Bug 180251

Summary: Nullptr deref in WebCore::RenderTableCaption::containingBlockLogicalWidthForContent
Product: WebKit Reporter: alan <zalan>
Component: Layout and RenderingAssignee: alan <zalan>
Status: RESOLVED FIXED    
Severity: Normal CC: bfulgham, commit-queue, simon.fraser, zalan
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

alan
Reported 2017-12-01 08:44:22 PST
rdar://problem/34138562
Attachments
Patch (4.70 KB, patch)
2017-12-01 08:54 PST, alan 		no flags
DetailsFormatted DiffDiff
Patch (4.72 KB, patch)
2017-12-01 10:43 PST, alan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
alan
Comment 1 2017-12-01 08:54:31 PST
Created attachment 328095 [details] Patch
alan
Comment 2 2017-12-01 08:59:13 PST
In an ideal world we would never end up calling containingBlockLogicalWidthForContent on a detached renderer. There's no reason why we would want the containing block's logical width unless we are performing layout.
Simon Fraser (smfr)
Comment 3 2017-12-01 10:23:29 PST
Comment on attachment 328095 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=328095&action=review > LayoutTests/fast/table/caption-crash-when-layer-backed.html:6 > + will-change: -webkit-transform; No prefix. > LayoutTests/fast/table/caption-crash-when-layer-backed.html:8 > + -webkit-background-clip: content; Not sure why this is needed.
alan
Comment 4 2017-12-01 10:43:02 PST
Created attachment 328119 [details] Patch
alan
Comment 5 2017-12-01 10:44:48 PST
(In reply to Simon Fraser (smfr) from comment #3) > Comment on attachment 328095 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=328095&action=review > > > LayoutTests/fast/table/caption-crash-when-layer-backed.html:6 > > + will-change: -webkit-transform; > > No prefix. > > > LayoutTests/fast/table/caption-crash-when-layer-backed.html:8 > > + -webkit-background-clip: content; > > Not sure why this is needed. backgroundClip needs to be either PaddingFillBox or ContentFillBox to force padding/border etc resolving.
WebKit Commit Bot
Comment 6 2017-12-01 11:15:36 PST
Comment on attachment 328119 [details] Patch Clearing flags on attachment: 328119 Committed r225402: <https://trac.webkit.org/changeset/225402>
WebKit Commit Bot
Comment 7 2017-12-01 11:15:38 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.