https://bugs.webkit.org/show_bug.cgi?id=68550
Reviewed by Darin Adler.
Source/WebCore:
Test: fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html
* rendering/RenderBlock.cpp:
(WebCore::RenderBlock::removeFloatingObjectsBelow): Break out of the while() loop when the
floating object set is empty, which can happen if there were no floats on previous lines
(in which case, lastFloat is 0).
LayoutTests:
* fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow-expected.txt: Added.
* fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95654
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2011-09-21 Dan Bernstein <mitz@apple.com>
+
+ <rdar://problem/9768483> REGRESSION: Crash in RenderBlock::removeFloatingObjectsBelow()
+ https://bugs.webkit.org/show_bug.cgi?id=68550
+
+ Reviewed by Darin Adler.
+
+ * fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow-expected.txt: Added.
+ * fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html: Added.
+
2011-09-21 Dmitry Lomov <dslomov@google.com>
Fixed bug number in test expectations.
--- /dev/null
+Test for https://bugs.webkit.org/show_bug.cgi?id=68550 REGRESSION: Crash in RenderBlock::removeFloatingObjectsBelow().
+
+The test passes if it does not cause a crash or assertion failure.
+
+Text
+E
--- /dev/null
+<!DOCTYPE html>
+<p>
+ Test for <i><a href="https://bugs.webkit.org/show_bug.cgi?id=68550">https://bugs.webkit.org/show_bug.cgi?id=68550</a>
+ REGRESSION: Crash in RenderBlock::removeFloatingObjectsBelow()</i>.
+</p>
+<p>
+ The test passes if it does not cause a crash or assertion failure.
+</p>
+<script>
+ if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+<div style="-webkit-columns: 2; width: 200px; height: 40px; font-family: ahem; -webkit-font-smoothing: none;">
+ <div style="height: 12px;"></div>
+ <div>
+ Text<br>E
+ <div style="width: 6px; height: 6px; float: left; background-color: blue;">
+ </div>
+ </div>
+</div>
+2011-09-21 Dan Bernstein <mitz@apple.com>
+
+ <rdar://problem/9768483> REGRESSION: Crash in RenderBlock::removeFloatingObjectsBelow()
+ https://bugs.webkit.org/show_bug.cgi?id=68550
+
+ Reviewed by Darin Adler.
+
+ Test: fast/multicol/null-lastFloat-in-removeFloatingObjectsBelow.html
+
+ * rendering/RenderBlock.cpp:
+ (WebCore::RenderBlock::removeFloatingObjectsBelow): Break out of the while() loop when the
+ floating object set is empty, which can happen if there were no floats on previous lines
+ (in which case, lastFloat is 0).
+
2011-09-21 ChangSeok Oh <shivamidow@gmail.com>
[GTK] Fix build break when enabling webgl on r95593
m_floatingObjects->remove(curr);
ASSERT(!curr->m_originatingLine);
delete curr;
+ if (floatingObjectSet.isEmpty())
+ break;
curr = floatingObjectSet.last();
}
}
projects / profile / ivi / webkit-efl.git / commitdiff