[webkit-reviews] review granted: [Bug 126152] [CSSRegions] Crash while repainting an invalid region : [Attachment 219900] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 23 13:08:49 PST 2013
Daniel Bates <dbates at webkit.org> has granted Mihnea Ovidenie
<mihnea at adobe.com>'s request for review:
Bug 126152: [CSSRegions] Crash while repainting an invalid region
https://bugs.webkit.org/show_bug.cgi?id=126152
Attachment 219900: Patch
https://bugs.webkit.org/attachment.cgi?id=219900&action=review
------- Additional Comments from Daniel Bates <dbates at webkit.org>
View in context: https://bugs.webkit.org/attachment.cgi?id=219900&action=review
This looks sane to me. Feel free to have a domain expert look over this patch.
> LayoutTests/fast/regions/repaint/invalid-region-repaint-crash.html:4
> + <script src="../../repaint/resources/text-based-repaint.js"
type="text/javascript"></script>
Please remove the HTML attribute type as it's unnecessary given that this
document is an HTML5 document.
> Source/WebCore/rendering/RenderLayer.cpp:6278
> + RenderNamedFlowFragment* region =
toRenderBlockFlow(&renderer())->renderNamedFlowFragment();
Notice that we generate a toRenderBlockFlow()-variant that takes and returns a
reference. For you consideration, I suggest we use this variant to remove the
address-of operator and to document the "non-nullness" of the return value of
toRenderBlockFlow() since renderer() is guaranteed to be non-null.
RenderNamedFlowFragment* region =
toRenderBlockFlow(renderer()).renderNamedFlowFragment();
More information about the webkit-reviews
mailing list