Bug 99587

Summary: REGRESSION(r131464): Null-pointer crash in StyleResolver::styleForElement
Product: WebKit Reporter: dstockwell
Component: CSSAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: allan.jensen, cmarcelo, dglazkov, macpherson, menard, tasak, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Test case
none
Patch none

dstockwell
Reported 2012-10-17 05:06:55 PDT
Created attachment 169161 [details] Test case ==26072== ERROR: AddressSanitizer crashed on unknown address 0x000000000030 (pc 0x00000066533d sp 0x7fffd83fb500 bp 0x7fffd83fb500 T0) AddressSanitizer can not provide additional info. #0 0x66533c in WTF::RefPtr<WebCore::StyleRareInheritedData>::get() const third_party/WebKit/Source/WTF/wtf/RefPtr.h:58 #1 0xb8df7c in WebCore::RenderStyle::userModify() const third_party/WebKit/Source/WebCore/rendering/style/RenderStyle.h:838 #2 0x1ab07bf in WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*) third_party/WebKit/Source/WebCore/css/StyleResolver.cpp:1551 #3 0xadba28 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) third_party/WebKit/Source/WebCore/dom/Document.cpp:1972 #4 0xb56d24 in WebCore::Element::computedStyle(WebCore::PseudoId) third_party/WebKit/Source/WebCore/dom/Element.cpp:1759 #5 0x148813e in WebCore::HTMLTitleElement::textWithDirection() third_party/WebKit/Source/WebCore/html/HTMLTitleElement.cpp:87 #6 0x1488041 in WebCore::HTMLTitleElement::childrenChanged(bool, WebCore::Node*, WebCore::Node*, int) third_party/WebKit/Source/WebCore/html/HTMLTitleElement.cpp:67 #7 0xab3e3c in WebCore::ContainerNode::parserAppendChild(WTF::PassRefPtr<WebCore::Node>) third_party/WebKit/Source/WebCore/dom/ContainerNode.cpp:627 #8 0x15d0e4b in WebCore::executeTask(WebCore::HTMLConstructionSiteTask&) third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:83 #9 0x15d4e95 in WebCore::HTMLConstructionSite::insertTextNode(WTF::String const&, WebCore::WhitespaceMode) third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:385 #10 0x154d2bf in WebCore::HTMLTreeBuilder::processCharacterBuffer(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer&) third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2281 #11 0x154c47e in WebCore::HTMLTreeBuilder::processCharacter(WebCore::AtomicHTMLToken*) third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2154 #12 0x15496d1 in WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken(WebCore::AtomicHTMLToken*) third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:389 #13 0x154952c in WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken&) third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:370 #14 0x150c04e in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:269 #15 0x150d1e9 in WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:361 #16 0x32430eb in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter*) third_party/WebKit/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60 #17 0x1d1d9ea in WebCore::DocumentWriter::end() third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:241 #18 0x1d06714 in WebCore::DocumentLoader::finishedLoading() third_party/WebKit/Source/WebCore/loader/DocumentLoader.cpp:299 #19 0x1d5c02d in WebCore::MainResourceLoader::didFinishLoading(double) third_party/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:525
Attachments
Test case (32 bytes, text/html)
2012-10-17 05:06 PDT, dstockwell 		no flags
Details
Patch (4.10 KB, patch)
2012-10-17 22:07 PDT, Takashi Sakamoto 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Takashi Sakamoto
Comment 1 2012-10-17 22:07:42 PDT
Created attachment 169342 [details] Patch
Allan Sandfeld Jensen
Comment 2 2012-10-18 04:03:30 PDT
Would it be possible for the summary to be shown later with the end result of the title not inheriting its userModify setting?
Dimitri Glazkov (Google)
Comment 3 2012-10-18 08:55:24 PDT
Comment on attachment 169342 [details] Patch I am sorry, I should've caught this.
WebKit Review Bot
Comment 4 2012-10-18 09:00:31 PDT
Comment on attachment 169342 [details] Patch Clearing flags on attachment: 169342 Committed r131758: <http://trac.webkit.org/changeset/131758>
WebKit Review Bot
Comment 5 2012-10-18 09:00:39 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.