LayoutTests/fast/flexbox/order-iterator-crash.html - Issue 19558006: Heap-use-after-free in WebCore::RenderFlexibleBox::firstLineBoxBaseline

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: LayoutTests/fast/flexbox/order-iterator-crash.html

Issue 19558006: Heap-use-after-free in WebCore::RenderFlexibleBox::firstLineBoxBaseline (Closed) Base URL: svn://svn.chromium.org/blink/trunk

Patch Set: Removed bad FINAL Created 7 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: LayoutTests/fast/flexbox/order-iterator-crash.html

diff --git a/LayoutTests/fast/flexbox/order-iterator-crash.html b/LayoutTests/fast/flexbox/order-iterator-crash.html

new file mode 100644

index 0000000000000000000000000000000000000000..2b519664c713755e8095fec850ad1bfa52ecdf58

--- /dev/null

+++ b/LayoutTests/fast/flexbox/order-iterator-crash.html

@@ -0,0 +1,12 @@

+<div>This test has passed if it doesn't crash under ASAN.</div>

inferno 2013/07/19 20:25:08 nit: we should add a <!DOCTYPE html>

Julien - ping for review 2013/07/19 20:52:31 Nope, this test requires quirks mode :(

+<style>

+* { display: flex; }

+</style>

+<table><td id="crashy"></td></table>

+<script>

+if (window.testRunner)

+ testRunner.dumpAsText();

+crashy.offsetLeft;

+crashy.parentNode.removeChild(crashy);

+</script>