[Webkit-unassigned] [Bug 85797] REGRESSION (Safari 5.1.5 - ToT): Crash in RenderSVGRoot::computeReplacedLogicalWidth
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jun 20 12:27:23 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=85797
--- Comment #2 from Florin Malita <fmalita at chromium.org> 2012-06-20 12:27:22 PST ---
The assert at the end of RenderSVGRoot::computeReplacedLogicalWidth() is wrong: we can also reach that point for inline SVGs when the width attribute doesn't establish the viewport (see SVGSVGElement::widthAttributeEstablishesViewport).
The release crash happens in
return document()->frame()->ownerRenderer()->availableLogicalWidth()
because ownerRenderer() is NULL for the case of inline SVG.
This also seems to affect RenderSVGRoot::computeReplacedLogicalHeight().
I guess the question is what to do when
a) widthAttributeEstablishesViewport() == false
and
b) the SVG element is not embedded via object/iframe
Fall back to RenderReplace:::computeReplacedLogicalWidth?
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list