Bug 51465

Summary: chrome.dll!WebCore::RenderLayer::currentTransform ReadAV@NULL (8968fc97874fa23b6799ff8f09c142e4)
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: commit-queue, eric, jchaffraix
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
Attachments:
Description Flags
Repro
none
Proposed fix: check that the RenderBox has a layer before calling layer() on it
none
Trivial patch: add the missing test cases none

Description Berend-Jan Wever 2010-12-22 05:41:23 PST 
Created attachment 77209 [details]
Repro

http://code.google.com/p/chromium/issues/detail?id=67785

Repro:
<style>
* {
  display: table-column;
  -webkit-transform-style: preserve-3d;
}
</style>

id:             chrome.dll!WebCore::RenderLayer::currentTransform ReadAV@NULL (8968fc97874fa23b6799ff8f09c142e4)
description:    Attempt to read from unallocated NULL pointer+0xA4 in chrome.dll!WebCore::RenderLayer::currentTransform
stack:          chrome.dll!WebCore::RenderLayer::currentTransform
                chrome.dll!WebCore::RenderBox::layoutOverflowRectForPropagation
                chrome.dll!WebCore::RenderBox::addOverflowFromChild
                chrome.dll!WebCore::RenderBlock::addOverflowFromBlockChildren
                chrome.dll!WebCore::RenderBlock::computeOverflow
                chrome.dll!WebCore::RenderBlock::layoutBlock
                chrome.dll!WebCore::RenderBlock::layout
                chrome.dll!WebCore::RenderBlock::layoutBlockChild
                chrome.dll!WebCore::RenderBlock::layoutBlockChildren
                chrome.dll!WebCore::RenderBlock::layoutBlock
                chrome.dll!WebCore::RenderBlock::layout
                chrome.dll!WebCore::RenderView::layout
                ...
Comment 1 Julien Chaffraix 2011-03-20 22:32:44 PDT 
Created attachment 86295 [details]
Proposed fix: check that the RenderBox has a layer before calling layer() on it
Comment 2 Eric Seidel (no email) 2011-03-20 23:14:21 PDT 
Comment on attachment 86295 [details]
Proposed fix: check that the RenderBox has a layer before calling layer() on it

ok.
Comment 3 WebKit Commit Bot 2011-03-21 01:20:25 PDT 
Comment on attachment 86295 [details]
Proposed fix: check that the RenderBox has a layer before calling layer() on it

Clearing flags on attachment: 86295

Committed r81574: <http://trac.webkit.org/changeset/81574>
Comment 4 WebKit Commit Bot 2011-03-21 01:20:29 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 5 Eric Seidel (no email) 2011-03-21 11:03:35 PDT 
I knew after I closed my laptop last night that something was wrong with this patch.  It's missing the added files!

Julien, please add the misisng files.
Comment 6 Julien Chaffraix 2011-03-21 16:54:01 PDT 
> Julien, please add the misisng files.

Sure I will update a new missing files to this bug tonight.
Comment 7 Julien Chaffraix 2011-03-22 06:33:46 PDT 
Created attachment 86456 [details]
Trivial patch: add the missing test cases
Comment 8 Eric Seidel (no email) 2011-03-28 21:37:46 PDT 
Comment on attachment 86456 [details]
Trivial patch: add the missing test cases

LGTM.  Don't we normally obscure the bug title in the ChangeLog for securityb ugs?
Comment 9 Julien Chaffraix 2011-03-28 22:13:07 PDT 
(In reply to comment #8)
> (From update of attachment 86456 [details])
> LGTM.  Don't we normally obscure the bug title in the ChangeLog for securityb ugs?

Not sure about the security bugs' policy. This bug was not marked as such so it won't apply anyway.
Comment 10 WebKit Commit Bot 2011-04-07 20:21:31 PDT 
Comment on attachment 86456 [details]
Trivial patch: add the missing test cases

Clearing flags on attachment: 86456

Committed r83243: <http://trac.webkit.org/changeset/83243>
Comment 11 WebKit Commit Bot 2011-04-07 20:21:37 PDT 
All reviewed patches have been landed.  Closing bug.