Bug 18134

Summary: Crash setting -webkit-transform on a table row
Product: WebKit Reporter: David Smith <catfish.man>
Component: Layout and RenderingAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: bdakin, mitz
Priority: P1 Keywords: HasReduction, InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
URL: http://arstechnica.com
Attachments:
Description Flags
Backtrace
none
Reduction (will crash) none

David Smith
Reported 2008-03-26 23:07:50 PDT
Steps to reproduce: 1) put the following rules in a user stylesheet h1, h2, h3, h4, h5, h6 { -webkit-transform: rotate(10deg); } p { -webkit-transform: rotate(-10deg); } tr { -webkit-transform: skew(50deg); } 2) go to arstechnica.com r31356/10.5.2/Intel
Attachments
Backtrace (25.96 KB, text/plain)
2008-03-26 23:11 PDT, David Smith 		no flags
Details
Reduction (will crash) (197 bytes, text/html)
2008-03-30 17:06 PDT, mitz 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
David Smith
Comment 1 2008-03-26 23:11:46 PDT
Created attachment 20115 [details] Backtrace First few frames: Thread 0 Crashed: 0 com.apple.WebCore 0x00e273ef WebCore::RenderBlock::insertPositionedObject(WebCore::RenderObject*) + 15 1 com.apple.WebCore 0x00ffa524 WebCore::RenderBlock::layoutInlineChildren(bool, int&, int&) + 2884 2 com.apple.WebCore 0x00e305ea WebCore::RenderBlock::layoutBlock(bool) + 714 3 com.apple.WebCore 0x00e8d8c2 WebCore::RenderTableCell::layout() + 34 4 com.apple.WebCore 0x00e91676 WebCore::RenderTableRow::layout() + 214
mitz
Comment 2 2008-03-30 17:06:23 PDT
Created attachment 20226 [details] Reduction (will crash) Having a transform turns the table row into a containing block, but only RenderBlocks can be containing blocks.
mitz
Comment 3 2008-03-30 17:07:52 PDT
<rdar://problem/5830746>
Simon Fraser (smfr)
Comment 4 2008-09-30 18:07:38 PDT
No longer crashes on TOT. I think this was fixed in r32861.
Simon Fraser (smfr)
Comment 5 2008-10-24 14:39:20 PDT
Fixed in r32861, <rdar://problem/5840475>
Simon Fraser (smfr)
Comment 6 2009-01-27 21:00:21 PST
http://trac.webkit.org/changeset/32861
Note You need to log in before you can comment on or make changes to this bug.