Bug 13416

Summary: Repro crash after referencing the user stylesheet from JavaScript
Product: WebKit Reporter: mitz
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Major Keywords: HasReduction
Priority: P1    
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
User stylesheet for reproducing
none
HTML for reproducing (will crash when the user stylesheet is set)
none
Change m_userSheet into a RefPtr darin: review+

Description mitz 2007-04-20 03:17:56 PDT 
Referencing the user stylesheet from JavaScript can lead to a browser crash. To reproduce the crash:
1) Download the attached stylesheet.
2) In Safari Preferences > Advanced > Style Sheet, choose the stylesheet you downloaded in step 1).
3) Open the attached reduction.

Patch forthcoming.
Comment 1 mitz 2007-04-20 03:18:45 PDT 
Created attachment 14104 [details]
User stylesheet for reproducing
Comment 2 mitz 2007-04-20 03:19:23 PDT 
Created attachment 14105 [details]
HTML for reproducing (will crash when the user stylesheet is set)
Comment 3 mitz 2007-04-20 03:20:10 PDT 
Created attachment 14106 [details]
Change m_userSheet into a RefPtr
Comment 4 Darin Adler 2007-04-20 08:05:18 PDT 
Comment on attachment 14106 [details]
Change m_userSheet into a RefPtr

r=me
Comment 5 Mark Rowe (bdash) 2007-04-21 01:31:44 PDT 
Landed in r20992.