[Webkit-unassigned] [Bug 44191] New: WebKit crash when combining text-rendering and ex units

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Aug 18 11:34:16 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=44191

           Summary: WebKit crash when combining text-rendering and ex
                    units
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
               URL: http://jsfiddle.net/tMq3j/
        OS/Version: All
            Status: UNCONFIRMED
          Severity: Critical
          Priority: P2
         Component: WebKit Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: gonchuki at gmail.com


simply use this: <span style="text-rendering: optimizeLegibility; margin-bottom: 1ex;">crash!</span> and any WebKit based browser will crash. 

I tested and confirmed that this happens with any property that modifies the element box, so it applies to border, padding, margin and outline. Notice that it only happens when using ex units (as far as I confirmed), using em instead of ex does not reproduce the crash.


This is a non-exhaustive list of the browsers/platforms where the bug is reproducible:

- Safari 5, Windows 7
- WebKit Nightly r65225 - Windows 7
- Google Chrome 5.0.375.126, Windows 7
- Google Chrome 5.0.375.126, Mac OS X 10.6
- Google Chrome 5.0.375.126, Ubuntu Linux 10.04
- Apple iPad, iPhoneOS 3.2

I also noticed that Google Chrome Beta (build 6.0.472.36) is immune to this issue, so there's probably some compile parameter or a very recent patch that was not integrated back into WebKit that fixes this crash (there is no ticket on Chrome's tracker relating to this, so it might be an accidental fix.)

Also notice that current status for WebKit implementations used in iOS4, WebOS and Android is unknown as I don't have access to those, but being that I confirmed it on the iPad I can quickly conclude that the bug is architecture independent and will crash in any ARM CPU too.


here's an URL to jsfiddle so you can see this in action: http://jsfiddle.net/tMq3j/

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list