WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
145942
Be more defensive at renderer type checking when initializing flow segments.
https://bugs.webkit.org/show_bug.cgi?id=145942
Summary
Be more defensive at renderer type checking when initializing flow segments.
zalan
Reported
2015-06-12 15:00:36 PDT
If we miss invalidating simple line layout path properly, we could end up in FlowContents->initializeSegments with a renderer that we don't support yet.
Attachments
Patch
(2.67 KB, patch)
2015-06-12 15:25 PDT
,
zalan
no flags
Details
Formatted Diff
Diff
Patch
(2.82 KB, patch)
2015-06-12 19:00 PDT
,
zalan
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
zalan
Comment 1
2015-06-12 15:25:17 PDT
Created
attachment 254824
[details]
Patch
zalan
Comment 2
2015-06-12 15:25:48 PDT
It results in broken rendering (missing pieces) vs. crash.
Antti Koivisto
Comment 3
2015-06-12 15:52:07 PDT
Comment on
attachment 254824
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=254824&action=review
> Source/WebCore/rendering/SimpleLineLayoutFlowContents.cpp:50 > continue; > - } > - ASSERT(is<RenderText>(child)); > - const auto& textChild = downcast<RenderText>(child); > - unsigned textLength = textChild.text()->length(); > - segments.append(FlowContents::Segment { startPosition, startPosition + textLength, textChild.text(), textChild }); > - startPosition += textLength; > + } else if (is<RenderText>(child)) {
No need to say 'else' after 'continue'.
Antti Koivisto
Comment 4
2015-06-12 15:55:06 PDT
Comment on
attachment 254824
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=254824&action=review
> Source/WebCore/rendering/SimpleLineLayoutFlowContents.cpp:56 > + startPosition += textLength; > + } else > + ASSERT_NOT_REACHED();
This too could do continue without else.
zalan
Comment 5
2015-06-12 19:00:52 PDT
Created
attachment 254846
[details]
Patch
WebKit Commit Bot
Comment 6
2015-06-12 20:25:36 PDT
Comment on
attachment 254846
[details]
Patch Clearing flags on attachment: 254846 Committed
r185531
: <
http://trac.webkit.org/changeset/185531
>
WebKit Commit Bot
Comment 7
2015-06-12 20:25:41 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug