[Webkit-unassigned] [Bug 55069] New: Crash in RenderCombineText::combineText when running fast/text/international/text-combine-parser-test.html on Windows with full page heap enabled

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Feb 23 12:03:29 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=55069

           Summary: Crash in RenderCombineText::combineText when running
                    fast/text/international/text-combine-parser-test.html
                    on Windows with full page heap enabled
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows XP
            Status: NEW
          Keywords: LayoutTestFailure, NeedsRadar, PlatformOnly
          Severity: Normal
          Priority: P2
         Component: Text
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: aroben at apple.com


To reproduce:

1. gflags /p /enable dumprendertree.exe /full
2. run-webkit-tests fast/text/international/text-combine-parser-test.html

You'll crash in RenderCombineText::combineText. It looks like the caller made a bad cast: it cast a RenderObject* to a RenderCombineText*, but the object is actually a plain, old RenderText. Here's the backtrace:


     WebKit.dll!WebCore::RenderCombineText::combineText()  Line 85 + 0x3 bytes    C++
>	WebKit.dll!WebCore::RenderBlock::findNextLineBreak(WebCore::BidiResolver<WebCore::InlineIterator,WebCore::BidiRun> & resolver={...}, bool firstLine=true, bool & isLineEmpty=true, bool & previousLineBrokeCleanly=false, bool & hyphenated=false, WebCore::EClear * clear=0x0012e164, WebCore::RenderBlock::FloatingObject * lastFloatFromPreviousLine=0x00000000)  Line 1654	C++
     WebKit.dll!WebCore::RenderBlock::layoutInlineChildren(bool relayoutChildren=true, int & repaintLogicalTop=0, int & repaintLogicalBottom=0)  Line 681 + 0x40 bytes    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0)  Line 1223    C++
     WebKit.dll!WebCore::RenderBlock::layout()  Line 1120 + 0x16 bytes    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x40c7ef7c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0)  Line 1958 + 0x12 bytes    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0)  Line 1897    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0)  Line 1227    C++
     WebKit.dll!WebCore::RenderBlock::layout()  Line 1120 + 0x16 bytes    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x3f2a4f7c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0)  Line 1958 + 0x12 bytes    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0)  Line 1897    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0)  Line 1227    C++
     WebKit.dll!WebCore::RenderBlock::layout()  Line 1120 + 0x16 bytes    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox * child=0x3f73ef7c, WebCore::RenderBlock::MarginInfo & marginInfo={...}, int & previousFloatLogicalBottom=0, int & maxFloatLogicalBottom=0)  Line 1958 + 0x12 bytes    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlockChildren(bool relayoutChildren=true, int & maxFloatLogicalBottom=0)  Line 1897    C++
     WebKit.dll!WebCore::RenderBlock::layoutBlock(bool relayoutChildren=true, int pageLogicalHeight=0)  Line 1227    C++
     WebKit.dll!WebCore::RenderBlock::layout()  Line 1120 + 0x16 bytes    C++
     WebKit.dll!WebCore::RenderView::layout()  Line 132    C++
     WebKit.dll!WebCore::FrameView::layout(bool allowSubtree=true)  Line 906 + 0x12 bytes    C++
     WebKit.dll!WebCore::Document::implicitClose()  Line 2132    C++
     WebKit.dll!WebCore::FrameLoader::checkCallImplicitClose()  Line 896    C++
     WebKit.dll!WebCore::FrameLoader::checkCompleted()  Line 845    C++
     WebKit.dll!WebCore::FrameLoader::finishedParsing()  Line 779    C++
     WebKit.dll!WebCore::Document::finishedParsing()  Line 4231    C++
     WebKit.dll!WebCore::HTMLTreeBuilder::finished()  Line 2804 + 0x18 bytes    C++
     WebKit.dll!WebCore::HTMLDocumentParser::end()  Line 350    C++
     WebKit.dll!WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd()  Line 359    C++
     WebKit.dll!WebCore::HTMLDocumentParser::prepareToStopParsing()  Line 152    C++
     WebKit.dll!WebCore::HTMLDocumentParser::attemptToEnd()  Line 370 + 0xf bytes    C++
     WebKit.dll!WebCore::HTMLDocumentParser::finish()  Line 399    C++
     WebKit.dll!WebCore::Document::finishParsing()  Line 2233 + 0x20 bytes    C++
     WebKit.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource()  Line 223    C++
     WebKit.dll!WebCore::DocumentWriter::end()  Line 208    C++
     WebKit.dll!WebCore::DocumentLoader::finishedLoading()  Line 286    C++
     WebKit.dll!WebCore::FrameLoader::finishedLoading()  Line 2193    C++
     WebKit.dll!WebCore::MainResourceLoader::didFinishLoading(double finishTime=0.00000000000000000)  Line 465    C++
     WebKit.dll!WebCore::ResourceLoader::didFinishLoading(WebCore::ResourceHandle * __formal=0x41281ff0, double finishTime=0.00000000000000000)  Line 436 + 0x18 bytes    C++
     WebKit.dll!WebCore::didFinishLoading(_CFURLConnection * conn=0x3f27ffe0, const void * clientInfo=0x41281ff0)  Line 241 + 0x26 bytes    C++
     CFNetwork.dll!URLConnectionClient::_clientDidFinishLoading() + 0x2b bytes    C++
     CFNetwork.dll!URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload()    C++
     CFNetwork.dll!URLConnectionClient::processEvents() + 0x21 bytes    C++
     CFNetwork.dll!URLConnectionWndProc()    C++
     user32.dll!_InternalCallWinProc at 20()  + 0x28 bytes    
     user32.dll!_UserCallWinProcCheckWow at 32()  + 0xb7 bytes    
     user32.dll!_DispatchMessageWorker at 8()  + 0xdc bytes    
     user32.dll!_DispatchMessageW at 4()  + 0xf bytes    
     DumpRenderTree.exe!runTest(const std::basic_string<char,std::char_traits<char>,std::allocator<char> > & testPathOrURL="c:\Documents and Settings\Adam Roben\dev\WebKit\OpenSource\LayoutTests\fast\text\international\text-combine-parser-test.html")  Line 1002 + 0xf bytes    C++
     DumpRenderTree.exe!main(int argc=2, char * * argv=0x07c57f98)  Line 1379 + 0x28 bytes    C++
     DumpRenderTree.exe!__tmainCRTStartup()  Line 597 + 0x17 bytes    C
     kernel32.dll!_BaseProcessStart at 4()  + 0x23 bytes

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list