Bug 129948

Summary: Crash in RenderBlock::addChildIgnoringAnonymousColumnBlocks when region-based multicol enabled
Product: WebKit Reporter: Vicki Pfau <jeffrey+webkit>
Component: Layout and RenderingAssignee: Dave Hyatt <hyatt>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, esprehn+autocc, glenn, hyatt, kondapallykalyan, mstensho
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Repro
none
Patch simon.fraser: review+

Description Vicki Pfau 2014-03-07 17:45:43 PST 
Created attachment 226192 [details]
Repro

The attached repro will cause WebKit to crash in WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks(WebCore::RenderObject*, WebCore::RenderObject*) when run in DumpRenderTree, and only when it enables the region-based multicol code path.

<rdar://problem/16074072>
Comment 1 Dave Hyatt 2014-03-21 11:10:11 PDT 
Created attachment 227460 [details]
Patch
Comment 2 Dave Hyatt 2014-03-21 11:13:55 PDT 
Fix landed in r166078.