Summary: | WebCore::RenderBlock::determineStartPosition crash | ||||||||
---|---|---|---|---|---|---|---|---|---|
Product: | WebKit | Reporter: | Mike Lawther <mikelawther> | ||||||
Component: | Layout and Rendering | Assignee: | Nobody <webkit-unassigned> | ||||||
Status: | RESOLVED FIXED | ||||||||
Severity: | Normal | CC: | cabanier, eric, mitz, tasak, webkit.review.bot | ||||||
Priority: | P2 | ||||||||
Version: | 528+ (Nightly build) | ||||||||
Hardware: | Unspecified | ||||||||
OS: | Unspecified | ||||||||
Attachments: |
|
Description
Mike Lawther
2012-10-10 22:19:55 PDT
Affects Safari 6.0.1 and ToT. Created attachment 168896 [details]
Patch
Comment on attachment 168896 [details]
Patch
Shouldn't removing the line break object in the scenario you're describing dirty the line?
Can you simplify the test? It is not clear which style properties are significant to the bug and whether the node has to be moved or merely removed.
Created attachment 169080 [details]
Patch
(In reply to comment #3) Thank you for reviewing. I updated the condition, because the comment says: // The previous line didn't break cleanly or broke at a newline // that has been deleted, so treat it as dirty too. I think, this would match the case:"The previous line broke at a newline that has been deleted." > (From update of attachment 168896 [details]) > Shouldn't removing the line break object in the scenario you're describing dirty the line? Removing the line break object is caused by Node::detach(). So, I think, it is a little difficult to avoid removing, because render objects related to the line break might be destroyed. #0 WebCore::RootInlineBox::childRemoved (this=0x7fffeaa96a98, box=0x7fffea924b58) #1 0x0000000001ea359c in WebCore::InlineFlowBox::removeChild (this=0x7fffea924a38, child=0x7fffea924b58) #2 0x0000000001ea0b73 in WebCore::InlineBox::remove (this=0x7fffea924b58) #3 0x0000000001f8c85d in WebCore::RenderInline::willBeDestroyed (this=0x7fffea8fdeb8) #4 0x0000000001ffce75 in WebCore::RenderObject::destroy (this=0x7fffea8fdeb8) #5 0x0000000001ffcd7d in WebCore::RenderObject::destroyAndCleanupAnonymousWrappers (this=0x7fffea8fdeb8) #6 0x00000000010acaa2 in WebCore::Node::detach (this=0x7fffeaa05200) > Can you simplify the test? It is not clear which style properties are significant to the bug and whether the node has to be moved or merely removed. I see. I updated the test. Best regards, Takashi Sakamoto Comment on attachment 169080 [details]
Patch
Looks good. R=me.
Comment on attachment 169080 [details] Patch Clearing flags on attachment: 169080 Committed r135684: <http://trac.webkit.org/changeset/135684> All reviewed patches have been landed. Closing bug. |