[Webkit-unassigned] [Bug 39143] REGRESSION (r59385) crash destroying inline renderers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 18 12:18:00 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=39143
--- Comment #4 from mitz at webkit.org 2010-05-18 12:18:00 PST ---
(In reply to comment #3)
> Created an attachment (id=56307)
--> (https://bugs.webkit.org/attachment.cgi?id=56307) [details]
> reduction
Thanks for the reduction!
> The document.write() loop is a bit unfortunate, but it seems necessary to force the </font> tag to get parsed on a separate callstack from the rest of the page.
That’s not really necessary. Just <script> document.body.offsetTop </script> suffices, as it forces layout at that point. Then when parsing continues, the crash occurs.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list