[Webkit-unassigned] [Bug 57897] Crash in WebCore::RenderMathMLSubSup::baselinePosition()

Fri May 6 15:40:30 PDT 2011

https://bugs.webkit.org/show_bug.cgi?id=57897

--- Comment #8 from Alex Milowski <alex at milowski.com>  2011-05-06 15:40:30 PST ---
(In reply to comment #7)
> (In reply to comment #6)
> > (In reply to comment #5)
> > > (In reply to comment #3)
> > > > (From update of attachment 91738 [details] [details] [details] [details])
> > > > View in context: https://bugs.webkit.org/attachment.cgi?id=91738&action=review
> > > > 
> > > > I don't feel like I have enough information to judge the correctness of this change.  More background/explaination would be helpful first.
> > > > 
> > > > > Source/WebCore/ChangeLog:11
> > > > > +        RenderMathMLBlock objects which are created as container objects
> > > > > +        are not removed from the render tree even after all of its
> > > > > +        children are removed due to the deletion of their corresponding
> > > > > +        DOM node.
> > > > 
> > > > Why aren't they removed?
> > > 
> > > In the existing implementation, whenever a new child render object is added to the MathML renderers (RenderMathMLSubSup, RenderMathMLUnderOver, RenderMathMLFraction, etc...) a RenderMathMLBlock is created as container block for the new child irrespective of the type of child render object. In many places, these children objects are accessed by firstChild()->firstChild() assuming that the container block should have at least one child, but when a child node of above said elements are removed by JS, then only the renderers corresponding to those elements are removed and not their containers.
> > 
> > OK.  These sound like anonymous blocks then.  So there exists no such thing as a <mathml:block> element (or whatever DOM element would correspond to these things?)
> >
> No, there is no such element exists in MathML, but some of these container
> blocks can be eliminated based on the type of child object it is going to hold and this change requires lot of modifications allover MathML rendering implementation. May be, I'll try it in a separate patch.

Many of these "anonymous blocks" exist to layout or stack elements, with their own style properties, that might otherwise have an inline flow.  For example, a fraction is a vertical stack of RenderMathMLBlock instances who contain the child who is either the numerator or denominator.

That is <mfrac><mn>1</mn><mi>x</mi></mfrac> uses RenderMathMLBlock instances to wrap the inline rendering objects for mn and mi--which come directly from the CSS and not from any customized code.  This allows things like:

<mfrac><input xmlns='http://www.w3.org/1999/xhtml' size='2'/><mn>3</mn></mfrac>

to work as well.

I'll look at this patch in more detail.  The anonymous blocks caused a great deal of other problems and that is why I use the node.  There is some funky problems I was never able to get a straight answer about that are made worse by anonymous rendering objects.  So, that may be historical or it may still be there.  I'll check that too.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.