Bug 13416

Summary: Repro crash after referencing the user stylesheet from JavaScript
Product: WebKit Reporter: mitz
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Major Keywords: HasReduction
Priority: P1    
Version: 523.x (Safari 3)   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
User stylesheet for reproducing
none
HTML for reproducing (will crash when the user stylesheet is set)
none
Change m_userSheet into a RefPtr darin: review+

mitz
Reported 2007-04-20 03:17:56 PDT
Referencing the user stylesheet from JavaScript can lead to a browser crash. To reproduce the crash: 1) Download the attached stylesheet. 2) In Safari Preferences > Advanced > Style Sheet, choose the stylesheet you downloaded in step 1). 3) Open the attached reduction. Patch forthcoming.
Attachments
User stylesheet for reproducing (24 bytes, text/css)
2007-04-20 03:18 PDT, mitz 		no flags
Details
HTML for reproducing (will crash when the user stylesheet is set) (364 bytes, text/html)
2007-04-20 03:19 PDT, mitz 		no flags
Details
Change m_userSheet into a RefPtr (2.31 KB, patch)
2007-04-20 03:20 PDT, mitz 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
mitz
Comment 1 2007-04-20 03:18:45 PDT
Created attachment 14104 [details] User stylesheet for reproducing
mitz
Comment 2 2007-04-20 03:19:23 PDT
Created attachment 14105 [details] HTML for reproducing (will crash when the user stylesheet is set)
mitz
Comment 3 2007-04-20 03:20:10 PDT
Created attachment 14106 [details] Change m_userSheet into a RefPtr
Darin Adler
Comment 4 2007-04-20 08:05:18 PDT
Comment on attachment 14106 [details] Change m_userSheet into a RefPtr r=me
Mark Rowe (bdash)
Comment 5 2007-04-21 01:31:44 PDT
Landed in r20992.
Note You need to log in before you can comment on or make changes to this bug.