50149 2010-11-29 05:59:53 -0800 chrome.dll!WebCore::CSSStyleSelector::loadPendingImages ReadAV@NULL (830f1940d708882124521ea60de442b0) 2010-11-29 11:09:11 -0800 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) All All RESOLVED FIXED http://code.google.com/p/chromium/issues/detail?id=64625 InRadar P1 Normal --- 1 skylined simon.fraser ap eric pfeldman simon.fraser oldest_to_newest 314370 0 75019 skylined 2010-11-29 05:59:53 -0800 Created attachment 75019 Repro Repro: <style> *{ -webkit-box-reflect: none !important; -webkit-box-reflect: below 0 url(x); } </style> id: chrome.dll!WebCore::CSSStyleSelector::loadPendingImages ReadAV@NULL (830f1940d708882124521ea60de442b0) description: Attempt to read from unallocated NULL pointer+0xC in chrome.dll!WebCore::CSSStyleSelector::loadPendingImages application: Chromium 9.0.596.0 stack: chrome.dll!WebCore::CSSStyleSelector::loadPendingImages chrome.dll!WebCore::CSSStyleSelector::styleForElement chrome.dll!WebCore::Element::recalcStyle chrome.dll!WebCore::Document::recalcStyle chrome.dll!WebCore::Document::styleSelectorChanged chrome.dll!WebCore::Document::removePendingSheet chrome.dll!WebCore::StyleElement::sheetLoaded chrome.dll!WebCore::SVGStyleElement::sheetLoaded chrome.dll!WebCore::CSSStyleSheet::checkLoaded chrome.dll!WebCore::StyleElement::createSheet chrome.dll!WebCore::StyleElement::process chrome.dll!WebCore::StyleElement::finishParsingChildren chrome.dll!WebCore::HTMLStyleElement::finishParsingChildren chrome.dll!WebCore::HTMLElementStack::popCommon chrome.dll!WebCore::HTMLTreeBuilder::processEndTag chrome.dll!WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken chrome.dll!WebCore::HTMLTreeBuilder::constructTreeFromToken chrome.dll!WebCore::HTMLDocumentParser::pumpTokenizer chrome.dll!WebCore::HTMLDocumentParser::insert chrome.dll!WebCore::Document::write chrome.dll!WebCore::V8HTMLDocument::writeCallback chrome.dll!v8::internal::HandleApiCallHelper<...> chrome.dll!v8::internal::Builtin_HandleApiCall chrome.dll!v8::internal::Invoke chrome.dll!v8::internal::Execution::Call ... 314481 1 ap 2010-11-29 10:05:50 -0800 See also: bug 46224. 314484 2 simon.fraser 2010-11-29 10:16:03 -0800 <rdar://problem/8706182> 314489 3 simon.fraser 2010-11-29 10:19:20 -0800 Crashes WebKit mac too. 314520 4 75042 simon.fraser 2010-11-29 11:02:21 -0800 Created attachment 75042 Patch 314522 5 simon.fraser 2010-11-29 11:09:11 -0800 http://trac.webkit.org/changeset/72814 75019 2010-11-29 05:59:53 -0800 2010-11-29 05:59:53 -0800 Repro repro.html text/html 108 skylined PHN0eWxlPgogICp7CiAgICAtd2Via2l0LWJveC1yZWZsZWN0OiBub25lICFpbXBvcnRhbnQ7CiAg ICAtd2Via2l0LWJveC1yZWZsZWN0OiBiZWxvdyAwIHVybCh4KTsKICB9Cjwvc3R5bGU+ 75042 2010-11-29 11:02:21 -0800 2010-11-29 11:04:41 -0800 Patch bug-50149-20101129110220.patch text/plain 3958 simon.fraser ZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5nZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxv ZwppbmRleCAzOWRhYWE5ZjQxMDcxMGY0ZWI1NDEyMmMzMzBhNjgyZTZmMTBjYTUwLi45M2NmYzY5 MGNhMThhZGE5YTQ3ODcyYzc4YWJjN2I4YjhhOTNhNzk1IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0 cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTMgQEAK KzIwMTAtMTEtMjkgIFNpbW9uIEZyYXNlciAgPHNpbW9uLmZyYXNlckBhcHBsZS5jb20+CisKKyAg ICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgQ3Jhc2ggaW4gV2Vi Q29yZTo6Q1NTU3R5bGVTZWxlY3Rvcjo6bG9hZFBlbmRpbmdJbWFnZXMKKyAgICAgICAgaHR0cHM6 Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTUwMTQ5CisgICAgICAgIAorICAgICAg ICAqIGZhc3QvcmVmbGVjdGlvbnMvcGVuZGluZy1yZWZsZWN0aW9uLW1hc2stY3Jhc2gtZXhwZWN0 ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBmYXN0L3JlZmxlY3Rpb25zL3BlbmRpbmctcmVmbGVj dGlvbi1tYXNrLWNyYXNoLmh0bWw6IEFkZGVkLgorCiAyMDEwLTExLTI0ICBEaW1pdHJpIEdsYXpr b3YgIDxkZ2xhemtvdkBjaHJvbWl1bS5vcmc+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgRGFyaW4g QWRsZXIuCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9mYXN0L3JlZmxlY3Rpb25zL3BlbmRpbmct cmVmbGVjdGlvbi1tYXNrLWNyYXNoLWV4cGVjdGVkLnR4dCBiL0xheW91dFRlc3RzL2Zhc3QvcmVm bGVjdGlvbnMvcGVuZGluZy1yZWZsZWN0aW9uLW1hc2stY3Jhc2gtZXhwZWN0ZWQudHh0Cm5ldyBm aWxlIG1vZGUgMTAwNjQ0CmluZGV4IDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAuLmZjMDY2MGNmN2ExOTliZGM4ODU2OTkzZGQ1Nzc2YzJkZWRhMTM1NmQKLS0tIC9kZXYv bnVsbAorKysgYi9MYXlvdXRUZXN0cy9mYXN0L3JlZmxlY3Rpb25zL3BlbmRpbmctcmVmbGVjdGlv bi1tYXNrLWNyYXNoLWV4cGVjdGVkLnR4dApAQCAtMCwwICsxIEBACitUaGlzIHRlc3Qgc2hvdWxk IG5vdCBjcmFzaC4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvcmVmbGVjdGlvbnMvcGVu ZGluZy1yZWZsZWN0aW9uLW1hc2stY3Jhc2guaHRtbCBiL0xheW91dFRlc3RzL2Zhc3QvcmVmbGVj dGlvbnMvcGVuZGluZy1yZWZsZWN0aW9uLW1hc2stY3Jhc2guaHRtbApuZXcgZmlsZSBtb2RlIDEw MDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwLi43N2Jj M2IyNjU1MjdjYWZlZWMzZDU3N2IyMzU1YjQzMTAwMTU1Y2Q0Ci0tLSAvZGV2L251bGwKKysrIGIv TGF5b3V0VGVzdHMvZmFzdC9yZWZsZWN0aW9ucy9wZW5kaW5nLXJlZmxlY3Rpb24tbWFzay1jcmFz aC5odG1sCkBAIC0wLDAgKzEsMTEgQEAKKzxzdHlsZT4KKyAgKnsKKyAgICAtd2Via2l0LWJveC1y ZWZsZWN0OiBub25lICFpbXBvcnRhbnQ7CisgICAgLXdlYmtpdC1ib3gtcmVmbGVjdDogYmVsb3cg MCB1cmwoeCk7CisgIH0KKzwvc3R5bGU+Cis8c2NyaXB0PgorICAgIGlmICh3aW5kb3cubGF5b3V0 VGVzdENvbnRyb2xsZXIpCisgICAgICAgIGxheW91dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQo KTsKKzwvc2NyaXB0PgorPHA+VGhpcyB0ZXN0IHNob3VsZCBub3QgY3Jhc2guPC9wPgpkaWZmIC0t Z2l0IGEvV2ViQ29yZS9DaGFuZ2VMb2cgYi9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCBhNjMwNWRk MDkyNDE5Y2QwNjMzNTc2ZmM3Zjc2MzQxYzA0ODRlNzQ4Li5jMjQ0ZWNkZWIwMGY3YzM1Y2ZmNzlj ZTc4MDNiODMzNGUwMmVkMjQ2IDEwMDY0NAotLS0gYS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9X ZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDEwLTExLTI5ICBTaW1vbiBGcmFz ZXIgIDxzaW1vbi5mcmFzZXJAYXBwbGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIENyYXNoIGluIFdlYkNvcmU6OkNTU1N0eWxlU2VsZWN0b3I6 OmxvYWRQZW5kaW5nSW1hZ2VzCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD01MDE0OQorICAgICAgICAKKyAgICAgICAgTnVsbC1jaGVjayBzdHlsZS0+Ym94 UmVmbGVjdCgpIHdoZW4gbG9hZGluZyBwZW5kaW5nIHN0eWxlIGltYWdlcy4KKworICAgICAgICBU ZXN0OiBmYXN0L3JlZmxlY3Rpb25zL3BlbmRpbmctcmVmbGVjdGlvbi1tYXNrLWNyYXNoLmh0bWwK KworICAgICAgICAqIGNzcy9DU1NTdHlsZVNlbGVjdG9yLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6 OkNTU1N0eWxlU2VsZWN0b3I6OmxvYWRQZW5kaW5nSW1hZ2VzKToKKwogMjAxMC0xMS0yOSAgUGF0 cmljayBHYW5zdGVyZXIgIDxwYXJvZ2FAd2Via2l0Lm9yZz4KIAogICAgICAgICBSZXZpZXdlZCBi eSBBZGFtIFJvYmVuLgpkaWZmIC0tZ2l0IGEvV2ViQ29yZS9jc3MvQ1NTU3R5bGVTZWxlY3Rvci5j cHAgYi9XZWJDb3JlL2Nzcy9DU1NTdHlsZVNlbGVjdG9yLmNwcAppbmRleCAxZmYzYmQ1NmZiYjYz YzA4Y2ZmYzhkZjBmMzAwZGM4ODM5YTE5MzA3Li4yZjJmM2I1MTdjMmQzZjZiOWQ3ZDQ1NGY5YWJi NWRmM2Y3MGZhZmEzIDEwMDY0NAotLS0gYS9XZWJDb3JlL2Nzcy9DU1NTdHlsZVNlbGVjdG9yLmNw cAorKysgYi9XZWJDb3JlL2Nzcy9DU1NTdHlsZVNlbGVjdG9yLmNwcApAQCAtNjg3NSwxMCArNjg3 NSwxMiBAQCB2b2lkIENTU1N0eWxlU2VsZWN0b3I6OmxvYWRQZW5kaW5nSW1hZ2VzKCkKICAgICAg ICAgICAgIH0KICAgICAgICAgICAgIAogICAgICAgICAgICAgY2FzZSBDU1NQcm9wZXJ0eVdlYmtp dEJveFJlZmxlY3Q6IHsKLSAgICAgICAgICAgICAgICBjb25zdCBOaW5lUGllY2VJbWFnZSYgbWFz a0ltYWdlID0gbV9zdHlsZS0+Ym94UmVmbGVjdCgpLT5tYXNrKCk7Ci0gICAgICAgICAgICAgICAg aWYgKG1hc2tJbWFnZS5pbWFnZSgpICYmIG1hc2tJbWFnZS5pbWFnZSgpLT5pc1BlbmRpbmdJbWFn ZSgpKSB7Ci0gICAgICAgICAgICAgICAgICAgIENTU0ltYWdlVmFsdWUqIGltYWdlVmFsdWUgPSBz dGF0aWNfY2FzdDxTdHlsZVBlbmRpbmdJbWFnZSo+KG1hc2tJbWFnZS5pbWFnZSgpKS0+Y3NzSW1h Z2VWYWx1ZSgpOwotICAgICAgICAgICAgICAgICAgICBtX3N0eWxlLT5ib3hSZWZsZWN0KCktPnNl dE1hc2soTmluZVBpZWNlSW1hZ2UoaW1hZ2VWYWx1ZS0+Y2FjaGVkSW1hZ2UoY2FjaGVkUmVzb3Vy Y2VMb2FkZXIpLCBtYXNrSW1hZ2Uuc2xpY2VzKCksIG1hc2tJbWFnZS5ob3Jpem9udGFsUnVsZSgp LCBtYXNrSW1hZ2UudmVydGljYWxSdWxlKCkpKTsKKyAgICAgICAgICAgICAgICBpZiAoU3R5bGVS ZWZsZWN0aW9uKiByZWZsZWN0aW9uID0gbV9zdHlsZS0+Ym94UmVmbGVjdCgpKSB7CisgICAgICAg ICAgICAgICAgICAgIGNvbnN0IE5pbmVQaWVjZUltYWdlJiBtYXNrSW1hZ2UgPSByZWZsZWN0aW9u LT5tYXNrKCk7CisgICAgICAgICAgICAgICAgICAgIGlmIChtYXNrSW1hZ2UuaW1hZ2UoKSAmJiBt YXNrSW1hZ2UuaW1hZ2UoKS0+aXNQZW5kaW5nSW1hZ2UoKSkgeworICAgICAgICAgICAgICAgICAg ICAgICAgQ1NTSW1hZ2VWYWx1ZSogaW1hZ2VWYWx1ZSA9IHN0YXRpY19jYXN0PFN0eWxlUGVuZGlu Z0ltYWdlKj4obWFza0ltYWdlLmltYWdlKCkpLT5jc3NJbWFnZVZhbHVlKCk7CisgICAgICAgICAg ICAgICAgICAgICAgICByZWZsZWN0aW9uLT5zZXRNYXNrKE5pbmVQaWVjZUltYWdlKGltYWdlVmFs dWUtPmNhY2hlZEltYWdlKGNhY2hlZFJlc291cmNlTG9hZGVyKSwgbWFza0ltYWdlLnNsaWNlcygp LCBtYXNrSW1hZ2UuaG9yaXpvbnRhbFJ1bGUoKSwgbWFza0ltYWdlLnZlcnRpY2FsUnVsZSgpKSk7 CisgICAgICAgICAgICAgICAgICAgIH0KICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAg ICAgYnJlYWs7CiAgICAgICAgICAgICB9Cg==