[Webkit-unassigned] [Bug 15054] Divide by 0 in AutoTableLayout::layout
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Dec 6 14:35:11 PST 2007
http://bugs.webkit.org/show_bug.cgi?id=15054
marv.decker at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
AssignedTo|webkit- |marv.decker at gmail.com
|unassigned at lists.webkit.org |
Status|NEW |ASSIGNED
------- Comment #5 from marv.decker at gmail.com 2007-12-06 14:35 PDT -------
Created an attachment (id=17760)
--> (http://bugs.webkit.org/attachment.cgi?id=17760&action=view)
Reduced test case
Here are the requirements for the crash to occur in AutoTableLayout::layout():
* The width of the table must be not evenly divisible by the number of nonempty
columns such that there is a remainder of 1 when you get to the block commented
"// spread over the rest".
* There must be a nonempty column, as well as an empty column with a fixed
width, and there must be a row with colspan covering both of them.
* When this bug is triggered, the empty column will get a width of type "fixed"
and a number, and the effective width will be 0 (Auto). If you remove the
colspan, the effective width will be the same as the width.
* The setting of the effWidth to the width happens at the top of
AutoTableLayout::calcEffectiveWidth. In the case of this bug, it is reset to
zero on the line "m_layoutStruct[pos].effWidth = Length();"
The bug occurs because when the number of fixed, relative, etc. columns is
computed near the top of layout(), it uses effWidth, but in the "rest" clause,
it uses "width". I think this is just a one line fix to use "effWidth" below.
I will put a patch together.
--
Configure bugmail: http://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list