[webkit-reviews] review denied: [Bug 20397] Invalid webkit-border-bottom-left-radius property causes crash : [Attachment 22895] Possible fix for bug 20397
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 20 23:51:49 PDT 2008
Eric Seidel <eric at webkit.org> has denied Glenn Wilson <wilsong at gmail.com>'s
request for review:
Bug 20397: Invalid webkit-border-bottom-left-radius property causes crash
https://bugs.webkit.org/show_bug.cgi?id=20397
Attachment 22895: Possible fix for bug 20397
https://bugs.webkit.org/attachment.cgi?id=22895&action=edit
------- Additional Comments from Eric Seidel <eric at webkit.org>
Well, so unfortunately this fix is wrong.
I ran this in the debugger, and it turns out the problem is caused by:
// In quirks mode, we will look for units that have been incorrectly
separated from the number they belong to
// by a space. We go ahead and associate the unit with the number even
though it is invalid CSS.
checkForOrphanedUnits();
int num is initialized from m_valueList->size() before that call is made, and
then not updated again after that call is made. checkForOrphanedUnits can
shrink the m_valueList, thus causing "num" to be wrong. Thus causing (I'm
sure) lots of crashes.
Also, unfortunately again, I would have had to r- your fix for lack of
ChangeLog and use of tabs instead of spaces.
I'm not sure what the right fix is. If we can just move
checkForOrphanedUnits() above the original "num" initialization, or if we need
to move num to below the checkForOrphanedUnits call. I think we can just move
checkForOrphaned units up.
More information about the webkit-reviews
mailing list