[Webkit-unassigned] [Bug 20397] Invalid webkit-border-bottom-left-radius property causes crash
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Aug 20 23:51:49 PDT 2008
https://bugs.webkit.org/show_bug.cgi?id=20397
eric at webkit.org changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #22895|review? |review-
Flag| |
------- Comment #5 from eric at webkit.org 2008-08-20 23:51 PDT -------
(From update of attachment 22895)
Well, so unfortunately this fix is wrong.
I ran this in the debugger, and it turns out the problem is caused by:
// In quirks mode, we will look for units that have been incorrectly
separated from the number they belong to
// by a space. We go ahead and associate the unit with the number even
though it is invalid CSS.
checkForOrphanedUnits();
int num is initialized from m_valueList->size() before that call is made, and
then not updated again after that call is made. checkForOrphanedUnits can
shrink the m_valueList, thus causing "num" to be wrong. Thus causing (I'm
sure) lots of crashes.
Also, unfortunately again, I would have had to r- your fix for lack of
ChangeLog and use of tabs instead of spaces.
I'm not sure what the right fix is. If we can just move
checkForOrphanedUnits() above the original "num" initialization, or if we need
to move num to below the checkForOrphanedUnits call. I think we can just move
checkForOrphaned units up.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.
More information about the webkit-unassigned
mailing list