Build 129054) m
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
  Chrome 17.x: OK
  Firefox 11.0: OK
       IE 8: OK

What steps will reproduce the problem?
Chrome is running under Windows XP.  The page causing the problem is being served by an industrial device on a local intranet.  The page is created using Mootools.  It is multi-paned displaying line graphs.  The data is originating in .CSV files being served from the device.  The code was written by a third-party so I can't give much details as to how the page is being rendered at this time.

What is the expected result?
A trace can be selected in the left pane and graphs are drawn in the right pane.  Points on the graph can be selected to display pertinent data.  You can select any trace in the left pane and it is rendered in the right pane.

What happens instead?
After a few seconds to a few minutes, the screen locks.  Process Explorer shows 50% CPU usage.  Debugging with Visual Sudio shows the process in an infinite loop.  Details are shown below.  A minidump is also attached.

Please provide any additional information below. Attach a screenshot if possible.

chrome-debug is a screen shot of the code in the loop.  In this code at the start of the loop:

026F8B0E  mov         eax,dword ptr [ebx+0C8h] 
026F8B14  cmp         eax,dword ptr [this] 

Both the pointer at [ebx+0C8h] and [this] are NULL.  The loop is completed at the JMP at 026F8B34.

The web page worked with version 17.x of Chrome and broke in a recent update to 18.
Comment 1 Tim Horton 2012-04-09 12:30:42 PDT
Dupe of https://bugs.webkit.org/show_bug.cgi?id=83405?
Comment 2 Stephen Chenney 2012-04-09 13:29:34 PDT
Yes, duplicate.

*** This bug has been marked as a duplicate of bug 83405 ***