RESOLVED FIXED 32371
body with display:inline causes crash
https://bugs.webkit.org/show_bug.cgi?id=32371
Summary body with display:inline causes crash
Shinichiro Hamaji
Reported 2009-12-10 03:53:41 PST
The following HTML causes WebKit crash. <body style="display: inline;"> <marquee>No crash means PASS</marquee> </body>
Attachments
Patch v1 (4.75 KB, patch)
2009-12-10 03:56 PST, Shinichiro Hamaji
darin: review+
Shinichiro Hamaji
Comment 1 2009-12-10 03:56:11 PST
Created attachment 44605 [details] Patch v1
WebKit Review Bot
Comment 2 2009-12-10 03:59:35 PST
style-queue ran check-webkit-style on attachment 44605 [details] without any errors.
Shinichiro Hamaji
Comment 3 2009-12-10 04:10:09 PST
The two modified lines assume <body> is always a block element. I used encolsingBox instead of toRenderBox. For FrameView::createScrollbar(), I'm not sure if using encolsingBox is the best solution. We may be able to just check body->isBox() in this if-clause. For FrameView::layout(), I think we should use encolsingBox. Otherwise, an unnecessary horizontal scrollbar will appear for the testcase with marquee because the updated height won't be considered.
Darin Adler
Comment 4 2009-12-11 09:40:02 PST
Comment on attachment 44605 [details] Patch v1 r=me
Shinichiro Hamaji
Comment 5 2009-12-11 17:50:53 PST
Note You need to log in before you can comment on or make changes to this bug.