[Webkit-unassigned] [Bug 57897] Crash in WebCore::RenderMathMLSubSup::baselinePosition()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri May 6 16:03:48 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=57897
--- Comment #9 from Alex Milowski <alex at milowski.com> 2011-05-06 16:03:48 PST ---
To fix this crash, you just need:
Index: RenderMathMLSubSup.cpp
===================================================================
--- RenderMathMLSubSup.cpp (revision 84804)
+++ RenderMathMLSubSup.cpp (working copy)
@@ -109,7 +109,7 @@
if (!base)
return;
- if (base->firstChild()->isRenderMathMLBlock()) {
+ if (base->firstChild() && base->firstChild()->isRenderMathMLBlock()) {
RenderMathMLBlock* block = toRenderMathMLBlock(base->firstChild());
block->stretchToHeight(static_cast<int>(gSubSupStretch * height));
@@ -185,7 +185,7 @@
switch (m_kind) {
case SubSup:
base = base->firstChild();
- if (m_scripts && base->isBoxModelObject()) {
+ if (m_scripts && base && base->isBoxModelObject()) {
RenderBoxModelObject* box = toRenderBoxModelObject(base);
int topAdjust = (m_scripts->offsetHeight() - box->offsetHeight()) / 2;
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list