Bug 32371

Summary: body with display:inline causes crash
Product: WebKit Reporter: Shinichiro Hamaji <hamaji>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: All   
Attachments:
Description Flags
Patch v1 darin: review+

Shinichiro Hamaji
Reported 2009-12-10 03:53:41 PST
The following HTML causes WebKit crash. <body style="display: inline;"> <marquee>No crash means PASS</marquee> </body>
Attachments
Patch v1 (4.75 KB, patch)
2009-12-10 03:56 PST, Shinichiro Hamaji 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Shinichiro Hamaji
Comment 1 2009-12-10 03:56:11 PST
Created attachment 44605 [details] Patch v1
WebKit Review Bot
Comment 2 2009-12-10 03:59:35 PST
style-queue ran check-webkit-style on attachment 44605 [details] without any errors.
Shinichiro Hamaji
Comment 3 2009-12-10 04:10:09 PST
The two modified lines assume <body> is always a block element. I used encolsingBox instead of toRenderBox. For FrameView::createScrollbar(), I'm not sure if using encolsingBox is the best solution. We may be able to just check body->isBox() in this if-clause. For FrameView::layout(), I think we should use encolsingBox. Otherwise, an unnecessary horizontal scrollbar will appear for the testcase with marquee because the updated height won't be considered.
Darin Adler
Comment 4 2009-12-11 09:40:02 PST
Comment on attachment 44605 [details] Patch v1 r=me
Shinichiro Hamaji
Comment 5 2009-12-11 17:50:53 PST
Committed r52036: <http://trac.webkit.org/changeset/52036>
Note You need to log in before you can comment on or make changes to this bug.