RESOLVED FIXED 112515
[CSSRegions] Crash reflowing content in variable width regions 
https://bugs.webkit.org/show_bug.cgi?id=112515
Summary [CSSRegions] Crash reflowing content in variable width regions
Mihnea Ovidenie
Reported 2013-03-17 03:05:53 PDT
1. Assume we have 2 variable width regions, first small and the second larger in width 2. We flow floating content in these regions 3. After layout is done, we replace the floating content with inline content => the floats are cleared from their blocks (and associated data structures) 4. We layout inline content which does not fully fit in the first smaller region and needs to be moved to the next region 5. When we try to clear the remaining line layout in order to be moved to the next region, floats need to be cleared too 6. When trying to clear the floats in RenderBlock::removeFloatingObjectsBelow, we do not check if m_floatingObjects->set() is not empty before attempting to retrieve the last float from the collection (after step3, m_floatingObjects != 0 but m_floatingObjects.set() is not empty) 7. ASSERT
Attachments
Patch (5.68 KB, patch)
2013-03-17 04:39 PDT, Mihnea Ovidenie 		no flags
DetailsFormatted DiffDiff
Patch for landing (6.09 KB, patch)
2013-03-19 01:47 PDT, Mihnea Ovidenie 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Mihnea Ovidenie
Comment 1 2013-03-17 04:39:03 PDT
Created attachment 193462 [details] Patch
Dave Hyatt
Comment 2 2013-03-18 12:29:44 PDT
Comment on attachment 193462 [details] Patch r=me
Mihnea Ovidenie
Comment 3 2013-03-19 01:47:11 PDT
Created attachment 193757 [details] Patch for landing
WebKit Review Bot
Comment 4 2013-03-19 02:11:26 PDT
Comment on attachment 193757 [details] Patch for landing Clearing flags on attachment: 193757 Committed r146192: <http://trac.webkit.org/changeset/146192>
WebKit Review Bot
Comment 5 2013-03-19 02:11:30 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.