34463 2010-02-01 20:46:06 -0800 [Gtk] webkitgtk crashed when Orca open 2010-02-19 12:09:28 -0800 1 1 1 Unclassified WebKit Accessibility 528+ (Nightly build) PC Linux RESOLVED FIXED Gtk P2 Major --- 25531 0 yuntong.jin webkit-unassigned commit-queue jdiggs jmillan xan.lopez oldest_to_newest 186781 0 yuntong.jin 2010-02-01 20:46:06 -0800 Program received signal SIGSEGV, Segmentation fault. 0x015de00b in textForObject(WebCore::AccessibilityRenderObject*) () from /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 (gdb) bt #0 0x015de00b in textForObject(WebCore::AccessibilityRenderObject*) () from /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 #1 0x015e08c9 in webkit_accessible_text_get_text(_AtkText*, int, int) () from /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 #2 0x00b9031e in atk_text_get_text () from /usr/lib/libatk-1.0.so.0 #3 0x01e0659c in ?? () from /usr/lib/libspi.so.0 #4 0x01dfa90a in _ORBIT_skel_small_Accessibility_Text_getText () from /usr/lib/libspi.so.0 #5 0x04040537 in ?? () from /usr/lib/libORBit-2.so.0 #6 0x04046b45 in ORBit_OAObject_invoke () from /usr/lib/libORBit-2.so.0 #7 0x04032e63 in ORBit_small_invoke_adaptor () from /usr/lib/libORBit-2.so.0 #8 0x04044649 in ?? () from /usr/lib/libORBit-2.so.0 #9 0x04044d22 in ?? () from /usr/lib/libORBit-2.so.0 #10 0x04044ed9 in ?? () from /usr/lib/libORBit-2.so.0 #11 0x04046f92 in ORBit_handle_request () from /usr/lib/libORBit-2.so.0 #12 0x0402f155 in giop_connection_handle_input () from /usr/lib/libORBit-2.so.0 #13 0x0404e743 in ?? () from /usr/lib/libORBit-2.so.0 #14 0x04051016 in ?? () from /usr/lib/libORBit-2.so.0 #15 0x0061be88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #16 0x0061f730 in ?? () from /lib/libglib-2.0.so.0 #17 0x0061f863 in g_main_context_iteration () from /lib/libglib-2.0.so.0 ---Type <return> to continue, or q <return> to quit--- #18 0x0404c2b7 in link_main_iteration () from /usr/lib/libORBit-2.so.0 #19 0x0402e71e in giop_recv_buffer_get () from /usr/lib/libORBit-2.so.0 #20 0x04033856 in ORBit_small_invoke_stub () from /usr/lib/libORBit-2.so.0 #21 0x04033a89 in ORBit_small_invoke_stub_n () from /usr/lib/libORBit-2.so.0 #22 0x040407ba in ORBit_c_stub_invoke () from /usr/lib/libORBit-2.so.0 #23 0x01de9a54 in Accessibility_EventListener_notifyEvent () from /usr/lib/libspi.so.0 #24 0x05be33bc in ?? () from /usr/lib/gtk-2.0/modules/libatk-bridge.so #25 0x05be469e in ?? () from /usr/lib/gtk-2.0/modules/libatk-bridge.so #26 0x005bc267 in ?? () from /usr/lib/libgobject-2.0.so.0 #27 0x005bdb2d in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #28 0x005bdfb6 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #29 0x00b8a53d in ?? () from /usr/lib/libatk-1.0.so.0 #30 0x005b4118 in g_cclosure_marshal_VOID__PARAM () from /usr/lib/libgobject-2.0.so.0 #31 0x005a56f9 in ?? () from /usr/lib/libgobject-2.0.so.0 #32 0x005a7072 in g_closure_invoke () from /usr/lib/libgobject-2.0.so.0 #33 0x005bc0b0 in ?? () from /usr/lib/libgobject-2.0.so.0 #34 0x005bdb2d in g_signal_emit_valist () from /usr/lib/libgobject-2.0.so.0 #35 0x005bdfb6 in g_signal_emit () from /usr/lib/libgobject-2.0.so.0 #36 0x005ab3e1 in ?? () from /usr/lib/libgobject-2.0.so.0 #37 0x005a7daf in ?? () from /usr/lib/libgobject-2.0.so.0 #38 0x005acec3 in g_object_notify () from /usr/lib/libgobject-2.0.so.0 ---Type <return> to continue, or q <return> to quit--- #39 0x047fff72 in ?? () from /usr/lib/gtk-2.0/modules/libgail.so #40 0x006b8f78 in ?? () from /usr/lib/libgdk-x11-2.0.so.0 #41 0x0061a101 in ?? () from /lib/libglib-2.0.so.0 #42 0x0061be88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #43 0x0061f730 in ?? () from /lib/libglib-2.0.so.0 #44 0x0061fb9f in g_main_loop_run () from /lib/libglib-2.0.so.0 #45 0x00247419 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #46 0x08049e8d in main () (gdb) 186788 1 jdiggs 2010-02-01 21:04:36 -0800 Can you provide exact steps to reproduce? Also, can you reproduce this with the latest trunk? 186806 2 jdiggs 2010-02-01 21:54:13 -0800 Okay, I might have found at least a similar crasher: 1. Launch Orca and GtkLauncher 2. Tab amongst the links on Google. Everything's fine until I get to 'Advertising Programs', at which point GtkLauncher segfaults with a similar trace. I'll investigate. Thanks for the report! 186829 3 47909 jdiggs 2010-02-01 23:50:51 -0800 Created attachment 47909 Additional sanity checking I don't yet know what situation specifically triggered Simon's crash, because I need more detail. In the crash I stumbled upon, we were getting some seriously bogus values for renderText->textLength(). However, under those same conditions, renderText->caretMaxOffset() was 0. Checking that value before calling convertUniCharToUTF8 with the bogus length solves my crasher. Xan, thoughts? 186845 4 yuntong.jin 2010-02-02 00:37:48 -0800 This crash happened on latest trunk r54128 on Ubuntu 9.10. like you already figured it out, the step to reproduce this crash: 1. Launch Orca and GtkLauncher 2. Tab amongst the links on Google or just browse around . 186861 5 yuntong.jin 2010-02-02 01:33:55 -0800 tested with the patch,while tab amongst goole home page, still crashed: from /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 (gdb) bt #0 0x013a5740 in webkit_accessible_text_get_caret_offset(_AtkText*) () from /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 #1 0x00279f19 in atk_text_get_caret_offset () from /usr/lib/libatk-1.0.so.0 #2 0x01c03226 in ?? () from /usr/lib/libspi.so.0 #3 0x01bf78d6 in _ORBIT_skel_small_Accessibility_Text__get_caretOffset () from /usr/lib/libspi.so.0 #4 0x03923537 in ?? () from /usr/lib/libORBit-2.so.0 #5 0x03929b45 in ORBit_OAObject_invoke () from /usr/lib/libORBit-2.so.0 #6 0x03915e63 in ORBit_small_invoke_adaptor () from /usr/lib/libORBit-2.so.0 #7 0x03927649 in ?? () from /usr/lib/libORBit-2.so.0 #8 0x03927d22 in ?? () from /usr/lib/libORBit-2.so.0 #9 0x03927ed9 in ?? () from /usr/lib/libORBit-2.so.0 #10 0x03929f92 in ORBit_handle_request () from /usr/lib/libORBit-2.so.0 #11 0x03912155 in giop_connection_handle_input () from /usr/lib/libORBit-2.so.0 #12 0x03931743 in ?? () from /usr/lib/libORBit-2.so.0 #13 0x03934016 in ?? () from /usr/lib/libORBit-2.so.0 #14 0x00ab7e88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 #15 0x00abb730 in ?? () from /lib/libglib-2.0.so.0 #16 0x00abbb9f in g_main_loop_run () from /lib/libglib-2.0.so.0 #17 0x003d4419 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 #18 0x08049e8d in main () 187114 6 47909 xan.lopez 2010-02-02 13:22:28 -0800 Comment on attachment 47909 Additional sanity checking After a chat on IRC both Joanie and me agree that we are not sure this patch is what we really want, so I'm moving it out of the queue until we investigate this a bit more. 187463 7 48058 jmillan 2010-02-03 12:11:48 -0800 Created attachment 48058 Patch: Make textForObject check if a render object is text before running toRenderText I think that the problem is that toRenderText is being executed without checking if the object is a RenderText; and toRenderText will return an RenderText* even if the object is not a RenderText (It checks if it's a RenderText using ASSERT, but the returned value does not depend on whether the object is a RenderText or not). This patch checks if the object is a RenderText before executing toRenderText. 187469 8 48058 xan.lopez 2010-02-03 12:28:20 -0800 Comment on attachment 48058 Patch: Make textForObject check if a render object is text before running toRenderText Looks great to me, good catch. 187478 9 48058 commit-queue 2010-02-03 12:46:08 -0800 Comment on attachment 48058 Patch: Make textForObject check if a render object is text before running toRenderText Rejecting patch 48058 from commit-queue. Failed to run "['git', 'svn', 'dcommit']" exit_code: 1 Last 500 characters of output: vn.webkit.org/repository/webkit/trunk ... M WebCore/ChangeLog M WebCore/accessibility/gtk/AccessibilityObjectWrapperAtk.cpp A repository hook failed: MERGE request failed on '/repository/webkit/trunk': Commit blocked by pre-commit hook (exit code 1) with output: svnlook: Can't write to stream: Broken pipe The following ChangeLog files contain OOPS: trunk/WebCore/ChangeLog Please don't ever say "OOPS" in a ChangeLog file. at /usr/local/git/libexec/git-core/git-svn line 558 Full output: http://webkit-commit-queue.appspot.com/results/232635 187686 10 yuntong.jin 2010-02-04 01:56:48 -0800 (In reply to comment #5) > tested with the patch,while tab amongst goole home page, still crashed: > > from > /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 > (gdb) bt > #0 0x013a5740 in webkit_accessible_text_get_caret_offset(_AtkText*) () > from > /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 > #1 0x00279f19 in atk_text_get_caret_offset () from /usr/lib/libatk-1.0.so.0 > #2 0x01c03226 in ?? () from /usr/lib/libspi.so.0 > #3 0x01bf78d6 in _ORBIT_skel_small_Accessibility_Text__get_caretOffset () > from /usr/lib/libspi.so.0 > #4 0x03923537 in ?? () from /usr/lib/libORBit-2.so.0 > #5 0x03929b45 in ORBit_OAObject_invoke () from /usr/lib/libORBit-2.so.0 > #6 0x03915e63 in ORBit_small_invoke_adaptor () from /usr/lib/libORBit-2.so.0 > #7 0x03927649 in ?? () from /usr/lib/libORBit-2.so.0 > #8 0x03927d22 in ?? () from /usr/lib/libORBit-2.so.0 > #9 0x03927ed9 in ?? () from /usr/lib/libORBit-2.so.0 > #10 0x03929f92 in ORBit_handle_request () from /usr/lib/libORBit-2.so.0 > #11 0x03912155 in giop_connection_handle_input () from /usr/lib/libORBit-2.so.0 > #12 0x03931743 in ?? () from /usr/lib/libORBit-2.so.0 > #13 0x03934016 in ?? () from /usr/lib/libORBit-2.so.0 > #14 0x00ab7e88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 > #15 0x00abb730 in ?? () from /lib/libglib-2.0.so.0 > #16 0x00abbb9f in g_main_loop_run () from /lib/libglib-2.0.so.0 > #17 0x003d4419 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 > #18 0x08049e8d in main () seem still crashed like this for second patch 187844 11 48153 jmillan 2010-02-04 09:57:59 -0800 Created attachment 48153 Patch: Make textForObject check if a render object is text before running toRenderText New version of the patch which do not have the "No new tests" line. (In reply to comment #9) > (From update of attachment 48058 [details]) > Rejecting patch 48058 from commit-queue. > The following ChangeLog files contain OOPS: > Please don't ever say "OOPS" in a ChangeLog file. I thought that the "No new tests" line would be automatically removed when reviewed. Sorry for the mistake :( (In reply to comment #10) > (In reply to comment #5) > > tested with the patch,while tab amongst goole home page, still crashed: > > > > from > > /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 > > (gdb) bt > > #0 0x013a5740 in webkit_accessible_text_get_caret_offset(_AtkText*) () > > from > > /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 > > #1 0x00279f19 in atk_text_get_caret_offset () from /usr/lib/libatk-1.0.so.0 > seem still crashed like this for second patch Could not reproduce this crash. However, if it crashed in that webkit_accessible_text_get_caret_offset i think it may be a different bug. 187848 12 48153 xan.lopez 2010-02-04 10:12:45 -0800 Comment on attachment 48153 Patch: Make textForObject check if a render object is text before running toRenderText Round two! 187853 13 48153 commit-queue 2010-02-04 10:35:43 -0800 Comment on attachment 48153 Patch: Make textForObject check if a render object is text before running toRenderText Clearing flags on attachment: 48153 Committed r54355: <http://trac.webkit.org/changeset/54355> 187854 14 commit-queue 2010-02-04 10:35:50 -0800 All reviewed patches have been landed. Closing bug. 189253 15 yuntong.jin 2010-02-09 23:53:00 -0800 press down tab for a while, i can still reproduce this crash with below same stack. thoughts? (In reply to comment #10) > (In reply to comment #5) > > tested with the patch,while tab amongst goole home page, still crashed: > > > > from > > /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 > > (gdb) bt > > #0 0x013a5740 in webkit_accessible_text_get_caret_offset(_AtkText*) () > > from > > /home/musi/webkitproject/trunk52853/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 > > #1 0x00279f19 in atk_text_get_caret_offset () from /usr/lib/libatk-1.0.so.0 > > #2 0x01c03226 in ?? () from /usr/lib/libspi.so.0 > > #3 0x01bf78d6 in _ORBIT_skel_small_Accessibility_Text__get_caretOffset () > > from /usr/lib/libspi.so.0 > > #4 0x03923537 in ?? () from /usr/lib/libORBit-2.so.0 > > #5 0x03929b45 in ORBit_OAObject_invoke () from /usr/lib/libORBit-2.so.0 > > #6 0x03915e63 in ORBit_small_invoke_adaptor () from /usr/lib/libORBit-2.so.0 > > #7 0x03927649 in ?? () from /usr/lib/libORBit-2.so.0 > > #8 0x03927d22 in ?? () from /usr/lib/libORBit-2.so.0 > > #9 0x03927ed9 in ?? () from /usr/lib/libORBit-2.so.0 > > #10 0x03929f92 in ORBit_handle_request () from /usr/lib/libORBit-2.so.0 > > #11 0x03912155 in giop_connection_handle_input () from /usr/lib/libORBit-2.so.0 > > #12 0x03931743 in ?? () from /usr/lib/libORBit-2.so.0 > > #13 0x03934016 in ?? () from /usr/lib/libORBit-2.so.0 > > #14 0x00ab7e88 in g_main_context_dispatch () from /lib/libglib-2.0.so.0 > > #15 0x00abb730 in ?? () from /lib/libglib-2.0.so.0 > > #16 0x00abbb9f in g_main_loop_run () from /lib/libglib-2.0.so.0 > > #17 0x003d4419 in gtk_main () from /usr/lib/libgtk-x11-2.0.so.0 > > #18 0x08049e8d in main () > > seem still crashed like this for second patch 189256 16 jdiggs 2010-02-10 00:01:01 -0800 (In reply to comment #15) > press down tab for a while, i can still reproduce this crash with below same > stack. > thoughts? 1. Is this with the very latest nightly build? (I ask because there were some crasher issues that got fixed after the revision - 52853 - suggested in your report. Changes are taking place in this area quite frequently.) 2. What version of Orca are you using? 3. What EXACTLY are you tabbing to (i.e. what has focus) to cause this to occur? 189265 17 yuntong.jin 2010-02-10 00:18:55 -0800 (In reply to comment #16) > (In reply to comment #15) > > press down tab for a while, i can still reproduce this crash with below same > > stack. > > thoughts? > > 1. Is this with the very latest nightly build? (I ask because there were some > crasher issues that got fixed after the revision - 52853 - suggested in your > report. Changes are taking place in this area quite frequently.) > I'm on trunk r54475. musi@musi-desktop:~/webkitproject/trunk54128/WebKitBuild/Release/Programs$ ldd GtkLauncher linux-gate.so.1 => (0x0053f000) libwebkit-1.0.so.2 => /home/musi/webkitproject/trunk54128/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 (0x00d7a000) Program received signal SIGSEGV, Segmentation fault. 0x0160b2f0 in webkit_accessible_text_get_caret_offset(_AtkText*) () from /home/musi/webkitproject/trunk54128/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 (gdb) where #0 0x0160b2f0 in webkit_accessible_text_get_caret_offset(_AtkText*) () from /home/musi/webkitproject/trunk54128/WebKitBuild/Release/.libs/libwebkit-1.0.so.2 #1 0x00d30f19 in atk_text_get_caret_offset () from /usr/lib/libatk-1.0.so.0 #2 0x07e84226 in ?? () from /usr/lib/libspi.so.0 #3 0x07e788d6 in _ORBIT_skel_small_Accessibility_Text__get_caretOffset () from /usr/lib/libspi.so.0 #4 0x075bd537 in ?? () from /usr/lib/libORBit-2.so.0 #5 0x075c3b45 in ORBit_OAObject_invoke () from /usr/lib/libORBit-2.so.0 #6 0x075afe63 in ORBit_small_invoke_adaptor () from /usr/lib/libORBit-2.so.0 > 2. What version of Orca are you using? > Orca 2.28.1 > 3. What EXACTLY are you tabbing to (i.e. what has focus) to cause this to > occur? On google homepage, press down tab constantly for a while 192012 18 jmillan 2010-02-19 12:09:28 -0800 Opening bug for the new crash, as the original one has been fixed. New crash is bug #35169 47909 2010-02-01 23:50:51 -0800 2010-02-02 13:22:27 -0800 Additional sanity checking 34463-1.patch text/plain 2436 jdiggs RnJvbSBkZTkxNjJiMTZiNmI4MjMyNmUzYzcyYmMwNjBkNjQ5YWZkYjMwOGRhIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBKb2FubWFyaWUgRGlnZ3MgPGpkQHZibG9ja2hlYWQuKG5vbmUp PgpEYXRlOiBUdWUsIDIgRmViIDIwMTAgMDI6MzY6MDIgLTA1MDAKU3ViamVjdDogW1BBVENIIDYv Nl0gMjAxMC0wMi0wMiAgSm9hbm1hcmllIERpZ2dzICA8am9hbm1hcmllLmRpZ2dzQGdtYWlsLmNv bT4KCiAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCgogICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0zNDQ2MwogICAgICAgIFtHdGtdIHdlYmtp dGd0ayBjcmFzaGVkIHdoZW4gT3JjYSBvcGVuCgogICAgICAgICogYWNjZXNzaWJpbGl0eS9ndGsv QWNjZXNzaWJpbGl0eU9iamVjdFdyYXBwZXJBdGsuY3BwOgogICAgICAgICh0ZXh0Rm9yT2JqZWN0 KToKCiAgICAgICAgQWRkZWQgYSBjb3VwbGUgb2Ygc2FuaXR5IGNoZWNrcyB3aGljaCB3aWxsIGhv cGVmdWxseSBmdXJ0aGVyIGVuc3VyZQogICAgICAgIHRoYXQgd2UgcmVhbGx5IGhhdmUgYSB2YWxp ZCBSZW5kZXJUZXh0IG9iamVjdCB3ZSBjYW4gd29yayB3aXRoLgotLS0KIFdlYkNvcmUvQ2hhbmdl TG9nICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgIHwgICAxMyArKysrKysrKysrKysr CiAuLi4vZ3RrL0FjY2Vzc2liaWxpdHlPYmplY3RXcmFwcGVyQXRrLmNwcCAgICAgICAgICB8ICAg IDQgKystLQogMiBmaWxlcyBjaGFuZ2VkLCAxNSBpbnNlcnRpb25zKCspLCAyIGRlbGV0aW9ucygt KQoKZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5k ZXggZTVmNDMxNS4uMWMyMjQwNCAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIv V2ViQ29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNiBAQAorMjAxMC0wMi0wMiAgSm9hbm1hcmll IERpZ2dzICA8am9hbm1hcmllLmRpZ2dzQGdtYWlsLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9MzQ0NjMKKyAgICAgICAgW0d0a10gd2Via2l0Z3RrIGNyYXNoZWQgd2hlbiBP cmNhIG9wZW4KKworICAgICAgICAqIGFjY2Vzc2liaWxpdHkvZ3RrL0FjY2Vzc2liaWxpdHlPYmpl Y3RXcmFwcGVyQXRrLmNwcDoKKyAgICAgICAgKHRleHRGb3JPYmplY3QpOgorCisgICAgICAgIEFk ZGVkIGEgY291cGxlIG9mIHNhbml0eSBjaGVja3Mgd2hpY2ggd2lsbCBob3BlZnVsbHkgZnVydGhl ciBlbnN1cmUKKyAgICAgICAgdGhhdCB3ZSByZWFsbHkgaGF2ZSBhIHZhbGlkIFJlbmRlclRleHQg b2JqZWN0IHdlIGNhbiB3b3JrIHdpdGguCisKIDIwMTAtMDItMDEgIEpvYW5tYXJpZSBEaWdncyAg PGpvYW5tYXJpZS5kaWdnc0BnbWFpbC5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZ IChPT1BTISkuCmRpZmYgLS1naXQgYS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvZ3RrL0FjY2Vzc2li aWxpdHlPYmplY3RXcmFwcGVyQXRrLmNwcCBiL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9ndGsvQWNj ZXNzaWJpbGl0eU9iamVjdFdyYXBwZXJBdGsuY3BwCmluZGV4IGNiZTQyNDAuLjBmOTVkZjAgMTAw NjQ0Ci0tLSBhL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9ndGsvQWNjZXNzaWJpbGl0eU9iamVjdFdy YXBwZXJBdGsuY3BwCisrKyBiL1dlYkNvcmUvYWNjZXNzaWJpbGl0eS9ndGsvQWNjZXNzaWJpbGl0 eU9iamVjdFdyYXBwZXJBdGsuY3BwCkBAIC04OTEsMTAgKzg5MSwxMCBAQCBnY2hhciogdGV4dEZv ck9iamVjdChBY2Nlc3NpYmlsaXR5UmVuZGVyT2JqZWN0KiBhY2NPYmplY3QpCiAKICAgICAgICAg ICAgIFJlbmRlclRleHQqIHJlbmRlclRleHQgPSB0b1JlbmRlclRleHQob2JqKTsKICAgICAgICAg ICAgIC8vIEJlIHN1cmUgd2UgaGF2ZSBhIFJlbmRlclRleHQgb2JqZWN0IHdlIGNhbiB3b3JrIHdp dGguCi0gICAgICAgICAgICBpZiAoIXJlbmRlclRleHQgfHwgIW9iai0+aXNUZXh0KCkpIHsKKyAg ICAgICAgICAgIGlmICghcmVuZGVyVGV4dCB8fCAhb2JqLT5pc1RleHQoKSB8fCAhcmVuZGVyVGV4 dC0+Y2FyZXRNYXhPZmZzZXQoKSkgewogICAgICAgICAgICAgICAgIC8vIEhhbmRsZSBSZW5kZXJJ bmxpbmVzIChhbmQgYW55IG90aGVyIHNpbWlsaWFyIFJlbmRlck9iamVjdHMpLgogICAgICAgICAg ICAgICAgIHJlbmRlclRleHQgPSB0b1JlbmRlclRleHQob2JqLT5maXJzdENoaWxkKCkpOwotICAg ICAgICAgICAgICAgIGlmICghcmVuZGVyVGV4dCkKKyAgICAgICAgICAgICAgICBpZiAoIXJlbmRl clRleHQgfHwgIXJlbmRlclRleHQtPmNhcmV0TWF4T2Zmc2V0KCkpCiAgICAgICAgICAgICAgICAg ICAgIGNvbnRpbnVlOwogICAgICAgICAgICAgfQogCi0tIAoxLjYuNQoK 48058 2010-02-03 12:11:48 -0800 2010-02-04 09:57:59 -0800 Patch: Make textForObject check if a render object is text before running toRenderText 20100203_textForObjectcrash_34463.patch text/plain 1810 jmillan SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA1NDI5MSkKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTYgQEAKKzIwMTAtMDItMDMgIEpvc8OpIE1pbGzDoW4gU290byAgPGptaWxsYW5A aWdhbGlhLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBbR3RrXSB3ZWJraXRndGsgY3Jhc2hlZCB3aGVuIE9yY2Egb3BlbgorICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MzQ0NjMKKworICAgICAgICBObyBu ZXcgdGVzdHMuIChPT1BTISkKKworICAgICAgICAqIGFjY2Vzc2liaWxpdHkvZ3RrL0FjY2Vzc2li aWxpdHlPYmplY3RXcmFwcGVyQXRrLmNwcDoKKyAgICAgICAgKHRleHRGb3JPYmplY3QpOgorICAg ICAgICBDaGVja2luZyBpZiByZW5kZXIgb2JqZWN0cyBhcmUgdGV4dHMgYmVmb3JlIGNhbGxpbmcg dG9SZW5kZXJUZXh0CisKIDIwMTAtMDItMDMgIFBhdmVsIEZlbGRtYW4gIDxwZmVsZG1hbkBjaHJv bWl1bS5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgVGltb3RoeSBIYXRjaGVyLgpJbmRleDog V2ViQ29yZS9hY2Nlc3NpYmlsaXR5L2d0ay9BY2Nlc3NpYmlsaXR5T2JqZWN0V3JhcHBlckF0ay5j cHAKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PQotLS0gV2ViQ29yZS9hY2Nlc3NpYmlsaXR5L2d0ay9BY2Nlc3NpYmlsaXR5 T2JqZWN0V3JhcHBlckF0ay5jcHAJKHJldmlzaW9uIDU0MjkxKQorKysgV2ViQ29yZS9hY2Nlc3Np YmlsaXR5L2d0ay9BY2Nlc3NpYmlsaXR5T2JqZWN0V3JhcHBlckF0ay5jcHAJKHdvcmtpbmcgY29w eSkKQEAgLTg4NCwxNCArODg0LDE0IEBAIGdjaGFyKiB0ZXh0Rm9yT2JqZWN0KEFjY2Vzc2liaWxp dHlSZW5kZXIKICAgICAgICAgICAgICAgICBjb250aW51ZTsKICAgICAgICAgICAgIH0KIAotICAg ICAgICAgICAgUmVuZGVyVGV4dCogcmVuZGVyVGV4dCA9IHRvUmVuZGVyVGV4dChvYmopOwotICAg ICAgICAgICAgLy8gQmUgc3VyZSB3ZSBoYXZlIGEgUmVuZGVyVGV4dCBvYmplY3Qgd2UgY2FuIHdv cmsgd2l0aC4KLSAgICAgICAgICAgIGlmICghcmVuZGVyVGV4dCB8fCAhb2JqLT5pc1RleHQoKSkg eworICAgICAgICAgICAgUmVuZGVyVGV4dCogcmVuZGVyVGV4dDsKKyAgICAgICAgICAgIGlmIChv YmotPmlzVGV4dCgpKQorICAgICAgICAgICAgICAgIHJlbmRlclRleHQgPSB0b1JlbmRlclRleHQo b2JqKTsKKyAgICAgICAgICAgIGVsc2UgaWYgKG9iai0+Zmlyc3RDaGlsZCgpICYmIG9iai0+Zmly c3RDaGlsZCgpLT5pc1RleHQoKSkgewogICAgICAgICAgICAgICAgIC8vIEhhbmRsZSBSZW5kZXJJ bmxpbmVzIChhbmQgYW55IG90aGVyIHNpbWlsaWFyIFJlbmRlck9iamVjdHMpLgogICAgICAgICAg ICAgICAgIHJlbmRlclRleHQgPSB0b1JlbmRlclRleHQob2JqLT5maXJzdENoaWxkKCkpOwotICAg ICAgICAgICAgICAgIGlmICghcmVuZGVyVGV4dCkKLSAgICAgICAgICAgICAgICAgICAgY29udGlu dWU7Ci0gICAgICAgICAgICB9CisgICAgICAgICAgICB9IGVsc2UKKyAgICAgICAgICAgICAgICBj b250aW51ZTsKIAogICAgICAgICAgICAgSW5saW5lVGV4dEJveCogYm94ID0gcmVuZGVyVGV4dC0+ Zmlyc3RUZXh0Qm94KCk7CiAgICAgICAgICAgICB3aGlsZSAoYm94KSB7Cg== 48153 2010-02-04 09:57:59 -0800 2010-02-04 10:35:43 -0800 Patch: Make textForObject check if a render object is text before running toRenderText 20100204_textForObjectCrash_34463.patch text/plain 1778 jmillan SW5kZXg6IFdlYkNvcmUvQ2hhbmdlTG9nCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvQ2hhbmdlTG9n CShyZXZpc2lvbiA1NDM0NykKKysrIFdlYkNvcmUvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBA IC0xLDMgKzEsMTQgQEAKKzIwMTAtMDItMDQgIEpvc8OpIE1pbGzDoW4gU290byAgPGptaWxsYW5A aWdhbGlhLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAg ICAgICBbR3RrXSB3ZWJraXRndGsgY3Jhc2hlZCB3aGVuIE9yY2Egb3BlbgorICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MzQ0NjMKKworICAgICAgICAqIGFj Y2Vzc2liaWxpdHkvZ3RrL0FjY2Vzc2liaWxpdHlPYmplY3RXcmFwcGVyQXRrLmNwcDoKKyAgICAg ICAgKHRleHRGb3JPYmplY3QpOgorICAgICAgICBDaGVja2luZyBpZiByZW5kZXIgb2JqZWN0cyBh cmUgdGV4dHMgYmVmb3JlIGNhbGxpbmcgdG9SZW5kZXJUZXh0CisKIDIwMTAtMDItMDQgIEFyaXlh IEhpZGF5YXQgIDxhcml5YS5oaWRheWF0QGdtYWlsLmNvbT4KIAogICAgICAgICBSZXZpZXdlZCBi eSBTaW1vbiBIYXVzbWFubi4KSW5kZXg6IFdlYkNvcmUvYWNjZXNzaWJpbGl0eS9ndGsvQWNjZXNz aWJpbGl0eU9iamVjdFdyYXBwZXJBdGsuY3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT0KLS0tIFdlYkNvcmUvYWNjZXNz aWJpbGl0eS9ndGsvQWNjZXNzaWJpbGl0eU9iamVjdFdyYXBwZXJBdGsuY3BwCShyZXZpc2lvbiA1 NDM0MikKKysrIFdlYkNvcmUvYWNjZXNzaWJpbGl0eS9ndGsvQWNjZXNzaWJpbGl0eU9iamVjdFdy YXBwZXJBdGsuY3BwCSh3b3JraW5nIGNvcHkpCkBAIC04ODQsMTQgKzg4NCwxNCBAQCBnY2hhciog dGV4dEZvck9iamVjdChBY2Nlc3NpYmlsaXR5UmVuZGVyCiAgICAgICAgICAgICAgICAgY29udGlu dWU7CiAgICAgICAgICAgICB9CiAKLSAgICAgICAgICAgIFJlbmRlclRleHQqIHJlbmRlclRleHQg PSB0b1JlbmRlclRleHQob2JqKTsKLSAgICAgICAgICAgIC8vIEJlIHN1cmUgd2UgaGF2ZSBhIFJl bmRlclRleHQgb2JqZWN0IHdlIGNhbiB3b3JrIHdpdGguCi0gICAgICAgICAgICBpZiAoIXJlbmRl clRleHQgfHwgIW9iai0+aXNUZXh0KCkpIHsKKyAgICAgICAgICAgIFJlbmRlclRleHQqIHJlbmRl clRleHQ7CisgICAgICAgICAgICBpZiAob2JqLT5pc1RleHQoKSkKKyAgICAgICAgICAgICAgICBy ZW5kZXJUZXh0ID0gdG9SZW5kZXJUZXh0KG9iaik7CisgICAgICAgICAgICBlbHNlIGlmIChvYmot PmZpcnN0Q2hpbGQoKSAmJiBvYmotPmZpcnN0Q2hpbGQoKS0+aXNUZXh0KCkpIHsKICAgICAgICAg ICAgICAgICAvLyBIYW5kbGUgUmVuZGVySW5saW5lcyAoYW5kIGFueSBvdGhlciBzaW1pbGlhciBS ZW5kZXJPYmplY3RzKS4KICAgICAgICAgICAgICAgICByZW5kZXJUZXh0ID0gdG9SZW5kZXJUZXh0 KG9iai0+Zmlyc3RDaGlsZCgpKTsKLSAgICAgICAgICAgICAgICBpZiAoIXJlbmRlclRleHQpCi0g ICAgICAgICAgICAgICAgICAgIGNvbnRpbnVlOwotICAgICAgICAgICAgfQorICAgICAgICAgICAg fSBlbHNlCisgICAgICAgICAgICAgICAgY29udGludWU7CiAKICAgICAgICAgICAgIElubGluZVRl eHRCb3gqIGJveCA9IHJlbmRlclRleHQtPmZpcnN0VGV4dEJveCgpOwogICAgICAgICAgICAgd2hp bGUgKGJveCkgewo=