Bug 55290

Summary: REGRESSION(r79398): Webkit crash on dojo theme tester page
Product: WebKit Reporter: Darth <priyajeet.hora>
Component: HTML EditingAssignee: Ryosuke Niwa <rniwa>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, darin, eric, ojan, priyajeet.hora, rniwa, skylined, tony
Priority: P1 Keywords: InRadar, Regression
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
URL: http://archive.dojotoolkit.org/nightly/dojotoolkit/dijit/themes/themeTester.html
Attachments:
Description Flags
fixes the bug none

Darth
Reported 2011-02-25 20:37:42 PST
Browser crashes while looking at dojo theme tester. Doesn't happen in nightly release r79303. Happens in all nightly beyond that. Chromium 11.0.683.0 is also getting a renderer crash, might be due to the same.
Attachments
fixes the bug (3.42 KB, patch)
2011-02-26 06:28 PST, Ryosuke Niwa 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2011-02-26 00:44:28 PST
Confirmed with nightly r79488. Suspecting <http://trac.webkit.org/r79398>. 0 com.apple.WebCore 0x0000000100ef1e1d WebCore::Editor::selectionStartCSSPropertyValue(int) + 45 1 com.apple.WebCore 0x0000000100efdc18 WebCore::valueStyle(WebCore::Frame*, int) + 24 2 com.apple.WebCore 0x0000000100efdca6 WebCore::valueFontName(WebCore::Frame*, WebCore::Event*) + 22 3 com.apple.WebCore 0x0000000100eff1df WebCore::Editor::Command::value(WebCore::Event*) const + 111 4 com.apple.WebCore 0x0000000100e060c9 WebCore::Document::queryCommandValue(WTF::String const&) + 41 5 com.apple.WebCore 0x00000001011d8c36 WebCore::jsDocumentPrototypeFunctionQueryCommandValue(JSC::ExecState*) + 278
Alexey Proskuryakov
Comment 2 2011-02-26 00:44:57 PST
<rdar://problem/9058070>
Ryosuke Niwa
Comment 3 2011-02-26 03:18:26 PST
(In reply to comment #1) > Confirmed with nightly r79488. Suspecting <http://trac.webkit.org/r79398>. > > 0 com.apple.WebCore 0x0000000100ef1e1d WebCore::Editor::selectionStartCSSPropertyValue(int) + 45 > 1 com.apple.WebCore 0x0000000100efdc18 WebCore::valueStyle(WebCore::Frame*, int) + 24 > 2 com.apple.WebCore 0x0000000100efdca6 WebCore::valueFontName(WebCore::Frame*, WebCore::Event*) + 22 > 3 com.apple.WebCore 0x0000000100eff1df WebCore::Editor::Command::value(WebCore::Event*) const + 111 > 4 com.apple.WebCore 0x0000000100e060c9 WebCore::Document::queryCommandValue(WTF::String const&) + 41 > 5 com.apple.WebCore 0x00000001011d8c36 WebCore::jsDocumentPrototypeFunctionQueryCommandValue(JSC::ExecState*) + 278 Oops! Yes, it's missing a null check. http://trac.webkit.org/browser/trunk/Source/WebCore/editing/Editor.cpp#L1043 RefPtr<EditingStyle> selectionStyle = selectionStartStyle(); if (!selectionStyle->style()) return String(); should be RefPtr<EditingStyle> selectionStyle = selectionStartStyle(); if (!selectionStyle || !selectionStyle->style()) return String(); instead.
Ryosuke Niwa
Comment 4 2011-02-26 06:28:12 PST
Created attachment 83937 [details] fixes the bug
Ryosuke Niwa
Comment 5 2011-02-26 06:28:51 PST
This was an embarrassing bug :(
WebKit Commit Bot
Comment 6 2011-02-26 09:03:36 PST
Comment on attachment 83937 [details] fixes the bug Clearing flags on attachment: 83937 Committed r79794: <http://trac.webkit.org/changeset/79794>
WebKit Commit Bot
Comment 7 2011-02-26 09:03:40 PST
All reviewed patches have been landed. Closing bug.
Ryosuke Niwa
Comment 8 2011-02-28 02:41:07 PST
*** Bug 55359 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.