At one point we assert that !o->isAnonymousBlock(), but it's quite possible that o is null.
Created attachment 179347 [details] Patch
Comment on attachment 179347 [details] Patch R=me. That looks safe. Later in the function there's a similar !o || !o->foo() assert.
Comment on attachment 179347 [details] Patch Clearing flags on attachment: 179347 Committed r137674: <http://trac.webkit.org/changeset/137674>
All reviewed patches have been landed. Closing bug.
Why didn't this patch have a regression test? It's not OK to ignore those for fixes made through code inspection (I'd say that it's even more important for those fixes).
(In reply to comment #5) > Why didn't this patch have a regression test? It's not OK to ignore those for fixes made through code inspection (I'd say that it's even more important for those fixes). This patch was not initiated by code inspection, it was made to fix a debug-only crash in a layout test http://test-results.appspot.com/dashboards/flakiness_dashboard.html#tests=fullscreen%2Ffull-screen-fixed-pos-parent.html%2Cfullscreen%2Ffull-screen-iframe-without-allow-attribute-allowed-from-parent.html The crash resulted from asking a valid RenderObject what its containing block was -- something that, I believe, shouldn't run you the risk of crashing -- and appeared to be an oversight when the assertion was written.