Fix for infinite loop in bidi.cpp
David Faure
faure at kde.org
Mon Nov 24 16:06:36 GMT 2003
Testcase:
www.expedia.ca, "destinations" tab, Acapulco, type 'New York' in 'departing from',
and tomorrow in the departure date.
I had a reproduceable infinite loop in RenderBlock::layoutInilineChildren, due
to findNextLineBreak going back and forth.
start and end were 1 and 34, then 34 and 1, then 1 and 34 etc.
(gdb)
1177 end = findNextLineBreak(start);
(gdb) p start
$3 = {par = 0x8592ee0, obj = 0x8593094, isText = true, pos = 34}
(gdb) n
1178 if( start.atEnd() ) break;
(gdb) p end
$4 = {par = 0x8592ee0, obj = 0x8593094, isText = true, pos = 1}
Same object, but it went back.
And in findNextLineBreak:
1307 } else if ( o->isText() ) {
(gdb)
1308 RenderText *t = static_cast<RenderText *>(o);
(gdb)
1309 int strlen = t->stringLength();
(gdb)
1310 int len = strlen - pos;
(gdb)
1311 QChar *str = t->text();
(gdb) p strlen
$8 = 35
(gdb) p len
$9 = 1
(gdb) n
1312 if (style()->whiteSpace() == NOWRAP || t->style()->whiteSpace() == NOWRAP) {
(gdb)
1313 tmpW += t->maxWidth();
(gdb)
1314 pos = len;
(gdb)
1315 len = 0;
(gdb) p pos
$10 = 1
Suggested patch:
Index: bidi.cpp
===================================================================
RCS file: /home/kde/kdelibs/khtml/rendering/bidi.cpp,v
retrieving revision 1.174
diff -u -p -r1.174 bidi.cpp
--- bidi.cpp 3 Nov 2003 18:06:13 -0000 1.174
+++ bidi.cpp 24 Nov 2003 16:04:08 -0000
@@ -1311,7 +1311,7 @@ BidiIterator RenderBlock::findNextLineBr
QChar *str = t->text();
if (style()->whiteSpace() == NOWRAP || t->style()->whiteSpace() == NOWRAP) {
tmpW += t->maxWidth();
- pos = len;
+ pos = strlen;
len = 0;
} else {
const Font *f = t->htmlFont( m_firstLine );
(amazing that this code hasn't changed for a year, and we didn't get this before...)
--
David FAURE, faure at kde.org, sponsored by Trolltech to work on KDE,
Konqueror (http://www.konqueror.org), and KOffice (http://www.koffice.org).
More information about the kfm-devel
mailing list