[Webkit-unassigned] [Bug 100465] MathML fuzzing bugs - 3
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 25 23:16:21 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=100465
--- Comment #3 from Eric Seidel <eric at webkit.org> 2012-10-25 23:17:31 PST ---
Here is a crash stack from my build:
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000030
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x000000010fa9dffd WebCore::RenderFlexibleBox::firstLineBoxBaseline() const + 429 (RenderObject.h:1065)
1 com.apple.WebCore 0x000000010fa9e159 WebCore::RenderFlexibleBox::firstLineBoxBaseline() const + 777 (RenderFlexibleBox.cpp:280)
2 com.apple.WebCore 0x000000010fae3b41 WebCore::RenderMathMLBlock::baselinePosition(WebCore::FontBaseline, bool, WebCore::LineDirectionMode, WebCore::LinePositionMode) const + 49 (RenderMathMLBlock.cpp:208)
3 com.apple.WebCore 0x000000010fbabc79 WebCore::RootInlineBox::ascentAndDescentForBox(WebCore::InlineBox*, WTF::HashMap<WebCore::InlineTextBox const*, std::__1::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::__1::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&, int&, int&, bool&, bool&) const + 169 (RootInlineBox.cpp:744)
4 com.apple.WebCore 0x000000010f597d38 WebCore::InlineFlowBox::computeLogicalBoxHeights(WebCore::RootInlineBox*, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&, int&, int&, bool&, bool&, bool, WTF::HashMap<WebCore::InlineTextBox const*, std::__1::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::__1::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&, WebCore::FontBaseline, WebCore::VerticalPositionCache&) + 680 (InlineBox.h:184)
5 com.apple.WebCore 0x000000010fbaa572 WebCore::RootInlineBox::alignBoxesInBlockDirection(WebCore::FractionalLayoutUnit, WTF::HashMap<WebCore::InlineTextBox const*, std::__1::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::__1::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&, WebCore::VerticalPositionCache&) + 242 (FractionalLayoutUnit.h:176)
6 com.apple.WebCore 0x000000010fa636bb WebCore::RenderBlock::computeBlockDirectionPositionsForLine(WebCore::RootInlineBox*, WebCore::BidiRun*, WTF::HashMap<WebCore::InlineTextBox const*, std::__1::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow>, WTF::PtrHash<WebCore::InlineTextBox const*>, WTF::HashTraits<WebCore::InlineTextBox const*>, WTF::HashTraits<std::__1::pair<WTF::Vector<WebCore::SimpleFontData const*, 0ul>, WebCore::GlyphOverflow> > >&, WebCore::VerticalPositionCache&) + 75 (RefPtr.h:58)
7 com.apple.WebCore 0x000000010fa6387d WebCore::RenderBlock::createLineBoxesFromBidiRuns(WebCore::BidiRunList<WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::LineInfo&, WebCore::VerticalPositionCache&, WebCore::BidiRun*, WTF::Vector<WebCore::WordMeasurement, 64ul>&) + 237 (RenderBlockLineLayout.cpp:1200)
8 com.apple.WebCore 0x000000010fa6583b WebCore::RenderBlock::layoutRunsAndFloatsInRange(WebCore::LineLayoutState&, WebCore::BidiResolver<WebCore::InlineIterator, WebCore::BidiRun>&, WebCore::InlineIterator const&, WebCore::BidiStatus const&, unsigned int) + 3979 (RenderBlockLineLayout.cpp:1485)
9 com.apple.WebCore 0x000000010fa63e3a WebCore::RenderBlock::layoutRunsAndFloats(WebCore::LineLayoutState&, bool) + 1242 (RenderBlockLineLayout.cpp:1375)
10 com.apple.WebCore 0x000000010fa6a6c1 WebCore::RenderBlock::layoutInlineChildren(bool, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 1281 (Vector.h:527)
11 com.apple.WebCore 0x000000010fa44e52 WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1010 (RenderBlock.cpp:1554)
12 com.apple.WebCore 0x000000010fa44450 WebCore::RenderBlock::layout() + 64 (RenderBlock.cpp:1386)
13 com.apple.WebCore 0x000000010fa4b4d8 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 856 (RenderBlock.cpp:2484)
14 com.apple.WebCore 0x000000010fa4657a WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::FractionalLayoutUnit&) + 586 (RenderBlock.cpp:2397)
15 com.apple.WebCore 0x000000010fa44e6c WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1036 (RenderBlock.cpp:1559)
16 com.apple.WebCore 0x000000010fa44450 WebCore::RenderBlock::layout() + 64 (RenderBlock.cpp:1386)
17 com.apple.WebCore 0x000000010fa4b4d8 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, WebCore::FractionalLayoutUnit&, WebCore::FractionalLayoutUnit&) + 856 (RenderBlock.cpp:2484)
18 com.apple.WebCore 0x000000010fa4657a WebCore::RenderBlock::layoutBlockChildren(bool, WebCore::FractionalLayoutUnit&) + 586 (RenderBlock.cpp:2397)
19 com.apple.WebCore 0x000000010fa44e6c WebCore::RenderBlock::layoutBlock(bool, WebCore::FractionalLayoutUnit) + 1036 (RenderBlock.cpp:1559)
20 com.apple.WebCore 0x000000010fa44450 WebCore::RenderBlock::layout() + 64 (RenderBlock.cpp:1386)
21 com.apple.WebCore 0x000000010fb86245 WebCore::RenderView::layout() + 917 (OwnPtr.h:78)
22 com.apple.WebCore 0x000000010f479b95 WebCore::FrameView::layout(bool) + 1733 (FrameView.cpp:1197)
23 com.apple.WebCore 0x000000010f47f7cd WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive() + 141 (HashTable.h:391)
24 com.apple.WebKit2 0x000000010e79d624 WebKit::WebPage::layoutIfNeeded() + 34 (RefPtr.h:70)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list