RESOLVED FIXED 57900
Crash in WebCore::RenderMathMLUnderOver::layout() 
https://bugs.webkit.org/show_bug.cgi?id=57900
Summary Crash in WebCore::RenderMathMLUnderOver::layout()
Beth Dakin
Reported Wednesday, April 6, 2011 12:05:30 AM UTC
<rdar://problem/8908386> Crashing test case attached. 1 com.apple.WebCore 0x7fff8c67293f WebCore::RenderMathMLUnderOver::layout() + 0x19b 2 com.apple.WebCore 0x7fff8be91a7d WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 0x423 3 com.apple.WebCore 0x7fff8c645eee WebCore::RenderBlock::layoutBlock(bool, int) + 0x4dc 4 com.apple.WebCore 0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28 5 com.apple.WebCore 0x7fff8c671230 WebCore::RenderMathMLRow::layout() + 0x20 6 com.apple.WebCore 0x7fff8be91a7d WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 0x423 7 com.apple.WebCore 0x7fff8c645eee WebCore::RenderBlock::layoutBlock(bool, int) + 0x4dc 8 com.apple.WebCore 0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28 9 com.apple.WebCore 0x7fff8be90c67 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 0x2db 10 com.apple.WebCore 0x7fff8be9026b WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 0x2b3 11 com.apple.WebCore 0x7fff8c645f09 WebCore::RenderBlock::layoutBlock(bool, int) + 0x4f7 12 com.apple.WebCore 0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28 13 com.apple.WebCore 0x7fff8be90c67 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 0x2db 14 com.apple.WebCore 0x7fff8be9026b WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 0x2b3 15 com.apple.WebCore 0x7fff8c645f09 WebCore::RenderBlock::layoutBlock(bool, int) + 0x4f7 16 com.apple.WebCore 0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28 17 com.apple.WebCore 0x7fff8be90c67 WebCore::RenderBlock::layoutBlockChild(WebCore::RenderBox*, WebCore::RenderBlock::MarginInfo&, int&, int&) + 0x2db 18 com.apple.WebCore 0x7fff8be9026b WebCore::RenderBlock::layoutBlockChildren(bool, int&) + 0x2b3 19 com.apple.WebCore 0x7fff8c645f09 WebCore::RenderBlock::layoutBlock(bool, int) + 0x4f7 20 com.apple.WebCore 0x7fff8be8eeaa WebCore::RenderBlock::layout() + 0x28 21 com.apple.WebCore 0x7fff8be8edc5 WebCore::RenderView::layout() + 0x21f 22 com.apple.WebCore 0x7fff8be8dfc8 WebCore::FrameView::layout(bool) + 0x6c6 23 com.apple.WebCore 0x7fff8be846ac WebCore::Document::implicitClose() + 0x306 24 com.apple.WebCore 0x7fff8be8424f WebCore::FrameLoader::checkCompleted() + 0x121 25 com.apple.WebCore 0x7fff8be83fca WebCore::FrameLoader::finishedParsing() + 0x56 26 com.apple.WebCore 0x7fff8be81ff7 WebCore::Document::finishedParsing() + 0x10b 27 com.apple.WebCore 0x7fff8c371795 WebCore::HTMLDocumentParser::prepareToStopParsing() + 0xa1 28 com.apple.WebCore 0x7fff8be464c1 WebCore::DocumentWriter::endIfNotLoadingMainResource() + 0x6b 29 com.apple.WebCore 0x7fff8bebac82 WebCore::FrameLoader::finishedLoading() + 0x48 30 com.apple.WebCore 0x7fff8c60053d WebCore::MainResourceLoader::didFinishLoading(double) + 0x6f 31 com.apple.Foundation 0x7fff9651a0e6 ___NSURLConnectionDidFinishLoading_block_invoke_1 + 0x7a 32 com.apple.Foundation 0x7fff9643ce7d _NSURLConnectionDidFinishLoading + 0x51 33 com.apple.CFNetwork 0x7fff928f8748 URLConnectionClient::_clientDidFinishLoading(URLConnectionClient::ClientConnectionEventQueue*) + 0x148 34 com.apple.CFNetwork 0x7fff929acc37 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 0x171 35 com.apple.CFNetwork 0x7fff929ace44 URLConnectionClient::ClientConnectionEventQueue::processAllEventsAndConsumePayload(XConnectionEventInfo<XClientEvent, XClientEventParams>*, long) + 0x37e 36 com.apple.CFNetwork 0x7fff928e936b URLConnectionClient::processEvents() + 0xc1 37 com.apple.CFNetwork 0x7fff928e9230 MultiplexerSource::perform() + 0xd4 38 com.apple.CoreFoundation 0x108332b1d __CFRunLoopDoSources0 + 0xfd 39 com.apple.CoreFoundation 0x1083324e9 __CFRunLoopRun + 0x389 40 com.apple.CoreFoundation 0x108331f26 CFRunLoopRunSpecific + 0xe6 41 com.apple.HIToolbox 0x7fff9032b067 RunCurrentEventLoopInMode + 0x115 42 com.apple.HIToolbox 0x7fff9032adb3 ReceiveNextEventCommon + 0xb5 43 com.apple.HIToolbox 0x7fff9032acee BlockUntilNextEventMatchingListInMode + 0x3e 44 com.apple.AppKit 0x7fff8e9fa3e5 _DPSNextEvent + 0x293 45 com.apple.AppKit 0x7fff8e9f9cea -[NSApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0x87 46 com.apple.Safari.framework 0x7fff8d65e5a4 -[BrowserApplication nextEventMatchingMask:untilDate:inMode:dequeue:] + 0xab 47 com.apple.AppKit 0x7fff8e9bebad -[NSApplication run] + 0x1c8 48 com.apple.AppKit 0x7fff8e9b7988 NSApplicationMain + 0x35c 49 com.apple.Safari.framework 0x7fff8d7bf8ea SafariMain + 0xc5 50 com.apple.Safari 0x1082e3f24 start + 0x0
Attachments
Crashing test (46.63 KB, text/html)
2011-04-05 16:05 PDT, Beth Dakin 		no flags
Details
Another crashing test (9.97 KB, text/html)
2011-04-05 16:09 PDT, Beth Dakin 		no flags
Details
Third crashing test (8.51 KB, text/html)
2011-04-05 16:10 PDT, Beth Dakin 		no flags
Details
Patch (8.62 KB, patch)
2011-06-13 16:01 PDT, Vicki Pfau 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Beth Dakin
Comment 1 Wednesday, April 6, 2011 12:05:47 AM UTC
Created attachment 88327 [details] Crashing test
Beth Dakin
Comment 2 Wednesday, April 6, 2011 12:09:05 AM UTC
Created attachment 88328 [details] Another crashing test
Beth Dakin
Comment 3 Wednesday, April 6, 2011 12:10:06 AM UTC
Created attachment 88329 [details] Third crashing test
Vicki Pfau
Comment 4 Tuesday, June 14, 2011 12:01:15 AM UTC
Created attachment 97025 [details] Patch
WebKit Review Bot
Comment 5 Tuesday, June 14, 2011 12:20:59 AM UTC
Comment on attachment 97025 [details] Patch Clearing flags on attachment: 97025 Committed r88730: <http://trac.webkit.org/changeset/88730>
WebKit Review Bot
Comment 6 Tuesday, June 14, 2011 12:21:03 AM UTC
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.