Bug 108084

Summary: Crash inside RenderBlock::layoutRunsAndFloatsInRange in the widow code
Product: WebKit Reporter: Julien Chaffraix <jchaffraix>
Component: Layout and RenderingAssignee: Julien Chaffraix <jchaffraix>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, dino, eric, ojan.autocc, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Proposed blind fix. none

Julien Chaffraix
Reported 2013-01-28 08:16:49 PST
We are getting bug reports for a crasher in the widow code. I tried several times to see if I could get a reproduction but unfortunately couldn't. Here is the code involved (line 1663 in RenderBlockLineLayout.cpp): int numLinesHanging = 1; while (lineBox && lineBox != firstLineInBlock && !lineBox->isFirstAfterPageBreak()) { ... } // If there were no breaks in the block, we didn't create any widows. if (!lineBox->isFirstAfterPageBreak() || lineBox == firstLineInBlock) return; The crash is a NULL dereference that happens in the 'if'. The 'while' NULL-checks |lineBox| but the following 'if' doesn't, which makes me think that this is the bug.
Attachments
Proposed blind fix. (1.76 KB, patch)
2013-01-28 08:41 PST, Julien Chaffraix 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Julien Chaffraix
Comment 1 2013-01-28 08:41:56 PST
Created attachment 184991 [details] Proposed blind fix.
WebKit Review Bot
Comment 2 2013-01-28 14:29:52 PST
Comment on attachment 184991 [details] Proposed blind fix. Clearing flags on attachment: 184991 Committed r141009: <http://trac.webkit.org/changeset/141009>
WebKit Review Bot
Comment 3 2013-01-28 14:29:55 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.