Bug 32371

Summary: body with display:inline causes crash
Product: WebKit Reporter: Shinichiro Hamaji <hamaji>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
Attachments:
Description Flags
Patch v1 darin: review+

Description Shinichiro Hamaji 2009-12-10 03:53:41 PST 
The following HTML causes WebKit crash.

<body style="display: inline;">
  <marquee>No crash means PASS</marquee>
</body>
Comment 1 Shinichiro Hamaji 2009-12-10 03:56:11 PST 
Created attachment 44605 [details]
Patch v1
Comment 2 WebKit Review Bot 2009-12-10 03:59:35 PST 
style-queue ran check-webkit-style on attachment 44605 [details] without any errors.
Comment 3 Shinichiro Hamaji 2009-12-10 04:10:09 PST 
The two modified lines assume <body> is always a block element. I used
encolsingBox instead of toRenderBox.

For FrameView::createScrollbar(), I'm not sure if using encolsingBox
is the best solution. We may be able to just check body->isBox() in
this if-clause.

For FrameView::layout(), I think we should use
encolsingBox. Otherwise, an unnecessary horizontal scrollbar will
appear for the testcase with marquee because the updated height won't
be considered.
Comment 4 Darin Adler 2009-12-11 09:40:02 PST 
Comment on attachment 44605 [details]
Patch v1

r=me
Comment 5 Shinichiro Hamaji 2009-12-11 17:50:53 PST 
Committed r52036: <http://trac.webkit.org/changeset/52036>