[Webkit-unassigned] [Bug 258664] New: Nullptr crash in Layout::InlineItemsBuilder::collectInlineItems
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Jun 29 02:26:09 PDT 2023
https://bugs.webkit.org/show_bug.cgi?id=258664
Bug ID: 258664
Summary: Nullptr crash in
Layout::InlineItemsBuilder::collectInlineItems
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Layout and Rendering
Assignee: webkit-unassigned at lists.webkit.org
Reporter: koivisto at iki.fi
CC: bfulgham at webkit.org, simon.fraser at apple.com,
zalan at apple.com
34 WebCore::RenderStyle::display() const <==
34 WebCore::Layout::Box::isInlineBox() const
34 WebCore::Layout::InlineItemsBuilder::collectInlineItems(WTF::Vector<WebCore::Layout::InlineItem, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>&, WebCore::Layout::InlineItemPosition)
34 WebCore::Layout::InlineItemsBuilder::build(WebCore::Layout::InlineItemPosition)
34 WebCore::Layout::InlineFormattingContext::layoutFloatContentOnly(WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::FloatingState&)
34 WebCore::Layout::InlineFormattingContext::layoutInFlowAndFloatContentForIntegration(WebCore::Layout::ConstraintsForInlineContent const&, WebCore::Layout::InlineLayoutState&)
34 WebCore::LayoutIntegration::LineLayout::layout()
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230629/6e8b1a78/attachment.htm>
More information about the webkit-unassigned
mailing list