| Summary: | Be more defensive at renderer type checking when initializing flow segments. | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | zalan <zalan> | ||||||
| Component: | Layout and Rendering | Assignee: | zalan <zalan> | ||||||
| Status: | RESOLVED FIXED | ||||||||
| Severity: | Normal | CC: | commit-queue, ddkilzer, esprehn+autocc, glenn, koivisto, kondapallykalyan | ||||||
| Priority: | P2 | ||||||||
| Version: | 528+ (Nightly build) | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Unspecified | ||||||||
| Attachments: |
|
||||||||
|
Description
zalan
2015-06-12 15:00:36 PDT
Created attachment 254824 [details]
Patch
It results in broken rendering (missing pieces) vs. crash. Comment on attachment 254824 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=254824&action=review > Source/WebCore/rendering/SimpleLineLayoutFlowContents.cpp:50 > continue; > - } > - ASSERT(is<RenderText>(child)); > - const auto& textChild = downcast<RenderText>(child); > - unsigned textLength = textChild.text()->length(); > - segments.append(FlowContents::Segment { startPosition, startPosition + textLength, textChild.text(), textChild }); > - startPosition += textLength; > + } else if (is<RenderText>(child)) { No need to say 'else' after 'continue'. Comment on attachment 254824 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=254824&action=review > Source/WebCore/rendering/SimpleLineLayoutFlowContents.cpp:56 > + startPosition += textLength; > + } else > + ASSERT_NOT_REACHED(); This too could do continue without else. Created attachment 254846 [details]
Patch
Comment on attachment 254846 [details] Patch Clearing flags on attachment: 254846 Committed r185531: <http://trac.webkit.org/changeset/185531> All reviewed patches have been landed. Closing bug. |