WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
138774
Crash when setting 'alt' CSS property to inherit or initial
https://bugs.webkit.org/show_bug.cgi?id=138774
Summary
Crash when setting 'alt' CSS property to inherit or initial
Chris Dumez
Reported
2014-11-15 23:16:33 PST
Crash when setting 'alt' CSS property to inherit or initial:
> 1 com.apple.WebCore 0x1150c32ec WebCore::CSSPrimitiveValue::isString() const + 0xc
2 com.apple.WebCore 0x1169f6e09 WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*) + 0x11e9 3 com.apple.WebCore 0x116a03817 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&) + 0xd7 4 com.apple.WebCore 0x1169f5ada WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int) + 0xaa 5 com.apple.WebCore 0x1169f4227 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache) + 0x747 6 com.apple.WebCore 0x1169f1eb3 WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*) + 0x4e3 7 com.apple.WebCore 0x116a23543 WebCore::Style::styleForElement(WebCore::Element&, WebCore::RenderStyle&) + 0x153 8 com.apple.WebCore 0x116a226a0 WebCore::Style::createRendererIfNeeded(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) + 0xd0 9 com.apple.WebCore 0x116a22267 WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) + 0x107 10 com.apple.WebCore 0x116a22c6b WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&) + 0x15b 11 com.apple.WebCore 0x116a22339 WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) + 0x1d9 12 com.apple.WebCore 0x116a22c6b WebCore::Style::attachChildren(WebCore::ContainerNode&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&) + 0x15b 13 com.apple.WebCore 0x116a22339 WebCore::Style::attachRenderTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WTF::PassRefPtr<WebCore::RenderStyle>) + 0x1d9 14 com.apple.WebCore 0x116a215b0 WebCore::Style::resolveLocal(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) + 0x190 15 com.apple.WebCore 0x116a1eeed WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change) + 0x12d 16 com.apple.WebCore 0x116a1eda8 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change) + 0x1e8 17 com.apple.WebCore 0x1152a7606 WebCore::Document::recalcStyle(WebCore::Style::Change) + 0x1d6 18 com.apple.WebCore 0x1152a37ef WebCore::Document::updateStyleIfNeeded() + 0x1af 19 com.apple.WebCore 0x1152b40a2 WebCore::Document::finishedParsing() + 0x1c2 20 com.apple.WebCore 0x11574ec38 WebCore::HTMLConstructionSite::finishedParsing() + 0x18 21 com.apple.WebCore 0x11588c717 WebCore::HTMLTreeBuilder::finished() + 0xb7 22 com.apple.WebCore 0x11577db6e WebCore::HTMLDocumentParser::end() + 0xbe 23 com.apple.WebCore 0x11577bbd3 WebCore::HTMLDocumentParser::attemptToRunDeferredScriptsAndEnd() + 0x113 24 com.apple.WebCore 0x11577b9e0 WebCore::HTMLDocumentParser::prepareToStopParsing() + 0x120 25 com.apple.WebCore 0x11577dbc3 WebCore::HTMLDocumentParser::attemptToEnd() + 0x43 26 com.apple.WebCore 0x11577dc18 WebCore::HTMLDocumentParser::finish() + 0x48 27 com.apple.WebCore 0x11533585a WebCore::DocumentWriter::end() + 0x15a Radar:
rdar://problem/18995409
Attachments
Patch
(5.24 KB, patch)
2014-11-15 23:23 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Patch
(5.31 KB, patch)
2014-11-15 23:28 PST
,
Chris Dumez
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Chris Dumez
Comment 1
2014-11-15 23:23:42 PST
Created
attachment 241677
[details]
Patch
Chris Dumez
Comment 2
2014-11-15 23:27:20 PST
Comment on
attachment 241677
[details]
Patch View in context:
https://bugs.webkit.org/attachment.cgi?id=241677&action=review
> Source/WebCore/css/StyleResolver.cpp:2251 > if (primitiveValue->isString()) {
The null dereference would happen here.
Chris Dumez
Comment 3
2014-11-15 23:28:58 PST
Created
attachment 241678
[details]
Patch
WebKit Commit Bot
Comment 4
2014-11-16 07:54:50 PST
Comment on
attachment 241678
[details]
Patch Clearing flags on attachment: 241678 Committed
r176161
: <
http://trac.webkit.org/changeset/176161
>
WebKit Commit Bot
Comment 5
2014-11-16 07:54:56 PST
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug