[Webkit-unassigned] [Bug 83479] New: Infinite loop in SVGTextLayoutEngine::currentLogicalCharacterMetrics

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Apr 9 09:39:10 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=83479

           Summary: Infinite loop in
                    SVGTextLayoutEngine::currentLogicalCharacterMetrics
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: schenney at chromium.org
                CC: zimmermann at kde.org


A Chrome user reports an infinite loop in SVGTextLayoutEngine::currentLogicalCharacterMetrics in Chrome 18, which is probably a result of the change in http://trac.webkit.org/changeset/105143. We have a dump that I can look at sometime soon, but otherwise not much info ...

http://code.google.com/p/chromium/issues/detail?id=122620

Chrome Version       : 18.0.1025.142 (Official Build 129054) m
URLs (if applicable) :
Other browsers tested:
Add OK or FAIL after other browsers where you have tested this issue:
  Chrome 17.x: OK
  Firefox 11.0: OK
       IE 8: OK

What steps will reproduce the problem?
Chrome is running under Windows XP.  The page causing the problem is being served by an industrial device on a local intranet.  The page is created using Mootools.  It is multi-paned displaying line graphs.  The data is originating in .CSV files being served from the device.  The code was written by a third-party so I can't give much details as to how the page is being rendered at this time.

What is the expected result?
A trace can be selected in the left pane and graphs are drawn in the right pane.  Points on the graph can be selected to display pertinent data.  You can select any trace in the left pane and it is rendered in the right pane.

What happens instead?
After a few seconds to a few minutes, the screen locks.  Process Explorer shows 50% CPU usage.  Debugging with Visual Sudio shows the process in an infinite loop.  Details are shown below.  A minidump is also attached.

Please provide any additional information below. Attach a screenshot if possible.

chrome-debug is a screen shot of the code in the loop.  In this code at the start of the loop:

026F8B0E  mov         eax,dword ptr [ebx+0C8h] 
026F8B14  cmp         eax,dword ptr [this] 

Both the pointer at [ebx+0C8h] and [this] are NULL.  The loop is completed at the JMP at 026F8B34.

The web page worked with version 17.x of Chrome and broke in a recent update to 18.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list