Bug 61083 - Regression(r85355): Crash with two table captions when child visible and enclosing layer invisible
Summary: Regression(r85355): Crash with two table captions when child visible and encl...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tables (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P1 Normal
Assignee: Abhishek Arya
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-18 11:38 PDT by Abhishek Arya
Modified: 2011-05-19 13:35 PDT (History)
5 users (show)

See Also:

Attachments
Patch (3.21 KB, patch)
2011-05-18 12:18 PDT, Abhishek Arya 		bdakin: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Abhishek Arya 2011-05-18 11:38:18 PDT 
Testcase::
<html>
    <body>
        <div style="visibility: collapse;">
            <table>
                <caption>Test passes if it does not crash.</caption>
                <caption>
                    <span style="visibility: visible;"></span>
                </caption>
            </table>
        </div>
        <script>
            if (window.layoutTestController)
                layoutTestController.dumpAsText();
        </script>
    </body>
</html>

Fixing it.

RenderObjectChildList::removeChildNode
crashes on a null pointer in
        if (owner->style()->visibility() != VISIBLE && oldChild->style()->visibility() == VISIBLE && !oldChild->hasLayer()) {
            layer = owner->enclosingLayer();
            layer->dirtyVisibleContentStatus();

Problem is we don't need the removechild call since destroy caption already calls it later. calling removechild earlier removes it from parent and hence our enclosing layer comes out null.
        }
Comment 1 Abhishek Arya 2011-05-18 11:42:29 PDT 
As you can see we don't need to removchild earlier, renderobject destroy will call it at the right time.

void RenderObject::destroy()
{
.......
    remove();
Comment 2 Abhishek Arya 2011-05-18 12:18:19 PDT 
Created attachment 93962 [details]
Patch
Comment 3 Beth Dakin 2011-05-18 12:27:55 PDT 
Comment on attachment 93962 [details]
Patch

r=me
Comment 4 Abhishek Arya 2011-05-18 12:30:59 PDT 
Committed r86781: <http://trac.webkit.org/changeset/86781>
Comment 5 Ademar Reis 2011-05-19 13:35:25 PDT 
Revision r86781 cherry-picked into qtwebkit-2.2 with commit 2907a02 <http://gitorious.org/webkit/qtwebkit/commit/2907a02>