RESOLVED FIXED61083
Regression(r85355): Crash with two table captions when child visible and enclosing layer invisible 
https://bugs.webkit.org/show_bug.cgi?id=61083
Summary Regression(r85355): Crash with two table captions when child visible and encl...
Abhishek Arya
Reported 2011-05-18 11:38:18 PDT
Testcase:: <html> <body> <div style="visibility: collapse;"> <table> <caption>Test passes if it does not crash.</caption> <caption> <span style="visibility: visible;"></span> </caption> </table> </div> <script> if (window.layoutTestController) layoutTestController.dumpAsText(); </script> </body> </html> Fixing it. RenderObjectChildList::removeChildNode crashes on a null pointer in if (owner->style()->visibility() != VISIBLE && oldChild->style()->visibility() == VISIBLE && !oldChild->hasLayer()) { layer = owner->enclosingLayer(); layer->dirtyVisibleContentStatus(); Problem is we don't need the removechild call since destroy caption already calls it later. calling removechild earlier removes it from parent and hence our enclosing layer comes out null. }
Attachments
Patch (3.21 KB, patch)
2011-05-18 12:18 PDT, Abhishek Arya 		bdakin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Abhishek Arya
Comment 1 2011-05-18 11:42:29 PDT
As you can see we don't need to removchild earlier, renderobject destroy will call it at the right time. void RenderObject::destroy() { ....... remove();
Abhishek Arya
Comment 2 2011-05-18 12:18:19 PDT
Created attachment 93962 [details] Patch
Beth Dakin
Comment 3 2011-05-18 12:27:55 PDT
Comment on attachment 93962 [details] Patch r=me
Abhishek Arya
Comment 4 2011-05-18 12:30:59 PDT
Committed r86781: <http://trac.webkit.org/changeset/86781>
Ademar Reis
Comment 5 2011-05-19 13:35:25 PDT
Revision r86781 cherry-picked into qtwebkit-2.2 with commit 2907a02 <http://gitorious.org/webkit/qtwebkit/commit/2907a02>
Note You need to log in before you can comment on or make changes to this bug.