129948 – Crash in RenderBlock::addChildIgnoringAnonymousColumnBlocks when region-based multicol enabled

Bug 129948 - Crash in RenderBlock::addChildIgnoringAnonymousColumnBlocks when region-based multicol enabled

Summary: Crash in RenderBlock::addChildIgnoringAnonymousColumnBlocks when region-based...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	528+ (Nightly build)
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Dave Hyatt

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2014-03-07 17:45 PST by Vicki Pfau
Modified:	2014-03-21 11:13 PDT (History)
CC List:	6 users (show)

See Also:

Attachments
Repro (145 bytes, text/html) 2014-03-07 17:45 PST, Vicki Pfau	no flags	Details
Patch (3.73 KB, patch) 2014-03-21 11:10 PDT, Dave Hyatt	simon.fraser: review+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vicki Pfau 2014-03-07 17:45:43 PST

Created attachment 226192 [details]
Repro

The attached repro will cause WebKit to crash in WebCore::RenderBlock::addChildIgnoringAnonymousColumnBlocks(WebCore::RenderObject*, WebCore::RenderObject*) when run in DumpRenderTree, and only when it enables the region-based multicol code path.

<rdar://problem/16074072>

Comment 1 Dave Hyatt 2014-03-21 11:10:11 PDT

Created attachment 227460 [details]
Patch

Comment 2 Dave Hyatt 2014-03-21 11:13:55 PDT

Fix landed in r166078.