Bug 32371 - body with display:inline causes crash
Summary: body with display:inline causes crash
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC All
: P2 Normal
Assignee: Nobody
Depends on:
Reported: 2009-12-10 03:53 PST by Shinichiro Hamaji
Modified: 2009-12-11 17:50 PST (History)
1 user (show)

See Also:

Patch v1 (4.75 KB, patch)
2009-12-10 03:56 PST, Shinichiro Hamaji
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Shinichiro Hamaji 2009-12-10 03:53:41 PST
The following HTML causes WebKit crash.

<body style="display: inline;">
  <marquee>No crash means PASS</marquee>
Comment 1 Shinichiro Hamaji 2009-12-10 03:56:11 PST
Created attachment 44605 [details]
Patch v1
Comment 2 WebKit Review Bot 2009-12-10 03:59:35 PST
style-queue ran check-webkit-style on attachment 44605 [details] without any errors.
Comment 3 Shinichiro Hamaji 2009-12-10 04:10:09 PST
The two modified lines assume <body> is always a block element. I used
encolsingBox instead of toRenderBox.

For FrameView::createScrollbar(), I'm not sure if using encolsingBox
is the best solution. We may be able to just check body->isBox() in
this if-clause.

For FrameView::layout(), I think we should use
encolsingBox. Otherwise, an unnecessary horizontal scrollbar will
appear for the testcase with marquee because the updated height won't
be considered.
Comment 4 Darin Adler 2009-12-11 09:40:02 PST
Comment on attachment 44605 [details]
Patch v1

Comment 5 Shinichiro Hamaji 2009-12-11 17:50:53 PST
Committed r52036: <http://trac.webkit.org/changeset/52036>