[Webkit-unassigned] [Bug 24003] New: WebKit crashes on certain rtl pages

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 18 10:04:39 PST 2009 

https://bugs.webkit.org/show_bug.cgi?id=24003

           Summary: WebKit crashes on certain rtl pages
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows XP
            Status: UNCONFIRMED
          Severity: Major
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: kuchhal at yahoo.com


Some rtl pages are causing WebKit to crash when it converts an object to
RenderInline. The stack trace (from Chromium builds, but I can reproduce the
same crash in Safari with latest WebKit):

0x0143e367      [chrome.dll     - inlineflowbox.h:107] 
WebCore::InlineFlowBox::borderLeft()
0x01442067      [chrome.dll     - renderbox.cpp:2037] 
WebCore::RenderBox::calcAbsoluteHorizontalValues(WebCore::Length,WebCore::RenderBoxModelObject
const
*,WebCore::TextDirection,int,int,WebCore::Length,WebCore::Length,WebCore::Length,WebCore::Length,int
&,int &,int &,int &)
0x01441c6a      [chrome.dll     - renderbox.cpp:1816] 
WebCore::RenderBox::calcAbsoluteHorizontal()
0x014408c0      [chrome.dll     - renderbox.cpp:1205]  
WebCore::RenderBox::calcWidth()
0x01471787      [chrome.dll     - renderblock.cpp:732] 
WebCore::RenderBlock::layoutBlock(bool)
0x014716bc      [chrome.dll     - renderblock.cpp:704] 
WebCore::RenderBlock::layout()
0x01472d57      [chrome.dll     - renderblock.cpp:1521] 
WebCore::RenderBlock::layoutPositionedObjects(bool)
0x014aa3c8      [chrome.dll     - renderflexiblebox.cpp:249] 
WebCore::RenderFlexibleBox::layoutBlock(bool)
0x014716bc      [chrome.dll     - renderblock.cpp:704] 
WebCore::RenderBlock::layout()
0x014eed98      [chrome.dll     - bidi.cpp:819] 
WebCore::RenderBlock::layoutInlineChildren(bool,int &,int &)
0x0147189c      [chrome.dll     - renderblock.cpp:785] 
WebCore::RenderBlock::layoutBlock(bool)
0x014716bc      [chrome.dll     - renderblock.cpp:704] 
WebCore::RenderBlock::layout()
0x01474a50      [chrome.dll     - renderblock.cpp:2354] 
WebCore::RenderBlock::insertFloatingObject(WebCore::RenderBox *)


-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

More information about the webkit-unassigned mailing list