[Webkit-unassigned] [Bug 13896] New: Reproductible crasher on Google Coop control panel

[bugzilla-daemon at webkit.org]

http://bugs.webkit.org/show_bug.cgi?id=13896

           Summary: Reproductible crasher on Google Coop control panel
           Product: WebKit
           Version: 522+ (nightly)
          Platform: Macintosh
               URL: http://ol.g.free.fr/tests/coop.html
        OS/Version: Mac OS X 10.4
            Status: UNCONFIRMED
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: olivierg at gmail.com


Version: WebKit 522+, r21819
Platform: Mac OS X 10.4.9 8P135 PowerPC 
System configuration: PowerMac7,3, Dual PowerPC G5, 2 GB, 6800 GT DDL

Summary:

When accessing the control panel for a Google Coop custom search engine, on the
"sites" tab, WebKit crashes in
WebCore::FontFallbackList::fontDataAt(WebCore::Font const*, unsigned) const +
28

This is 100% reproducible in my setup. 

How to reproduce:

The extracted HTML source is sufficient to provoke the crash (uploaded at URL).
To recreate the setup:
- go to http://www.google.com/coop
- create a new custom search engine, add a site to search in the list
- go to the control panel for the newly created search
- click on the "sites" settings link  


Regression:

Does not happen on Safari 2.0.4 (419.3)
Does not happen on Gecko/20070309 Firefox/2.0.0.3


-- 
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.