Summary: | [testcase] new crash in kde 3.5.4 | ||
---|---|---|---|
Product: | [Applications] konqueror | Reporter: | Olivier Goffart <ogoffart> |
Component: | khtml | Assignee: | Konqueror Developers <konq-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | crash | ||
Priority: | NOR | ||
Version: | unspecified | ||
Target Milestone: | --- | ||
Platform: | Unlisted Binaries | ||
OS: | Linux | ||
Latest Commit: | Version Fixed In: | ||
Attachments: | testcase |
Description
Olivier Goffart
2006-08-08 11:36:14 UTC
Created attachment 17290 [details]
testcase
Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1234753856 (LWP 18507)] 0xb7f2d3c0 in QChar (this=0xbf9db4a8, c=@0xfffffffe) at qstring.h:270 270 inline QChar::QChar( const QChar& c ) : ucs( c.ucs ) (gdb) bt #0 0xb7f2d3c0 in QChar (this=0xbf9db4a8, c=@0xfffffffe) at qstring.h:270 #1 0xb606219e in khtml::RenderText::setText (this=0x84c9a44, text=0x84b5a00, force=true) at render_text.cpp:1155 #2 0xb605143b in khtml::RenderContainer::addChild (this=0x84c99e0, newChild=0x84c9a44, beforeChild=0x0) at render_container.cpp:159 #3 0xb60380e3 in khtml::RenderInline::addChildToFlow (this=0x84c99e0, newChild=0x84c9a44, beforeChild=0x0) at render_inline.cpp:105 #4 0xb605cf8d in khtml::RenderFlow::addChild (this=0x84c99e0, newChild=0x84c9a44, beforeChild=0x0) at render_flow.cpp:126 #5 0xb5fc1899 in DOM::NodeImpl::createRendererIfNeeded (this=0x84df928) at dom_nodeimpl.cpp:944 #6 0xb5fc6e3d in DOM::TextImpl::attach (this=0x84df928) at dom_textimpl.cpp:412 #7 0xb5fe44bd in khtml::KHTMLParser::insertNode (this=0x84b75d8, n=0x84df928, flat=true) at htmlparser.cpp:350 #8 0xb5fe74a6 in khtml::KHTMLParser::parseToken (this=0x84b75d8, t=0x84cbb0c) at htmlparser.cpp:289 #9 0xb5fe82cc in khtml::HTMLTokenizer::processToken (this=0x84cbad8) at htmltokenizer.cpp:1684 #10 0xb5fee679 in khtml::HTMLTokenizer::write (this=0x84cbad8, str=@0xbf9db848, appendData=true) at htmltokenizer.cpp:1439 #11 0xb5f67523 in KHTMLPart::write (this=0x83d74e0, str=0x84a77a8 "<!--\nCrash on konqueror 3.5.4\nWas working ine on konqueror 3.5.3\n \n Olivier Goffart < ogoffart at kde.org >\n-->\n\n<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\"\n\"http://www.w3.org/TR/xhtml"..., len=453) at khtml_part.cpp:1989 #12 0xb5f60af3 in KHTMLPart::slotData (this=0x83d74e0, kio_job=0x84a6db0, data=@0xbf9dbdc8) at khtml_part.cpp:1667 #13 0xb5f7c0af in KHTMLPart::qt_invoke (this=0x83d74e0, _id=16, _o=0xbf9dbac4) at khtml_part.moc:500 #14 0xb6e78929 in QObject::activate_signal () Be nice to see test case source for perusal: <!-- Crash on konqueror 3.5.4 Was working ine on konqueror 3.5.3 Olivier Goffart < ogoffart at kde.org > --> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" > <head> <title>testcase</title> <style> p { text-transform:capitalize; } p:first-child:before { content:""; } </style> </head> <body> <p><span>crash</span></p> </body> </html> SVN commit 571252 by ggarand: apply patch by Andreas Hartmetz <ahartmetz@gmail.com> fixing two crashes in capitalization code. BUG: 132050 M +30 -14 render_text.cpp --- branches/KDE/3.5/kdelibs/khtml/rendering/render_text.cpp #571251:571252 @@ -1145,25 +1145,41 @@ switch(style()->textTransform()) { case CAPITALIZE: { - // find previous text renderer if one exists - RenderObject* o; + RenderObject *o; bool runOnString = false; - for (o = previousRenderer(); o && o->isInlineFlow(); o = o->previousRenderer()) - ; - if (o && o->isText()) { - DOMStringImpl* prevStr = static_cast<RenderText*>(o)->string(); - QChar c = (*prevStr)[prevStr->length() - 1]; - if (!c.isSpace()) - runOnString = true; + + // find previous non-empty text renderer if one exists + for (o = previousRenderer(); o; o = o->previousRenderer()) { + if (!o->isInlineFlow()) { + if (!o->isText()) + break; + + DOMStringImpl *prevStr = static_cast<RenderText*>(o)->string(); + // !prevStr can happen with css like "content:open-quote;" + if (!prevStr) + break; + + if (prevStr->length() == 0) + continue; + QChar c = (*prevStr)[prevStr->length() - 1]; + if (!c.isSpace()) + runOnString = true; + + break; + } } + str = str->capitalize(runOnString); } break; - case UPPERCASE: str = str->upper(); break; - case LOWERCASE: str = str->lower(); break; - case NONE: - default:; - } + + + + case UPPERCASE: str = str->upper(); break; + case LOWERCASE: str = str->lower(); break; + case NONE: + default:; + } str->ref(); oldstr->deref(); } |