[Webkit-unassigned] [Bug 42894] New: RenderLayer crashes on page with MathML
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Jul 23 06:46:29 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=42894
Summary: RenderLayer crashes on page with MathML
Product: WebKit
Version: 528+ (Nightly build)
Platform: Macintosh Intel
OS/Version: Mac OS X 10.5
Status: NEW
Severity: Normal
Priority: P4
Component: Layout and Rendering
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: alex at milowski.com
Alex Milowski <alex at milowski.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #62423| |review?, commit-queue?
Flag| |
Created an attachment (id=62423)
--> (https://bugs.webkit.org/attachment.cgi?id=62423)
Patch to fix crash
The code in RenderLayer makes some assumptions about the rendering tree that turn out to not be true. As such, it does get a render object back in certain methods and causes an exception and crash due to a zero pointer.
An example page that has this issue is:
http://golem.ph.utexas.edu/wiki/instiki/show/Sandbox
The attached patch fixes the crash.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list