RESOLVED FIXED Bug 113768
Web Inspector: crash in WebCore::InspectorLayerTreeAgent::buildObjectForLayer if a layer is created for an anonymous RenderObject (:first-letter) 
https://bugs.webkit.org/show_bug.cgi?id=113768
Summary Web Inspector: crash in WebCore::InspectorLayerTreeAgent::buildObjectForLayer...
Antoine Quint
Reported 2013-04-02 04:27:17 PDT
Steps to reproduce: 1. Load <http://sahilparikh.com/post/46741689726/building-a-saas-business-2007-vs-2013#> in a WebKit nightly 2. Open the Safari Web Inspector 3. Click on the layers pane 4. *crash* The issue here is that a CSS rule using the :first-letter pseudo-element creates a composited layer (due to "backface-visilibity: hidden") and the InspectorLayerTreeAgent doesn't know how to handle such "special" RenderObjects. As a result, we get a null Node and when we ask for its nodeId, we eventually crash. We should be both more protective of unknown nodes and handle anonymous RenderObjects specifically.
Attachments
Patch (12.75 KB, patch)
2013-04-02 09:57 PDT, Antoine Quint 		no flags
DetailsFormatted DiffDiff
Patch for landing (12.73 KB, patch)
2013-04-03 03:11 PDT, Antoine Quint 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2013-04-02 04:28:01 PDT
<rdar://problem/13555463>
Antoine Quint
Comment 2 2013-04-02 09:57:06 PDT
Created attachment 196169 [details] Patch
David Kilzer (:ddkilzer)
Comment 3 2013-04-02 10:18:16 PDT
Comment on attachment 196169 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=196169&action=review > Source/WebCore/inspector/InspectorLayerTreeAgent.cpp:206 > + RenderStyle* style = renderer->style(); > + if (style) { FWIW, this can be simplified to: if (RenderStyle* style = renderer->style()) {
Simon Fraser (smfr)
Comment 4 2013-04-02 10:54:41 PDT
Comment on attachment 196169 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=196169&action=review > Source/WebCore/inspector/InspectorLayerTreeAgent.cpp:175 > + else if (isReflection || isAnonymous) > node = renderer->parent()->node(); Does this always work? What about a :first-letter inside a :first-line?
Antoine Quint
Comment 5 2013-04-03 02:51:40 PDT
<rdar://problem/13555463>
Antoine Quint
Comment 6 2013-04-03 03:04:27 PDT
(In reply to comment #4) > (From update of attachment 196169 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=196169&action=review > > > Source/WebCore/inspector/InspectorLayerTreeAgent.cpp:175 > > + else if (isReflection || isAnonymous) > > node = renderer->parent()->node(); > > Does this always work? What about a :first-letter inside a :first-line? Per my testing, that works too. I haven't found a way to have a ::first-letter be composited though, animations don't apply, neither do transforms, etc.
Antoine Quint
Comment 7 2013-04-03 03:11:57 PDT
Created attachment 196313 [details] Patch for landing
Antoine Quint
Comment 8 2013-04-03 03:12:24 PDT
<rdar://problem/13544596>
WebKit Review Bot
Comment 9 2013-04-03 04:05:17 PDT
Comment on attachment 196313 [details] Patch for landing Clearing flags on attachment: 196313 Committed r147538: <http://trac.webkit.org/changeset/147538>
WebKit Review Bot
Comment 10 2013-04-03 04:05:22 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.