| Summary: | [test case] css related crash: combination of first-letter, :before and span | ||
|---|---|---|---|
| Product: | [Applications] konqueror | Reporter: | Magnus Kessler <magnus.kessler> |
| Component: | khtml renderer | Assignee: | Konqueror Bugs <konqueror-bugs-null> |
| Status: | RESOLVED FIXED | ||
| Severity: | crash | CC: | arne.schmitz |
| Priority: | NOR | ||
| Version First Reported In: | unspecified | ||
| Target Milestone: | --- | ||
| Platform: | Compiled Sources | ||
| OS: | Linux | ||
| Latest Commit: | Version Fixed/Implemented In: | ||
| Sentry Crash Report: | |||
| Attachments: | testcase | ||
|
Description
Magnus Kessler
2003-12-16 00:03:06 UTC
Created attachment 3722 [details]
testcase
Incomplete safari merge I'm afraid
#0 0x42670db0 in RenderObject (this=0x863c908, node=0x0)
at /coolo/prod/kdelibs/khtml/rendering/render_object.cpp:161
#1 0x42681a51 in RenderText (this=0x863c908, node=0x0, _str=0x863abc0)
at /coolo/prod/kdelibs/khtml/rendering/render_text.cpp:560
#2 0x42662601 in khtml::RenderBlock::addChildToFlow(khtml::RenderObject*, khtml::RenderObject*) (
this=0x863c618, newChild=0x863c688, beforeChild=0x0)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:144
#3 0x4267f5e1 in khtml::RenderFlow::addChild(khtml::RenderObject*, khtml::RenderObject*) (
this=0x863c618, newChild=0x863c688, beforeChild=0x0)
at /coolo/prod/kdelibs/khtml/rendering/render_flow.cpp:130
#4 0x4261b965 in DOM::ElementImpl::attach() (this=0x865cb90)
at /coolo/prod/kdelibs/khtml/xml/dom_elementimpl.cpp:449
#5 0x4262e05e in khtml::KHTMLParser::insertNode(DOM::NodeImpl*, bool) (this=0x86463e0, n=0x865cb90,
flat=false) at /coolo/prod/kdelibs/khtml/html/htmlparser.cpp:318
#6 0x4262df5d in khtml::KHTMLParser::parseToken(khtml::Token*) (this=0x86463e0, t=0x86462dc)
at /coolo/prod/kdelibs/khtml/html/htmlparser.cpp:276
#7 0x426362c8 in khtml::HTMLTokenizer::processToken() (this=0x86462a8)
at /coolo/prod/kdelibs/khtml/html/htmltokenizer.cpp:1576
#8 0x42634ca1 in khtml::HTMLTokenizer::parseTag(khtml::DOMStringIt&) (this=0x86462a8, src=@0x86463bc)
at /coolo/prod/kdelibs/khtml/html/htmltokenizer.cpp:1090
#9 0x42635670 in khtml::HTMLTokenizer::write(QString const&, bool) (this=0x86462a8, str=@0xbfffe0c0,
appendData=true) at /coolo/prod/kdelibs/khtml/html/htmltokenizer.cpp:1344
#10 0x425cd02b in KHTMLPart::write(char const*, int) (this=0x85115c8,
KHTML crashes on http://www.w3.org/Status.html with my KDE 3.2.0 whenever I move the mouse over the CSS menu on that site. Does this have anything to do with this? If not, I would file another bug report. Latest CVS the crash changed and I'm puzzled as the end is before the start.
#0 0x401b4767 in QChar::latin1() const (this=0x0) at qstring.h:194
#1 0x401c88f8 in QChar::operator char() const (this=0x0) at qstring.h:199
#2 0x401fab92 in khtml::RenderBlock::bidiReorderLine(khtml::BidiIterator const&, khtml::BidiIterator const&) (
this=0x82171e0, start=@0xbfffd540, end=@0xbfffd530) at /coolo/prod/kdelibs/khtml/rendering/bidi.cpp:969
#3 0x401fb40d in khtml::RenderBlock::layoutInlineChildren(bool) (this=0x82171e0, relayoutChildren=true)
at /coolo/prod/kdelibs/khtml/rendering/bidi.cpp:1197
#4 0x401ff6e3 in khtml::RenderBlock::layoutBlock(bool) (this=0x82171e0, relayoutChildren=true)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:500
#5 0x401ff2ca in khtml::RenderBlock::layout() (this=0x82171e0)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:421
#6 0x40200a79 in khtml::RenderBlock::layoutBlockChildren(bool) (this=0x821716c, relayoutChildren=true)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:824
#7 0x401ff6fc in khtml::RenderBlock::layoutBlock(bool) (this=0x821716c, relayoutChildren=true)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:502
#8 0x401ff2ca in khtml::RenderBlock::layout() (this=0x821716c)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:421
#9 0x4024e93c in khtml::RenderBody::layout() (this=0x821716c)
at /coolo/prod/kdelibs/khtml/rendering/render_body.cpp:92
#10 0x40200a79 in khtml::RenderBlock::layoutBlockChildren(bool) (this=0x82170b4, relayoutChildren=true)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:824
#11 0x401ff6fc in khtml::RenderBlock::layoutBlock(bool) (this=0x82170b4, relayoutChildren=true)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:502
#12 0x401ff2ca in khtml::RenderBlock::layout() (this=0x82170b4)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:421
#13 0x40200a79 in khtml::RenderBlock::layoutBlockChildren(bool) (this=0x8216fd0, relayoutChildren=false)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:824
#14 0x401ff6fc in khtml::RenderBlock::layoutBlock(bool) (this=0x8216fd0, relayoutChildren=false)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:502
#15 0x401ff2ca in khtml::RenderBlock::layout() (this=0x8216fd0)
at /coolo/prod/kdelibs/khtml/rendering/render_block.cpp:421
#16 0x40247168 in khtml::RenderCanvas::layout() (this=0x8216fd0)
at /coolo/prod/kdelibs/khtml/rendering/render_canvas.cpp:168
#17 0x4014c486 in KHTMLView::layout() (this=0x81ea2c8) at /coolo/prod/kdelibs/khtml/khtmlview.cpp:609
This fixes the crash for me, but it's only a workaround
inline const QChar &BidiIterator::current() const
{
if( !isText ) return nbsp; // non breaking space
- return static_cast<RenderText *>(obj)->text()[pos];
+ RenderText *t = static_cast<RenderText *>(obj);
+ if (pos < t->length())
+ return t->text()[pos];
+ return QChar::null;
}
CVS commit by ggarand: - first-letter: better fix for pure punctuation/single letter text childs. Fixes an invalid reference crash (#70546). I think this might be the cause for #68753 too CCMAIL: 70546-done@bugs.kde.org M +6 -0 ChangeLog 1.210 M +3 -6 rendering/render_block.cpp 1.26 --- kdelibs/khtml/ChangeLog #1.209:1.210 @@ -1,2 +1,8 @@ +2004-02-17 Germain Garand <germain@ebooksfrance.org> + + * rendering/render_block.cpp (addChildToFlow): first-letter: + better fix for pure punctuation/single letter text childs. + Fixes an invalid reference crash (#70546). + 2004-02-16 Germain Garand <germain@ebooksfrance.org> --- kdelibs/khtml/rendering/render_block.cpp #1.25:1.26 @@ -122,5 +122,4 @@ void RenderBlock::addChildToFlow(RenderO RenderText* newTextChild = static_cast<RenderText*>(textChild); - //kdDebug( 6040 ) << "first letter" << endl; // Force inline display (except for floating first-letters) @@ -140,9 +139,7 @@ void RenderBlock::addChildToFlow(RenderO length++; kdDebug( 6040 ) << "letter= '" << DOMString(oldText->substring(0,length)).string() << "'" << endl; + newTextChild->setText( oldText->l > length ? + oldText->substring(length,oldText->l-length) : new DOMStringImpl("")); NodeImpl* letterElement = newTextChild->element() ? (NodeImpl*) newTextChild->element() : (NodeImpl*) document(); - if (!(oldText->l-length)) - firstLetterContainer->removeChild(newTextChild); - else - newTextChild->setText(oldText->substring(length,oldText->l-length)); RenderText* letter = new (renderArena()) RenderText(letterElement, oldText->substring(0,length)); RenderStyle* newStyle = new RenderStyle(); @@ -2395,5 +2392,5 @@ const char *RenderBlock::renderName() co } -#ifdef ENABLE_DUMP +#ifndef NDEBUG void RenderBlock::printTree(int indent) const { |