[Webkit-unassigned] [Bug 126152] [CSSRegions] Crash while repainting an invalid region
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Dec 23 13:08:51 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=126152
Daniel Bates <dbates at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #219900|review?, commit-queue? |review+, commit-queue-
Flag| |
--- Comment #2 from Daniel Bates <dbates at webkit.org> 2013-12-23 13:06:51 PST ---
(From update of attachment 219900)
View in context: https://bugs.webkit.org/attachment.cgi?id=219900&action=review
This looks sane to me. Feel free to have a domain expert look over this patch.
> LayoutTests/fast/regions/repaint/invalid-region-repaint-crash.html:4
> + <script src="../../repaint/resources/text-based-repaint.js" type="text/javascript"></script>
Please remove the HTML attribute type as it's unnecessary given that this document is an HTML5 document.
> Source/WebCore/rendering/RenderLayer.cpp:6278
> + RenderNamedFlowFragment* region = toRenderBlockFlow(&renderer())->renderNamedFlowFragment();
Notice that we generate a toRenderBlockFlow()-variant that takes and returns a reference. For you consideration, I suggest we use this variant to remove the address-of operator and to document the "non-nullness" of the return value of toRenderBlockFlow() since renderer() is guaranteed to be non-null.
RenderNamedFlowFragment* region = toRenderBlockFlow(renderer()).renderNamedFlowFragment();
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list