Issue 10375053: Merge 115458 - NULL-deref in RenderBox::clippedOverflowRectForRepaint

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Issue 10375053: Merge 115458 - NULL-deref in RenderBox::clippedOverflowRectForRepaint (Closed)

Created:
8 years, 7 months ago by Julien - ping for review

Modified:
8 years, 7 months ago

Reviewers:
jchaffraix

CC:
chromium-reviews

Base URL:
http://svn.webkit.org/repository/webkit/branches/chromium/1084/

Visibility:
Public.

More Reviews

Description

Merge 115458 - NULL-deref in RenderBox::clippedOverflowRectForRepaint https://bugs.webkit.org/show_bug.cgi?id=84774 Reviewed by Tony Chang. Source/WebCore: Test: fast/inline/crash-new-continuation-with-outline.html The bug comes from trying to repaint the :after content as part of updateBeforeAfterContent. The repainting logic would query the yet-to-be-inserted continuation(). Then we would crash in RenderBox::clippedOverflowRectForRepaint as we didn't have an enclosingLayer() (which any RenderObject in the tree will have). The fix is to check in RenderInline::clippedOverflowRectForRepaint that our continuation() is properly inserted in the tree. We could check that it isRooted() but it's an overkill here. * rendering/RenderInline.cpp: (WebCore::RenderInline::clippedOverflowRectForRepaint): LayoutTests: * fast/inline/crash-new-continuation-with-outline-expected.txt: Added. * fast/inline/crash-new-continuation-with-outline.html: Added. TBR=jchaffraix@webkit.org Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=116441

Patch Set 1 #

Created: 8 years, 7 months ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Stats (+-1 lines, --1 lines)			Patch
A +	LayoutTests/fast/inline/crash-new-continuation-with-outline.html	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
A +	LayoutTests/fast/inline/crash-new-continuation-with-outline-expected.txt	View	0 chunks	+-1 lines, --1 lines	0 comments	Download
M	Source/WebCore/rendering/RenderInline.cpp	View	1 chunk	+1 line, -1 line	0 comments	Download

Messages

Total messages: 1 (0 generated)

Expand Messages | Collapse Messages