[Webkit-unassigned] [Bug 100464] MathML fuzzing bugs - 2
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 25 23:03:52 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=100464
--- Comment #1 from Eric Seidel <eric at webkit.org> 2012-10-25 23:05:01 PST ---
Ah, RenderMarquee. :)
bool pushLayoutState(RenderBox* renderer, const LayoutSize& offset, LayoutUnit pageHeight = 0, bool pageHeightChanged = false, ColumnInfo* colInfo = 0)
Assumes that there is already a LayoutState when it's called. Presumaly RenderTable assumes that its parent has always created a layout state for it. I guess this is an artifact of re-using the RenderTable renderer for MathML.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list