[Webkit-unassigned] [Bug 77786] New: NULL ptr in WebCore::RenderBlock::layoutRunsAndFloatsInRange
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Feb 3 14:51:36 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=77786
Summary: NULL ptr in
WebCore::RenderBlock::layoutRunsAndFloatsInRange
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: P1
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org
Created an attachment (id=125424)
--> (https://bugs.webkit.org/attachment.cgi?id=125424&action=review)
Repro
Chromium: http://code.google.com/p/chromium/issues/detail?id=112660
Fuzzer: Cris_happyfuntime
- crash stack -
WebCore::RenderBlock::layoutRunsAndFloatsInRange
WebCore::RenderBlock::layoutRunsAndFloats
WebCore::RenderBlock::layoutInlineChildren
Repro:
<!>
<style>
.class2{float:right}
b{border-style:double}
</style>
<script>
window.onload = function(){
document.designMode="on";document.execCommand("SelectAll");
document.execCommand("InsertUnorderedList");
}
</script>
<p ><svg:font ></svg:font><bdi ><b class="class2">
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list