70392 – Multiple crashes in RenderTable during layout

Bug 70392 - Multiple crashes in RenderTable during layout

Summary: Multiple crashes in RenderTable during layout

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Tables (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P1 Normal
Assignee:	Julien Chaffraix

URL:
Keywords:

Depends on:
Blocks:

Reported:	2011-10-18 18:08 PDT by Julien Chaffraix
Modified:	2011-10-19 18:35 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Proposed fix: Check node() in 2 call sites. (5.99 KB, patch) 2011-10-18 18:39 PDT, Julien Chaffraix	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Julien Chaffraix 2011-10-18 18:08:31 PDT

Following r97555, there is several crashes reported either in RenderTable::layout or RenderTable::computeLogicalWidth.

It looks like this is due to the following lines:

RenderTable::computeLogicalWidth
> if (!node()->hasTagName(tableTag)) {

RenderTable::layout
> LayoutUnit borders = node()->hasTagName(tableTag) ? (borderAndPaddingBefore + borderAndPaddingAfter) : 0;

If we have an anonymous table, Node::hasTagName will happily do a NULL-dereferencing.

Patch coming soon in a bugzilla near you.

Comment 1 Julien Chaffraix 2011-10-18 18:39:28 PDT

Created attachment 111550 [details]
Proposed fix: Check node() in 2 call sites.

Comment 2 WebKit Review Bot 2011-10-19 18:35:37 PDT

Comment on attachment 111550 [details]
Proposed fix: Check node() in 2 call sites.

Clearing flags on attachment: 111550

Committed r97907: <http://trac.webkit.org/changeset/97907>

Comment 3 WebKit Review Bot 2011-10-19 18:35:41 PDT

All reviewed patches have been landed.  Closing bug.