105408 2012-12-19 02:54:10 -0800 NULL ptr in WebCore::RefCountedPropertyWrapper<WebCore::ClipPathOperation>::blend 2013-09-05 00:40:30 -0700 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 tasak krit commit-queue dino dstockwell gammon krit simon.fraser oldest_to_newest 794483 0 180125 tasak 2012-12-19 02:54:10 -0800 Created attachment 180125 repro.html Detailed report: https://cluster-fuzz.appspot.com/testcase?key=149785711 Crash address 0x000000000000 Crash state - crash stack - WebCore::RefCountedPropertyWrapper<WebCore::ClipPathOperation>::blend WebCore::CSSPropertyAnimation::blendProperties WebCore::KeyframeAnimation::getAnimatedStyle 794484 1 tasak 2012-12-19 02:58:21 -0800 CSSPropertyAnimation.cpp: static inline PassRefPtr<ClipPathOperation> blendFunc(const AnimationBase*, ClipPathOperation* from, ClipPathOperation* to, double progress) { // Other clip-path operations than BasicShapes can not be animated. if (from->getOperationType() != ClipPathOperation::SHAPE || to->getOperationType() != ClipPathOperation::SHAPE) return to; ... Looking at repro.html, 0% { // no -webkit-clip-path ... } 100% { ... -webkit-clip-path: ... } Since 0% has no -webkit-clip-path, from would be NULL and from->getOperationType() crashes. 924782 2 210547 krit 2013-09-04 22:44:42 -0700 Created attachment 210547 Patch 924908 3 210547 commit-queue 2013-09-05 00:37:46 -0700 Comment on attachment 210547 Patch Clearing flags on attachment: 210547 Committed r155105: <http://trac.webkit.org/changeset/155105> 924909 4 commit-queue 2013-09-05 00:37:48 -0700 All reviewed patches have been landed. Closing bug. 924913 5 krit 2013-09-05 00:40:30 -0700 *** Bug 119579 has been marked as a duplicate of this bug. *** 180125 2012-12-19 02:54:10 -0800 2012-12-19 02:54:10 -0800 repro.html repro.html text/html 311 tasak PHN0eWxlPgpALXdlYmtpdC1rZXlmcmFtZXMgY2ZwdWxzZTEgewogICAgMCUgewogICAgICAgIG9w YWNpdHk6IDAuNzAzOTsKICAgIH0gCiAgICAxMDAlIHsKICAgICAgICBvcGFjaXR5OiAwLjQ4MTk7 CiAgICAgICAgLXdlYmtpdC1jbGlwLXBhdGg6IHJlY3RhbmdsZSg0OTI2MiwgMTEsIDBweCwgMTI3 cHgsIDQ0MDQ2cHgsIDg5NjU3MDU3MXB4KTsKICAgIH0KfQoKKiB7CiAgICAtd2Via2l0LWFuaW1h dGlvbi1uYW1lOiBjZnB1bHNlMTsKICAgIC13ZWJraXQtYW5pbWF0aW9uLWR1cmF0aW9uOiA0czsK fQo8L3N0eWxlPgo8Ym9keT4KPC9ib2R5Pgo= 210547 2013-09-04 22:44:42 -0700 2013-09-05 00:37:46 -0700 Patch clip-path-fix.patch text/plain 5072 krit ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCAxNjA5OWJiLi5lMGJkMzM1IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VM b2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTUgQEAKKzIwMTMtMDkt MDQgIERpcmsgU2NodWx6ZSAgPGtyaXRAd2Via2l0Lm9yZz4KKworICAgICAgICBOVUxMIHB0ciBp biBXZWJDb3JlOjpSZWZDb3VudGVkUHJvcGVydHlXcmFwcGVyPFdlYkNvcmU6OkNsaXBQYXRoT3Bl cmF0aW9uPjo6YmxlbmQKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTEwNTQwOAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisg ICAgICAgIFRlc3QgdGhhdCBhbmltYXRpb24gZnJvbSBub25lIHRvIGEgYmFzaWMgc2hhcGUgb24g LXdlYmtpdC1jbGlwLXBhdGggZG9lc24ndCBjcmFzaC4KKworICAgICAgICAqIGNzczMvbWFza2lu Zy9jbGlwLXBhdGgtYW5pbWF0aW9uLWV4cGVjdGVkLnR4dDoKKyAgICAgICAgKiBjc3MzL21hc2tp bmcvY2xpcC1wYXRoLWFuaW1hdGlvbi5odG1sOgorCiAyMDEzLTA5LTA0ICBTYW11ZWwgV2hpdGUg IDxzYW11ZWxfd2hpdGVAYXBwbGUuY29tPgogCiAgICAgICAgIEFYOiB3aGVuIG5vIG90aGVyIGxh YmVsIG9uIHByb3ZpZGVkIG9uIGZvcm0gZWxlbWVudHMsIFdlYktpdCBzaG91bGQgZmFsbCBiYWNr IHRvIHVzaW5nIEB0aXRsZQpkaWZmIC0tZ2l0IGEvTGF5b3V0VGVzdHMvY3NzMy9tYXNraW5nL2Ns aXAtcGF0aC1hbmltYXRpb24tZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMvY3NzMy9tYXNraW5n L2NsaXAtcGF0aC1hbmltYXRpb24tZXhwZWN0ZWQudHh0CmluZGV4IDMyNDc1NmMuLjBlYzIyYjkg MTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL2NzczMvbWFza2luZy9jbGlwLXBhdGgtYW5pbWF0aW9u LWV4cGVjdGVkLnR4dAorKysgYi9MYXlvdXRUZXN0cy9jc3MzL21hc2tpbmcvY2xpcC1wYXRoLWFu aW1hdGlvbi1leHBlY3RlZC50eHQKQEAgLTEsNiArMSw3IEBACi0gICAKKyAgICAKIFBBU1MgLSAi d2Via2l0Q2xpcFBhdGgiIHByb3BlcnR5IGZvciAicmVjdGFuZ2xlLWJveCIgZWxlbWVudCBhdCAx cyBzYXcgc29tZXRoaW5nIGNsb3NlIHRvOiByZWN0YW5nbGUoMTAlLCAxMCUsIDgwJSwgODAlLCAw cHgsIDBweCkKIFBBU1MgLSAid2Via2l0Q2xpcFBhdGgiIHByb3BlcnR5IGZvciAiY2lyY2xlLWJv eCIgZWxlbWVudCBhdCAxcyBzYXcgc29tZXRoaW5nIGNsb3NlIHRvOiBjaXJjbGUoMzUlLCAzNSUs IDM1JSkKIFBBU1MgLSAid2Via2l0Q2xpcFBhdGgiIHByb3BlcnR5IGZvciAiZWxsaXBzZS1ib3gi IGVsZW1lbnQgYXQgMXMgc2F3IHNvbWV0aGluZyBjbG9zZSB0bzogZWxsaXBzZSgzNSUsIDM1JSwg MzUlLCAzMCUpCiBQQVNTIC0gIndlYmtpdENsaXBQYXRoIiBwcm9wZXJ0eSBmb3IgInBvbHlnb24t Ym94IiBlbGVtZW50IGF0IDFzIHNhdyBzb21ldGhpbmcgY2xvc2UgdG86IHBvbHlnb24obm9uemVy bywgMTAlIDEwJSwgOTAlIDEwJSwgOTAlIDkwJSwgMTAlIDkwJSkKK1BBU1MgLSAid2Via2l0Q2xp cFBhdGgiIHByb3BlcnR5IGZvciAibm9uZS1ib3giIGVsZW1lbnQgYXQgMXMgc2F3IHNvbWV0aGlu ZyBjbG9zZSB0bzogcG9seWdvbihub256ZXJvLCAyMCUgMjAlLCA4MCUgMjAlLCA4MCUgODAlLCAy MCUgODAlKQogCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9jc3MzL21hc2tpbmcvY2xpcC1wYXRo LWFuaW1hdGlvbi5odG1sIGIvTGF5b3V0VGVzdHMvY3NzMy9tYXNraW5nL2NsaXAtcGF0aC1hbmlt YXRpb24uaHRtbAppbmRleCA4ZWM0MzAwLi42NjgxMjM4IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0 cy9jc3MzL21hc2tpbmcvY2xpcC1wYXRoLWFuaW1hdGlvbi5odG1sCisrKyBiL0xheW91dFRlc3Rz L2NzczMvbWFza2luZy9jbGlwLXBhdGgtYW5pbWF0aW9uLmh0bWwKQEAgLTI3LDYgKzI3LDkgQEAK ICAgICAgIC13ZWJraXQtYW5pbWF0aW9uOiBwb2x5Z29uLWFuaW0gMnMgbGluZWFyCiAgICAgfQog CisgICAgI25vbmUtYm94IHsKKyAgICAgIC13ZWJraXQtYW5pbWF0aW9uOiBub25lLWFuaW0gMnMg bGluZWFyCisgICAgfQogCiAgICAgQC13ZWJraXQta2V5ZnJhbWVzIHJlY3RhbmdsZS1hbmltIHsK ICAgICAgICAgZnJvbSB7IC13ZWJraXQtY2xpcC1wYXRoOiByZWN0YW5nbGUoMCUsIDAlLCAxMDAl LCAxMDAlKTsgfQpAQCAtNDgsNiArNTEsMTIgQEAKICAgICAgICAgdG8gICB7IC13ZWJraXQtY2xp cC1wYXRoOiBwb2x5Z29uKG5vbnplcm8sIDIwJSAyMCUsIDgwJSAyMCUsIDgwJSA4MCUsIDIwJSA4 MCUpOyB9CiAgICAgfQogCisgICAgQC13ZWJraXQta2V5ZnJhbWVzIG5vbmUtYW5pbSB7CisgICAg ICAgIC8qIFdlIGRvIG5vdCBzdXBwb3J0IGFuaW1hdGlvbnMgZnJvbSBvciB0byAnbm9uZScgYXMg c3BlY2lmaWVkLiAqLworICAgICAgICBmcm9tIHsgLXdlYmtpdC1jbGlwLXBhdGg6IG5vbmU7IH0K KyAgICAgICAgdG8gICB7IC13ZWJraXQtY2xpcC1wYXRoOiBwb2x5Z29uKG5vbnplcm8sIDIwJSAy MCUsIDgwJSAyMCUsIDgwJSA4MCUsIDIwJSA4MCUpOyB9CisgICAgfQorCiAgIDwvc3R5bGU+CiAg IDxzY3JpcHQgc3JjPSIuLi8uLi9hbmltYXRpb25zL3Jlc291cmNlcy9hbmltYXRpb24tdGVzdC1o ZWxwZXJzLmpzIj48L3NjcmlwdD4KICAgPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPgpA QCAtNTcsNiArNjYsNyBAQAogICAgICAgWyJjaXJjbGUtYW5pbSIsICAxLCAiY2lyY2xlLWJveCIs ICJ3ZWJraXRDbGlwUGF0aCIsICJjaXJjbGUoMzUlLCAzNSUsIDM1JSkiLCAwLjA1XSwKICAgICAg IFsiZWxsaXBzZS1hbmltIiwgIDEsICJlbGxpcHNlLWJveCIsICJ3ZWJraXRDbGlwUGF0aCIsICJl bGxpcHNlKDM1JSwgMzUlLCAzNSUsIDMwJSkiLCAwLjA1XSwKICAgICAgIFsicG9seWdvbi1hbmlt IiwgIDEsICJwb2x5Z29uLWJveCIsICJ3ZWJraXRDbGlwUGF0aCIsICJwb2x5Z29uKG5vbnplcm8s IDEwJSAxMCUsIDkwJSAxMCUsIDkwJSA5MCUsIDEwJSA5MCUpIiwgMC4wNV0sCisgICAgICBbIm5v bmUtYW5pbSIsICAxLCAibm9uZS1ib3giLCAid2Via2l0Q2xpcFBhdGgiLCAicG9seWdvbihub256 ZXJvLCAyMCUgMjAlLCA4MCUgMjAlLCA4MCUgODAlLCAyMCUgODAlKSIsIDBdLAogICAgIF07CiAg ICAgCiAgICAgcnVuQW5pbWF0aW9uVGVzdChleHBlY3RlZFZhbHVlcyk7CkBAIC02OCw2ICs3OCw3 IEBACiA8ZGl2IGNsYXNzPSJib3giIGlkPSJjaXJjbGUtYm94Ij48L2Rpdj4KIDxkaXYgY2xhc3M9 ImJveCIgaWQ9ImVsbGlwc2UtYm94Ij48L2Rpdj4KIDxkaXYgY2xhc3M9ImJveCIgaWQ9InBvbHln b24tYm94Ij48L2Rpdj4KKzxkaXYgY2xhc3M9ImJveCIgaWQ9Im5vbmUtYm94Ij48L2Rpdj4KIAog PGRpdiBpZD0icmVzdWx0Ij4KIDwvZGl2PgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvQ2hh bmdlTG9nIGIvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCmluZGV4IDQwNDZhY2MuLjliNzc1OGYg MTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9Tb3VyY2UvV2ViQ29y ZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxOCBAQAorMjAxMy0wOS0wNCAgRGlyayBTY2h1bHplICA8 a3JpdEB3ZWJraXQub3JnPgorCisgICAgICAgIE5VTEwgcHRyIGluIFdlYkNvcmU6OlJlZkNvdW50 ZWRQcm9wZXJ0eVdyYXBwZXI8V2ViQ29yZTo6Q2xpcFBhdGhPcGVyYXRpb24+OjpibGVuZAorICAg ICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTA1NDA4CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQWRkaW5nIGFuIGVh cmx5IHJldHVybiBpZiBmcm9tIG9yIHRvIGNsaXAtcGF0aCB2YWx1ZXMgYXJlICdub25lJy4gQWNj b3JkaW5nIHRvIHRoZQorICAgICAgICBzcGVjaWZpY2F0aW9uIHdlIHNoYWxsIGp1c3QgaW50ZXJw b2xhdGUgYmV0d2VlbiB0d28gYmFzaWMgc2hhcGVzLgorCisgICAgICAgIGh0dHA6Ly9kZXYudzMu b3JnL2Nzc3dnL2Nzcy1zaGFwZXMvI2Jhc2ljLXNoYXBlLWludGVycG9sYXRpb24KKworICAgICAg ICAqIHBhZ2UvYW5pbWF0aW9uL0NTU1Byb3BlcnR5QW5pbWF0aW9uLmNwcDoKKyAgICAgICAgKFdl YkNvcmU6OmJsZW5kRnVuYyk6CisKIDIwMTMtMDktMDQgIEFuZHJlYXMgS2xpbmcgIDxha2xpbmdA YXBwbGUuY29tPgogCiAgICAgICAgIENhY2hlZCBQYWdlIGFuZCBGcmFtZSBkb24ndCBuZWVkIHRv IGJlIHJlZi1jb3VudGVkLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvcGFnZS9hbmltYXRp b24vQ1NTUHJvcGVydHlBbmltYXRpb24uY3BwIGIvU291cmNlL1dlYkNvcmUvcGFnZS9hbmltYXRp b24vQ1NTUHJvcGVydHlBbmltYXRpb24uY3BwCmluZGV4IDdkMmE1MzguLjFlNDQ1ZDUgMTAwNjQ0 Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL3BhZ2UvYW5pbWF0aW9uL0NTU1Byb3BlcnR5QW5pbWF0aW9u LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9wYWdlL2FuaW1hdGlvbi9DU1NQcm9wZXJ0eUFuaW1h dGlvbi5jcHAKQEAgLTEzMyw2ICsxMzMsOSBAQCBzdGF0aWMgaW5saW5lIFRyYW5zZm9ybU9wZXJh dGlvbnMgYmxlbmRGdW5jKGNvbnN0IEFuaW1hdGlvbkJhc2UqIGFuaW0sIGNvbnN0IFRyYQogCiBz dGF0aWMgaW5saW5lIFBhc3NSZWZQdHI8Q2xpcFBhdGhPcGVyYXRpb24+IGJsZW5kRnVuYyhjb25z dCBBbmltYXRpb25CYXNlKiwgQ2xpcFBhdGhPcGVyYXRpb24qIGZyb20sIENsaXBQYXRoT3BlcmF0 aW9uKiB0bywgZG91YmxlIHByb2dyZXNzKQogeworICAgIGlmICghZnJvbSB8fCAhdG8pCisgICAg ICAgIHJldHVybiB0bzsKKwogICAgIC8vIE90aGVyIGNsaXAtcGF0aCBvcGVyYXRpb25zIHRoYW4g QmFzaWNTaGFwZXMgY2FuIG5vdCBiZSBhbmltYXRlZC4KICAgICBpZiAoZnJvbS0+Z2V0T3BlcmF0 aW9uVHlwZSgpICE9IENsaXBQYXRoT3BlcmF0aW9uOjpTSEFQRSB8fCB0by0+Z2V0T3BlcmF0aW9u VHlwZSgpICE9IENsaXBQYXRoT3BlcmF0aW9uOjpTSEFQRSkKICAgICAgICAgcmV0dXJuIHRvOwo=