Bug 68938

Summary: REGRESSION(r95573): Crash when loading SVG documents in a flattened frame or any SVG document in Chromium/Mac.
Product: WebKit Reporter: Dimitri Glazkov (Google) <dglazkov>
Component: New BugsAssignee: Dimitri Glazkov (Google) <dglazkov>
Status: RESOLVED FIXED    
Severity: Normal CC: hyatt, thorton
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 68480    
Attachments:
Description Flags
Patch
none
Patch
none
Patch hyatt: review+

Dimitri Glazkov (Google)
Reported 2011-09-27 14:35:46 PDT
[Chromium/Mac] REGRESSION(r95573): All SVG documents crash on loading.
Attachments
Patch (4.99 KB, patch)
2011-09-27 14:39 PDT, Dimitri Glazkov (Google) 		no flags
DetailsFormatted DiffDiff
Patch (6.37 KB, patch)
2011-09-28 09:30 PDT, Dimitri Glazkov (Google) 		no flags
DetailsFormatted DiffDiff
Patch (8.60 KB, patch)
2011-09-28 13:27 PDT, Dimitri Glazkov (Google) 		hyatt: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Dimitri Glazkov (Google)
Comment 1 2011-09-27 14:39:55 PDT
Created attachment 108901 [details] Patch
Dimitri Glazkov (Google)
Comment 2 2011-09-27 15:55:54 PDT
Comment on attachment 108901 [details] Patch needs more testing.
Dimitri Glazkov (Google)
Comment 3 2011-09-28 09:30:41 PDT
Created attachment 109028 [details] Patch
Dave Hyatt
Comment 4 2011-09-28 09:34:43 PDT
Comment on attachment 109028 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=109028&action=review Really does seem odd that Chromium is calling this on the RenderView... how do you even get the answer you want? I'm not convinced this is even doing what you think it's doing. > Source/WebCore/rendering/RenderBlock.cpp:4897 > - LayoutUnit cw = containingBlock()->contentLogicalWidth(); > + LayoutUnit cw = containingBlockOrSelf(this)->contentLogicalWidth(); I wouldn't do it this way, since it doesn't really make any sense. This value really shouldn't even be used by anything since the RenderView can't have percentage heights/widths specified on it, so null checking should be better. RenderBlock* cb = containingBlock(); LayoutUnit cw = cb ? cb->contentLogicalWidth() : 0; I'd prefer that.
Dimitri Glazkov (Google)
Comment 5 2011-09-28 13:27:02 PDT
Created attachment 109062 [details] Patch
Dimitri Glazkov (Google)
Comment 6 2011-09-28 13:29:46 PDT
(In reply to comment #4) > (From update of attachment 109028 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=109028&action=review > > Really does seem odd that Chromium is calling this on the RenderView... how do you even get the answer you want? I'm not convinced this is even doing what you think it's doing. Added test for flattened frames which also causes the same crash. > > > Source/WebCore/rendering/RenderBlock.cpp:4897 > > - LayoutUnit cw = containingBlock()->contentLogicalWidth(); > > + LayoutUnit cw = containingBlockOrSelf(this)->contentLogicalWidth(); > > I wouldn't do it this way, since it doesn't really make any sense. This value really shouldn't even be used by anything since the RenderView can't have percentage heights/widths specified on it, so null checking should be better. > > RenderBlock* cb = containingBlock(); > LayoutUnit cw = cb ? cb->contentLogicalWidth() : 0; > > I'd prefer that. Done!
Dave Hyatt
Comment 7 2011-09-28 13:31:39 PDT
Comment on attachment 109062 [details] Patch r=me
Dimitri Glazkov (Google)
Comment 8 2011-09-28 13:54:52 PDT
Committed r96258: <http://trac.webkit.org/changeset/96258>
Note You need to log in before you can comment on or make changes to this bug.