[Webkit-unassigned] [Bug 57897] Crash in WebCore::RenderMathMLSubSup::baselinePosition()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu May 5 16:09:19 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=57897
--- Comment #3 from Eric Seidel <eric at webkit.org> 2011-05-05 16:09:19 PST ---
(From update of attachment 91738)
View in context: https://bugs.webkit.org/attachment.cgi?id=91738&action=review
I don't feel like I have enough information to judge the correctness of this change. More background/explaination would be helpful first.
> Source/WebCore/ChangeLog:11
> + RenderMathMLBlock objects which are created as container objects
> + are not removed from the render tree even after all of its
> + children are removed due to the deletion of their corresponding
> + DOM node.
Why aren't they removed?
> Source/WebCore/ChangeLog:15
> + This patch creates all the container RenderMathMLBlock objects
> + as anonymous render objects and makes sure that they are removed
> + from the render tree when all of their children renderers are removed.
Anonymous renderers generally mean you have no associated DOM node, and are used most often for when you need many renderers to a single DOM node to hold synthetic style, or to box inline children (when you have other box children), etc. Why should RenderMathMLBlocks be anonymous?
> Source/WebCore/ChangeLog:19
> + In connection to the changes for the issue mentioned above, I have
> + added null check in few places to avoid potential crashes while
> + accessing grandchild renderer objects.
Can we test those?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list