[Webkit-unassigned] [Bug 88395] Null-pointer crash in InlineFlowBox::computeOverAnnotationAdjustment during rendering/reload race
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 6 17:02:58 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=88395
Tony Chang <tony at chromium.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #145948|review? |review-
Flag| |
--- Comment #5 from Tony Chang <tony at chromium.org> 2012-06-06 17:02:56 PST ---
(From update of attachment 145948)
View in context: https://bugs.webkit.org/attachment.cgi?id=145948&action=review
> Source/WebCore/rendering/InlineFlowBox.cpp:1446
> - if (style->textEmphasisMark() != TextEmphasisMarkNone && toInlineTextBox(curr)->getEmphasisMarkPosition(style, emphasisMarkPosition) && emphasisMarkPosition == TextEmphasisPositionOver) {
> + if (style && style->textEmphasisMark() != TextEmphasisMarkNone && toInlineTextBox(curr)->getEmphasisMarkPosition(style, emphasisMarkPosition) && emphasisMarkPosition == TextEmphasisPositionOver) {
Do we know why style is null? We should try to figure that out and add the explanation to the changelog.
> LayoutTests/fast/text/firstline/crash-firstline-detach-reload.html:34
> + location.reload();
We don't want the test to be non-deterministic. You might be able to further reduce the test case, which might help to understand the crash. I'd be surprised if everything in the test case is necessary (an embed, a bdo, a different writing mode, a cursor and old flexbox?)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list