[Webkit-unassigned] [Bug 56393] Without checking existence of the renderer of the element, tries to access the enclosing layer.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 15 08:44:15 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=56393
--- Comment #32 from Joe Wild <joseph.wild at nokia.com> 2011-06-15 08:44:14 PST ---
(In reply to comment #31)
Good question. If I am reading the asm correctly,
it looks like the compiler assumes "this != 0" and
puts the loop check at the end of the loop.
// comments added by me
Built with
ARM C/C++ Compiler, RVCT4.0 [Build 902]
_ZNK7WebCore12RenderObject14enclosingLayerEv
0x000003e8: e5d0101a .... LDRB r1,[r0,#0x1a]
0x000003ec: e2011002 .... AND r1,r1,#2
0x000003f0: e1b010a1 .... LSRS r1,r1,#1
0x000003f4: 15901020 ... LDRNE r1,[r0,#0x20]
0x000003f8: e3510000 ..Q. CMP r1,#0 // if (layer)
0x000003fc: 11a00001 .... MOVNE r0,r1
0x00000400: 112fff1e ../. BXNE r14
0x00000404: e590000c .... LDR r0,[r0,#0xc]
0x00000408: e3500000 ..P. CMP r0,#0 // while (curr)
0x0000040c: 1afffff5 .... BNE {pc} - 0x24 ; 0x3e8
0x00000410: e12fff1e ../. BX r14
RenderLayer* RenderObject::enclosingLayer() const
{
const RenderObject* curr = this;
while (curr) {
RenderLayer* layer = curr->hasLayer() ? toRenderBoxModelObject(curr)->layer() : 0;
if (layer)
return layer;
curr = curr->parent();
}
return 0;
}
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list