[Webkit-unassigned] [Bug 26342] Absolutely positioned HTML element within foreignObject of absolutely positioned SVG crashes Safari
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Sep 16 01:26:01 PDT 2009
https://bugs.webkit.org/show_bug.cgi?id=26342
Charles Wei <charles.wei at torchmobile.com.cn> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |charles.wei at torchmobile.com
| |.cn
--- Comment #10 from Charles Wei <charles.wei at torchmobile.com.cn> 2009-09-16 01:25:59 PDT ---
(In reply to comment #8)
> Crash point:
>
> #0 0x00000001014a5ef3 in WebCore::RenderBlock::insertPositionedObject
> (this=0x0, o=0x11c241328) at
> /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderBlock.cpp:2217
> #1 0x00000001014c2368 in WebCore::RenderBlock::layoutInlineChildren
> (this=0x11c240c38, relayoutChildren=true, repaintTop=@0x7fff5fbfca1c,
> repaintBottom=@0x7fff5fbfca18) at
> /Volumes/InternalData/Development/webkit/OpenSource/WebCore/rendering/RenderBlockLineLayout.cpp:858
.......
>
> o->containingBlock() is null at:
>
> o->containingBlock()->insertPositionedObject(box);
o->containingBlock() returns 0 is the root cause of the bug, and my patch
fixes this.
about crash problem caused by ASSERT(), it's irrelevant to this bug, I
discovered the ASSERT problem while verifying this bug, and was trying to fix
it together with a patch. Now I would rather to have another separate bug to
track the ASSERT problem, and whould like to have the submitted patch to tackle
this bug only.
FYI -- The ASSERT problem can be reproduced with the following page, after this
patch has been applied.
http://starkravingfinkle.org/blog/wp-content/uploads/2007/07/foreignobject-transform.svg
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list