RESOLVED FIXED Bug 68938
REGRESSION(r95573): Crash when loading SVG documents in a flattened frame or any SVG document in Chromium/Mac. 
https://bugs.webkit.org/show_bug.cgi?id=68938
Summary REGRESSION(r95573): Crash when loading SVG documents in a flattened frame or ...
Dimitri Glazkov (Google)
Reported 2011-09-27 14:35:46 PDT
[Chromium/Mac] REGRESSION(r95573): All SVG documents crash on loading.
Attachments
Patch (4.99 KB, patch)
2011-09-27 14:39 PDT, Dimitri Glazkov (Google) 		no flags
DetailsFormatted DiffDiff
Patch (6.37 KB, patch)
2011-09-28 09:30 PDT, Dimitri Glazkov (Google) 		no flags
DetailsFormatted DiffDiff
Patch (8.60 KB, patch)
2011-09-28 13:27 PDT, Dimitri Glazkov (Google) 		hyatt: review+
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Dimitri Glazkov (Google)
Comment 1 2011-09-27 14:39:55 PDT
Created attachment 108901 [details] Patch
Dimitri Glazkov (Google)
Comment 2 2011-09-27 15:55:54 PDT
Comment on attachment 108901 [details] Patch needs more testing.
Dimitri Glazkov (Google)
Comment 3 2011-09-28 09:30:41 PDT
Created attachment 109028 [details] Patch
Dave Hyatt
Comment 4 2011-09-28 09:34:43 PDT
Comment on attachment 109028 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=109028&action=review Really does seem odd that Chromium is calling this on the RenderView... how do you even get the answer you want? I'm not convinced this is even doing what you think it's doing. > Source/WebCore/rendering/RenderBlock.cpp:4897 > - LayoutUnit cw = containingBlock()->contentLogicalWidth(); > + LayoutUnit cw = containingBlockOrSelf(this)->contentLogicalWidth(); I wouldn't do it this way, since it doesn't really make any sense. This value really shouldn't even be used by anything since the RenderView can't have percentage heights/widths specified on it, so null checking should be better. RenderBlock* cb = containingBlock(); LayoutUnit cw = cb ? cb->contentLogicalWidth() : 0; I'd prefer that.
Dimitri Glazkov (Google)
Comment 5 2011-09-28 13:27:02 PDT
Created attachment 109062 [details] Patch
Dimitri Glazkov (Google)
Comment 6 2011-09-28 13:29:46 PDT
(In reply to comment #4) > (From update of attachment 109028 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=109028&action=review > > Really does seem odd that Chromium is calling this on the RenderView... how do you even get the answer you want? I'm not convinced this is even doing what you think it's doing. Added test for flattened frames which also causes the same crash. > > > Source/WebCore/rendering/RenderBlock.cpp:4897 > > - LayoutUnit cw = containingBlock()->contentLogicalWidth(); > > + LayoutUnit cw = containingBlockOrSelf(this)->contentLogicalWidth(); > > I wouldn't do it this way, since it doesn't really make any sense. This value really shouldn't even be used by anything since the RenderView can't have percentage heights/widths specified on it, so null checking should be better. > > RenderBlock* cb = containingBlock(); > LayoutUnit cw = cb ? cb->contentLogicalWidth() : 0; > > I'd prefer that. Done!
Dave Hyatt
Comment 7 2011-09-28 13:31:39 PDT
Comment on attachment 109062 [details] Patch r=me
Dimitri Glazkov (Google)
Comment 8 2011-09-28 13:54:52 PDT
Committed r96258: <http://trac.webkit.org/changeset/96258>
Note You need to log in before you can comment on or make changes to this bug.