Bug 75227

Summary: NULL ptr in WebCore::SVGStyledTransformableElement::animatedLocalTransform
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: eric, fmalita, koivisto, rwlbuis, webkit.review.bot, zimmermann
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
Attachments:
Description Flags
Repro
none
Patch none

Description Berend-Jan Wever 2011-12-26 05:35:53 PST 
Created attachment 120551 [details]
Repro

Detailed report: https://cluster-fuzz.appspot.com/testcase?key=9278916

Fuzzer: Inferno_layout_test_fuzzer

Crash Type: UNKNOWN
Crash Address: 0x000000000008
Crash State:
  - crash stack -
  WebCore::SVGStyledTransformableElement::animatedLocalTransform
  non-virtual thunk to WebCore::SVGStyledTransformableElement::animatedLocalTransform
  WebCore::SVGStyledTransformableElement::localCoordinateSpaceTransform
  
Regressed: https://cluster-fuzz.appspot.com/revisions?range=111368:111501

Minimized Testcase: https://cluster-fuzz.appspot.com/download/AMIfv94N78HYOdgNew_8tUlyw2DHa_r16roIX-dDHZRB4s5Z_OztPlCdCILo0cxvZ_DFCtdPbRt2dr-nx69WUHMIdWymUYglOgEnz93XzDIJfxk0Esp3ZOjfcG9aiU9iCWkxZgTt0wseNEJ4NEb5j_t7NxuxBeXqCw

Repro:
<script>
  document.createElementNS("http://www.w3.org/2000/svg","g").getTransformToElement();
</script>
Comment 1 Florin Malita 2012-01-03 09:10:12 PST 
Created attachment 120956 [details]
Patch
Comment 2 Dirk Schulze 2012-01-03 09:43:15 PST 
Comment on attachment 120956 [details]
Patch

LGTM. r=me
Comment 3 WebKit Review Bot 2012-01-03 11:33:42 PST 
Comment on attachment 120956 [details]
Patch

Clearing flags on attachment: 120956

Committed r103950: <http://trac.webkit.org/changeset/103950>
Comment 4 WebKit Review Bot 2012-01-03 11:33:46 PST 
All reviewed patches have been landed.  Closing bug.