| Summary: | Regression(r85355): Crash with two table captions when child visible and enclosing layer invisible | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | Abhishek Arya <inferno> | ||||
| Component: | Tables | Assignee: | Abhishek Arya <inferno> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | ademar, bdakin, hyatt, jamesr, mitz | ||||
| Priority: | P1 | ||||||
| Version: | 528+ (Nightly build) | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Attachments: |
|
||||||
As you can see we don't need to removchild earlier, renderobject destroy will call it at the right time.
void RenderObject::destroy()
{
.......
remove();
Created attachment 93962 [details]
Patch
Comment on attachment 93962 [details]
Patch
r=me
Committed r86781: <http://trac.webkit.org/changeset/86781> Revision r86781 cherry-picked into qtwebkit-2.2 with commit 2907a02 <http://gitorious.org/webkit/qtwebkit/commit/2907a02> |
Testcase:: <html> <body> <div style="visibility: collapse;"> <table> <caption>Test passes if it does not crash.</caption> <caption> <span style="visibility: visible;"></span> </caption> </table> </div> <script> if (window.layoutTestController) layoutTestController.dumpAsText(); </script> </body> </html> Fixing it. RenderObjectChildList::removeChildNode crashes on a null pointer in if (owner->style()->visibility() != VISIBLE && oldChild->style()->visibility() == VISIBLE && !oldChild->hasLayer()) { layer = owner->enclosingLayer(); layer->dirtyVisibleContentStatus(); Problem is we don't need the removechild call since destroy caption already calls it later. calling removechild earlier removes it from parent and hence our enclosing layer comes out null. }