97951 2012-09-28 16:18:56 -0700 Crashing in MediaControlPanelElement::makeTransparent() 2012-10-16 14:42:38 -0700 1 1 1 Unclassified WebKit Media 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 scherkus scherkus eric.carlson feature-media-reviews jer.noble sullivan webkit.review.bot oldest_to_newest 731049 0 scherkus 2012-09-28 16:18:56 -0700 See https://code.google.com/p/chromium/issues/detail?id=153071 for additional crash investigation This seems to be the makeTransparent() equivalent of bug 76391 where document()->page() isn't checked for being null. From a crash dump: chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0xc [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\shadow\mediacontrolelements.cpp @ 258]: 258 5ff62f80 6849040000 push 449h 258 5ff62f85 682b050000 push 52Bh 258 5ff62f8a 8bc6 mov eax,esi 258 5ff62f8c e8f42ef9ff call chrome_5f7b0000!WebCore::StyledElement::setInlineStyleProperty (5fef5e85) 259 5ff62f91 8b4614 mov eax,dword ptr [esi+14h] 259 5ff62f94 8b8040010000 mov eax,dword ptr [eax+140h] 259 5ff62f9a 85c0 test eax,eax 259 5ff62f9c 7405 je chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x2f (5ff62fa3) chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x2a [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\shadow\mediacontrolelements.cpp @ 259]: 259 5ff62f9e 8b4018 mov eax,dword ptr [eax+18h] 259 5ff62fa1 eb02 jmp chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x31 (5ff62fa5) chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x2f [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\shadow\mediacontrolelements.cpp @ 259]: 259 5ff62fa3 33c0 xor eax,eax chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x31 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\shadow\mediacontrolelements.cpp @ 259]: 259 5ff62fa5 8b4848 mov ecx,dword ptr [eax+48h] // *** CRASH *** 259 5ff62fa8 8b01 mov eax,dword ptr [ecx] 259 5ff62faa 8b90a8000000 mov edx,dword ptr [eax+0A8h] 259 5ff62fb0 ffd2 call edx 259 5ff62fb2 83ec08 sub esp,8 259 5ff62fb5 dd1c24 fstp qword ptr [esp] 259 5ff62fb8 6a0f push 0Fh 259 5ff62fba 682a050000 push 52Ah 259 5ff62fbf 8bc6 mov eax,esi 259 5ff62fc1 e88f2ff9ff call chrome_5f7b0000!WebCore::StyledElement::setInlineStyleProperty (5fef5f55) Notes: * esi contains the this pointer * Document::page() is inlined * Either Document::m_frame or Document::m_frame->page() is null, which makes eax 0x00000000 * We explode when de-reffing page()->theme()->mediAControlsFadeOutDuration() Page* Document::page() const { return m_frame ? m_frame->page() : 0; } 731055 1 166328 scherkus 2012-09-28 16:35:29 -0700 Created attachment 166328 Patch 731114 2 166328 buildbot 2012-09-28 18:24:39 -0700 Comment on attachment 166328 Patch Attachment 166328 did not pass mac-ews (mac): Output: http://queues.webkit.org/results/14090024 New failing tests: http/tests/workers/terminate-during-sync-operation.html 733988 3 scherkus 2012-10-03 13:27:48 -0700 +jer and sullivan, who wrote and reviewed bug 76391 743581 4 166328 webkit.review.bot 2012-10-16 14:42:35 -0700 Comment on attachment 166328 Patch Clearing flags on attachment: 166328 Committed r131505: <http://trac.webkit.org/changeset/131505> 743582 5 webkit.review.bot 2012-10-16 14:42:38 -0700 All reviewed patches have been landed. Closing bug. 166328 2012-09-28 16:35:29 -0700 2012-10-16 14:42:34 -0700 Patch bug-97951-20120928163446.patch text/plain 1939 scherkus U3VidmVyc2lvbiBSZXZpc2lvbjogMTI5ODIyCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggYTM5ZDcwZDg5Yzk5NTkz YzYxZjVmN2ZjMTM4OTc5MDNjZjNkMTljYS4uZTRlNDg0YjAzOWZlM2M5NzgzMWY1ZDEzNDA0YThi OWE4MWQ4YWMxNiAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDEyLTA5LTI4ICBBbmRy ZXcgU2NoZXJrdXMgIDxzY2hlcmt1c0BjaHJvbWl1bS5vcmc+CisKKyAgICAgICAgRml4IGNyYXNo IGluIFdlYkNvcmU6Ok1lZGlhQ29udHJvbFBhbmVsRWxlbWVudDo6bWFrZVRyYW5zcGFyZW50KCkK KyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lkPTk3OTUxCisK KyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgTm8gbmV3IHRl c3RzIGFzIGl0J3MgYSBzcGVjdWxhdGl2ZSBmaXggYmFzZWQgb24gY3Jhc2ggZHVtcCBhbmFseXNp cy4KKyAgICAgCisgICAgICAgIERlc3BpdGUgTWVkaWFDb250cm9sUGFuZWxFbGVtZW50IGNoZWNr aW5nIGZvciBkb2N1bWVudCgpLT5wYWdlKCkgbnVsbGl0eSBpbiBvdGhlciBwbGFjZXMsIGl0IGZv cmdvdCBvbmUgY2hlY2sgaW4gbWFrZVRyYW5zcGFyZW50KCkuCisKKyAgICAgICAgKiBodG1sL3No YWRvdy9NZWRpYUNvbnRyb2xFbGVtZW50cy5jcHA6CisgICAgICAgIChXZWJDb3JlOjpNZWRpYUNv bnRyb2xQYW5lbEVsZW1lbnQ6Om1ha2VUcmFuc3BhcmVudCk6CisKIDIwMTItMDktMjcgIFNoZXJp ZmYgQm90ICA8d2Via2l0LnJldmlldy5ib3RAZ21haWwuY29tPgogCiAgICAgICAgIFVucmV2aWV3 ZWQsIHJvbGxpbmcgb3V0IHIxMjk4MDYuCmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9odG1s L3NoYWRvdy9NZWRpYUNvbnRyb2xFbGVtZW50cy5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9odG1sL3No YWRvdy9NZWRpYUNvbnRyb2xFbGVtZW50cy5jcHAKaW5kZXggODgxYzJkZWI1Y2NhMmU3YTliOGYx NGY0ZGYwYzViNTY1YTFhY2U5Yi4uN2NjY2Q2OTBlNTY3OTQ2MDI2MzRhMDkxNjMxYzQ0MTQ1NzNl ZDgwMSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvaHRtbC9zaGFkb3cvTWVkaWFDb250cm9s RWxlbWVudHMuY3BwCisrKyBiL1NvdXJjZS9XZWJDb3JlL2h0bWwvc2hhZG93L01lZGlhQ29udHJv bEVsZW1lbnRzLmNwcApAQCAtMjYxLDggKzI2MSwxMCBAQCB2b2lkIE1lZGlhQ29udHJvbFBhbmVs RWxlbWVudDo6bWFrZVRyYW5zcGFyZW50KCkKICAgICBpZiAoIW1fb3BhcXVlKQogICAgICAgICBy ZXR1cm47CiAKKyAgICBkb3VibGUgZHVyYXRpb24gPSBkb2N1bWVudCgpLT5wYWdlKCkgPyBkb2N1 bWVudCgpLT5wYWdlKCktPnRoZW1lKCktPm1lZGlhQ29udHJvbHNGYWRlT3V0RHVyYXRpb24oKSA6 IDA7CisKICAgICBzZXRJbmxpbmVTdHlsZVByb3BlcnR5KENTU1Byb3BlcnR5V2Via2l0VHJhbnNp dGlvblByb3BlcnR5LCBDU1NQcm9wZXJ0eU9wYWNpdHkpOwotICAgIHNldElubGluZVN0eWxlUHJv cGVydHkoQ1NTUHJvcGVydHlXZWJraXRUcmFuc2l0aW9uRHVyYXRpb24sIGRvY3VtZW50KCktPnBh Z2UoKS0+dGhlbWUoKS0+bWVkaWFDb250cm9sc0ZhZGVPdXREdXJhdGlvbigpLCBDU1NQcmltaXRp dmVWYWx1ZTo6Q1NTX1MpOworICAgIHNldElubGluZVN0eWxlUHJvcGVydHkoQ1NTUHJvcGVydHlX ZWJraXRUcmFuc2l0aW9uRHVyYXRpb24sIGR1cmF0aW9uLCBDU1NQcmltaXRpdmVWYWx1ZTo6Q1NT X1MpOwogICAgIHNldElubGluZVN0eWxlUHJvcGVydHkoQ1NTUHJvcGVydHlPcGFjaXR5LCAwLjAs IENTU1ByaW1pdGl2ZVZhbHVlOjpDU1NfTlVNQkVSKTsKIAogICAgIG1fb3BhcXVlID0gZmFsc2U7 Cg==