[Webkit-unassigned] [Bug 45344] Null deref in InlineBox::height()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 24 11:32:51 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=45344
Ryosuke Niwa <rniwa at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |NEW
CC| |rniwa at webkit.org
Ever Confirmed|0 |1
--- Comment #8 from Ryosuke Niwa <rniwa at webkit.org> 2010-09-24 11:32:51 PST ---
The repro now causes a crash at the line 96 of InlineBox.cpp:
if (renderer()->isText())
return m_isText ? renderer()->style(m_firstLine)->font().height() : 0;
font() is 0 and crashes inside RefPtr.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list