Bug 70392

Summary: Multiple crashes in RenderTable during layout
Product: WebKit Reporter: Julien Chaffraix <jchaffraix>
Component: TablesAssignee: Julien Chaffraix <jchaffraix>
Status: RESOLVED FIXED    
Severity: Normal CC: jamesr, robert, simon.fraser, webkit.review.bot
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Proposed fix: Check node() in 2 call sites. none

Julien Chaffraix
Reported 2011-10-18 18:08:31 PDT
Following r97555, there is several crashes reported either in RenderTable::layout or RenderTable::computeLogicalWidth. It looks like this is due to the following lines: RenderTable::computeLogicalWidth > if (!node()->hasTagName(tableTag)) { RenderTable::layout > LayoutUnit borders = node()->hasTagName(tableTag) ? (borderAndPaddingBefore + borderAndPaddingAfter) : 0; If we have an anonymous table, Node::hasTagName will happily do a NULL-dereferencing. Patch coming soon in a bugzilla near you.
Attachments
Proposed fix: Check node() in 2 call sites. (5.99 KB, patch)
2011-10-18 18:39 PDT, Julien Chaffraix 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Julien Chaffraix
Comment 1 2011-10-18 18:39:28 PDT
Created attachment 111550 [details] Proposed fix: Check node() in 2 call sites.
WebKit Review Bot
Comment 2 2011-10-19 18:35:37 PDT
Comment on attachment 111550 [details] Proposed fix: Check node() in 2 call sites. Clearing flags on attachment: 111550 Committed r97907: <http://trac.webkit.org/changeset/97907>
WebKit Review Bot
Comment 3 2011-10-19 18:35:41 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.