Bug 47942

Summary: REGRESSION(66391): http://ligth-arts.all-up.com/ crashes in EventHandler::selectCursor
Product: WebKit Reporter: James Robinson <jamesr>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: simon.fraser
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: OS X 10.5   
URL: http://ligth-arts.all-up.com
Attachments:
Description Flags
Patch
none
Patch dglazkov: review+

Description James Robinson 2010-10-19 15:51:17 PDT 
in EventHandler.cpp:1081 image is NULL.  looks like the old code would continue if (!cimage)
Comment 1 James Robinson 2010-10-19 17:04:40 PDT 
Created attachment 71231 [details]
Patch
Comment 2 James Robinson 2010-10-19 17:07:09 PDT 
This fixes the crashes, but it doesn't include a regression test as I'm not sure how to construct one.  The null check in EventHandler.cpp is needed to avoid the crash on startup, the check in CSSComputedStyleDeclaration.cpp is needed so it doesn't crash when opening the inspector.  The rest of the changes are by inspection.  This doesn't appear to regress the existing manual tests.

Any ideas on how to construct regression tests?  I know very little about cursors.

FYI this is one of the top 5 crashers in Chromium nightlies.
Comment 3 Simon Fraser (smfr) 2010-10-19 17:22:31 PDT 
The page in question has
body { cursor: url(''), url('http://img715.imageshack.us/img715/4435/cur.png'), auto; }
so we should be able to mimic this in a manual test.
Comment 4 James Robinson 2010-10-22 16:28:21 PDT 
Created attachment 71608 [details]
Patch
Comment 5 Dimitri Glazkov (Google) 2010-10-22 16:35:54 PDT 
Comment on attachment 71608 [details]
Patch

yay!
Comment 6 James Robinson 2010-10-22 16:39:25 PDT 
Committed r70365: <http://trac.webkit.org/changeset/70365>