[Webkit-unassigned] [Bug 57897] Crash in WebCore::RenderMathMLSubSup::baselinePosition()

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Jun 2 20:36:40 PDT 2011


https://bugs.webkit.org/show_bug.cgi?id=57897


Beth Dakin <bdakin at apple.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
  Attachment #92668|review?, commit-queue?      |review-, commit-queue-
               Flag|                            |




--- Comment #17 from Beth Dakin <bdakin at apple.com>  2011-06-02 20:36:40 PST ---
(From update of attachment 92668)
View in context: https://bugs.webkit.org/attachment.cgi?id=92668&action=review

I think the bug fix here is compelling, but I think we should just fix the crash with this bug. Since Jeffrey posted a patch just to fix the crash, I think I will r+ that, and we should file a new bug for the rendering issue you are working on here.

> Source/WebCore/rendering/mathml/RenderMathMLSubSup.cpp:69
> +            position++;

Our style-guide dictates that there should be braces around this for-loop since it contains more than one line of code. Also, is it necessary to compare the nodeType() to Node::ELEMENT_NODE? Can you just ask current->isElementNode()?

> Source/WebCore/rendering/mathml/RenderMathMLSubSup.cpp:73
> +        RenderMathMLBlock* wrapper = new (renderArena()) RenderMathMLBlock(node());

How do you know this is always position 1? Is there a way to break this?

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.



More information about the webkit-unassigned mailing list