Bug 9432 - REGRESSION: crash in capitalization code due to empty-string generated content
Summary: REGRESSION: crash in capitalization code due to empty-string generated content
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Critical
Assignee: Nobody
URL: http://blog.bepointbe.be/index.php/20...
Keywords: EasyFix, HasReduction, Regression
Depends on:
Blocks:
 
Reported: 2006-06-14 01:41 PDT by David Smith
Modified: 2006-06-16 06:09 PDT (History)
4 users (show)

See Also:

Attachments
Test case reduction (321 bytes, text/html)
2006-06-14 05:01 PDT, jonathanjohnsson 		no flags Details
Ignore empty-string renderers (38.35 KB, patch)
2006-06-15 13:17 PDT, mitz 		hyatt: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description David Smith 2006-06-14 01:41:55 PDT 
Relevant section of backtrace:

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xfffffffe

Thread 0 Crashed:
0   com.apple.WebCore        	0x011be3c0 WebCore::RenderText::setText(WebCore::StringImpl*, bool) + 368
1   com.apple.WebCore        	0x01195500 WebCore::RenderContainer::addChild(WebCore::RenderObject*, WebCore::RenderObject*) + 816
2   com.apple.WebCore        	0x011a1620 WebCore::RenderInline::addChildToFlow(WebCore::RenderObject*, WebCore::RenderObject*) + 192
3   com.apple.WebCore        	0x0125f7e8 WebCore::Node::createRendererIfNeeded() + 312
4   com.apple.WebCore        	0x0122c698 WebCore::Text::attach() + 24
5   com.apple.WebCore        	0x0102d1f8 WebCore::HTMLParser::insertNode(WebCore::Node*, bool) + 472
6   com.apple.WebCore        	0x0102ecd0 WebCore::HTMLParser::parseToken(WebCore::Token*) + 800
7   com.apple.WebCore        	0x01030350 WebCore::HTMLTokenizer::processToken() + 768
8   com.apple.WebCore        	0x01035550 WebCore::HTMLTokenizer::write(WebCore::SegmentedString const&, bool) + 928
9   com.apple.WebCore        	0x010ce8d8 WebCore::Frame::write(char const*, int) + 824
10  com.apple.WebKit         	0x003348bc -[WebHTMLRepresentation receivedData:withDataSource:] + 156
11  com.apple.WebKit         	0x003280ac -[WebDataSource(WebPrivate) _commitLoadWithData:] + 92
12  com.apple.WebKit         	0x00349074 -[WebMainResourceLoader addData:] + 84
13  com.apple.WebKit         	0x00325530 -[WebLoader didReceiveData:lengthReceived:] + 64
14  com.apple.WebKit         	0x003499e8 -[WebMainResourceLoader didReceiveData:lengthReceived:] + 120
15  com.apple.WebKit         	0x00325978 -[WebLoader connection:didReceiveData:lengthReceived:] + 56
16  com.apple.Foundation     	0x929a85d4 -[NSURLConnection(NSURLConnectionInternal) _sendDidReceiveDataCallback] + 564
17  com.apple.Foundation     	0x929a6a74 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 488
Comment 1 Alexey Proskuryakov 2006-06-14 03:37:23 PDT 
Confirmed with r14767.
Comment 2 David Kilzer (:ddkilzer) 2006-06-14 03:42:55 PDT 
Crash on locally-built r14857 (first method is different):

Exception:  EXC_BAD_ACCESS (0x0001)
Codes:      KERN_INVALID_ADDRESS (0x0001) at 0xfffffffe

Thread 0 Crashed:
0   com.apple.WebCore        	0x01b98a58 WebCore::StringImpl::operator[](int) const + 40 (HTMLParser.cpp:84)
1   com.apple.WebCore        	0x0197cd4c WebCore::RenderText::setText(WebCore::StringImpl*, bool) + 696 (RenderText.cpp:895)
2   com.apple.WebCore        	0x019419d4 WebCore::RenderContainer::addChild(WebCore::RenderObject*, WebCore::RenderObject*) + 1600 (RenderContainer.cpp:157)
3   com.apple.WebCore        	0x0195026c WebCore::RenderInline::addChildToFlow(WebCore::RenderObject*, WebCore::RenderObject*) + 1000 (RenderInline.cpp:113)
4   com.apple.WebCore        	0x01948128 WebCore::RenderFlow::addChild(WebCore::RenderObject*, WebCore::RenderObject*) + 156 (RenderFlow.cpp:120)
5   com.apple.WebCore        	0x01a47d64 WebCore::Node::createRendererIfNeeded() + 748 (Node.cpp:920)
6   com.apple.WebCore        	0x01a03f04 WebCore::Text::attach() + 36 (Text.cpp:158)
7   com.apple.WebCore        	0x0188bfb0 WebCore::ContainerNode::attach() + 72 (ContainerNode.cpp:574)
8   com.apple.WebCore        	0x01a4f968 WebCore::Element::attach() + 48 (Element.cpp:544)
9   com.apple.WebCore        	0x0188bfb0 WebCore::ContainerNode::attach() + 72 (ContainerNode.cpp:574)
10  com.apple.WebCore        	0x01a4f968 WebCore::Element::attach() + 48 (Element.cpp:544)
11  com.apple.WebCore        	0x01ae4a78 WebCore::HTMLLIElement::attach() + 100 (HTMLLIElement.cpp:85)
12  com.apple.WebCore        	0x0188bfb0 WebCore::ContainerNode::attach() + 72 (ContainerNode.cpp:574)
13  com.apple.WebCore        	0x01a4f968 WebCore::Element::attach() + 48 (Element.cpp:544)
14  com.apple.WebCore        	0x0188bfb0 WebCore::ContainerNode::attach() + 72 (ContainerNode.cpp:574)
15  com.apple.WebCore        	0x01a4f968 WebCore::Element::attach() + 48 (Element.cpp:544)
16  com.apple.WebCore        	0x0188bfb0 WebCore::ContainerNode::attach() + 72 (ContainerNode.cpp:574)
17  com.apple.WebCore        	0x01a4f968 WebCore::Element::attach() + 48 (Element.cpp:544)
18  com.apple.WebCore        	0x0188bfb0 WebCore::ContainerNode::attach() + 72 (ContainerNode.cpp:574)
19  com.apple.WebCore        	0x01a4f968 WebCore::Element::attach() + 48 (Element.cpp:544)
20  com.apple.WebCore        	0x0188bfb0 WebCore::ContainerNode::attach() + 72 (ContainerNode.cpp:574)
21  com.apple.WebCore        	0x01a4f968 WebCore::Element::attach() + 48 (Element.cpp:544)
22  com.apple.WebCore        	0x01a4fb50 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 468 (Element.cpp:561)
23  com.apple.WebCore        	0x01a4fe10 WebCore::Element::recalcStyle(WebCore::Node::StyleChange) + 1172 (Element.cpp:588)
24  com.apple.WebCore        	0x01882e70 WebCore::Document::recalcStyle(WebCore::Node::StyleChange) + 1240 (Document.cpp:851)
25  com.apple.WebCore        	0x01888dc0 WebCore::Document::updateStyleSelector() + 92 (Document.cpp:1752)
26  com.apple.WebCore        	0x01888edc WebCore::Document::stylesheetLoaded() + 136 (Document.cpp:1731)
27  com.apple.WebCore        	0x01ab7318 WebCore::HTMLLinkElement::setStyleSheet(WebCore::String const&, WebCore::String const&) + 536 (HTMLLinkElement.cpp:226)
28  com.apple.WebCore        	0x018a4764 WebCore::CachedCSSStyleSheet::checkNotify() + 380 (CachedCSSStyleSheet.cpp:115)
29  com.apple.WebCore        	0x018a48a4 WebCore::CachedCSSStyleSheet::data(WTF::Vector<char, (unsigned long)0>&, bool) + 216 (CachedCSSStyleSheet.cpp:101)
30  com.apple.WebCore        	0x018a9570 WebCore::Loader::receivedAllData(WebCore::TransferJob*, NSData*) + 464 (loader.cpp:139)
31  com.apple.WebCore        	0x01795afc -[KWQResourceLoader finishJobAndHandle:] + 180 (KWQResourceLoader.mm:98)
32  com.apple.WebCore        	0x01795dac -[KWQResourceLoader finishWithData:] + 196 (KWQResourceLoader.mm:130)
33  com.apple.WebKit         	0x0033d9f4 -[WebSubresourceLoader didFinishLoading] + 132 (WebSubresourceLoader.m:210)
34  com.apple.WebKit         	0x00341798 -[WebLoader connectionDidFinishLoading:] + 184 (WebLoader.m:575)
35  com.apple.Foundation     	0x929a884c -[NSURLConnection(NSURLConnectionInternal) _sendDidFinishLoadingCallback] + 188
36  com.apple.Foundation     	0x929a6ab8 -[NSURLConnection(NSURLConnectionInternal) _sendCallbacks] + 556
37  com.apple.Foundation     	0x929a6810 _sendCallbacks + 156
38  com.apple.CoreFoundation 	0x907e44cc __CFRunLoopDoSources0 + 384
39  com.apple.CoreFoundation 	0x907e39fc __CFRunLoopRun + 452
40  com.apple.CoreFoundation 	0x907e347c CFRunLoopRunSpecific + 268
41  com.apple.HIToolbox      	0x9321d980 RunCurrentEventLoopInMode + 264
42  com.apple.HIToolbox      	0x9321d014 ReceiveNextEventCommon + 380
43  com.apple.HIToolbox      	0x9321ce80 BlockUntilNextEventMatchingListInMode + 96
44  com.apple.AppKit         	0x9371fe84 _DPSNextEvent + 384
45  com.apple.AppKit         	0x9371fb48 -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 116
46  com.apple.Safari         	0x00006df4 0x1000 + 24052
47  com.apple.AppKit         	0x9371c08c -[NSApplication run] + 472
48  com.apple.AppKit         	0x9380cbfc NSApplicationMain + 452
49  com.apple.Safari         	0x0005cb98 0x1000 + 375704
50  com.apple.Safari         	0x0005ca40 0x1000 + 375360
Comment 3 jonathanjohnsson 2006-06-14 05:01:34 PDT 
Created attachment 8844 [details]
Test case reduction
Comment 4 mitz 2006-06-14 13:24:29 PDT 
This looks like an easy fix once you decide whether the empty generated-content string constitutes a word break or not.
Comment 5 Darin Adler 2006-06-15 07:55:47 PDT 
(In reply to comment #4)
> This looks like an easy fix once you decide whether the empty generated-content
> string constitutes a word break or not.

Lets code this for now so that an empty string doesn't cause a word break.
Comment 6 mitz 2006-06-15 13:17:02 PDT 
Created attachment 8862 [details]
Ignore empty-string renderers
Comment 7 Dave Hyatt 2006-06-15 13:20:16 PDT 
Comment on attachment 8862 [details]
Ignore empty-string renderers

r=me
Comment 8 David Kilzer (:ddkilzer) 2006-06-16 06:09:49 PDT 
Committed revision 14887.