RESOLVED FIXED 200206
wpt/css/css-images/gradient/color-stops-parsing.html crashes 
https://bugs.webkit.org/show_bug.cgi?id=200206
Summary wpt/css/css-images/gradient/color-stops-parsing.html crashes
Simon Fraser (smfr)
Reported 2019-07-28 14:39:30 PDT
This test crashes: Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000072a2e6adc WebCore::CSSValue::classType() const + 12 (CSSValue.h:217) 1 com.apple.WebCore 0x000000072a3318f7 WebCore::CSSValue::cssText() const + 39 (CSSValue.cpp:245) 2 com.apple.WebCore 0x000000072a2d34f4 WebCore::CSSLinearGradientValue::customCSSText() const + 2804 (CSSGradientValue.cpp:765) 3 com.apple.WebCore 0x000000072a331a6c WebCore::CSSValue::cssText() const + 412 (CSSValue.cpp:275) 4 com.apple.WebCore 0x000000072a3dbb70 WebCore::StyleProperties::getPropertyValue(WebCore::CSSPropertyID) const + 112 (StyleProperties.cpp:129) 5 com.apple.WebCore 0x000000072a3b78f6 WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal(WebCore::CSSPropertyID) + 54 (PropertySetCSSStyleDeclaration.cpp:303) 6 com.apple.WebCore 0x000000072a3b78b3 WebCore::PropertySetCSSStyleDeclaration::getPropertyValue(WTF::String const&) + 195 (PropertySetCSSStyleDeclaration.cpp:203) 7 com.apple.WebCore 0x0000000728549c5e WebCore::jsCSSStyleDeclarationPrototypeFunctionGetPropertyValueBody(JSC::ExecState*, WebCore::JSCSSStyleDeclaration*, JSC::ThrowScope&) + 318 (JSCSSStyleDeclaration.cpp:431) 8 com.apple.WebCore 0x000000072853a4f0 long long WebCore::IDLOperation<WebCore::JSCSSStyleDeclaration>::call<&(WebCore::jsCSSStyleDeclarationPrototypeFunctionGetPropertyValueBody(JSC::ExecState*, WebCore::JSCSSStyleDeclaration*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) + 768 (JSDOMOperation.h:53) 9 com.apple.WebCore 0x000000072853a1dc WebCore::jsCSSStyleDeclarationPrototypeFunctionGetPropertyValue(JSC::ExecState*) + 28 (JSCSSStyleDeclaration.cpp:436) 10 ??? 0x0000248e5600116b 0 + 40193746801003 11 com.apple.JavaScriptCore 0x000000073fb65387 llint_entry + 117405 (LowLevelInterpreter.asm:910) 12 com.apple.JavaScriptCore 0x000000073fb65387 llint_entry + 117405 (LowLevelInterpreter.asm:910)
Attachments
Patch (18.69 KB, patch)
2019-07-28 15:24 PDT, Simon Fraser (smfr) 		clopez: review+
DetailsFormatted DiffDiff
Patch (18.81 KB, patch)
2019-10-21 18:06 PDT, Simon Fraser (smfr) 		no flags
DetailsFormatted DiffDiff
Patch (31.57 KB, patch)
2019-10-21 21:20 PDT, Simon Fraser (smfr) 		no flags
DetailsFormatted DiffDiff
Patch (31.58 KB, patch)
2019-10-21 22:16 PDT, Simon Fraser (smfr) 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2019-07-28 15:24:35 PDT
Created attachment 375047 [details] Patch
Simon Fraser (smfr)
Comment 2 2019-07-28 15:25:09 PDT
Patch requires the patch from bug 200210.
Carlos Alberto Lopez Perez
Comment 3 2019-08-15 10:02:47 PDT
Comment on attachment 375047 [details] Patch r=me I also found this crash when working on bug 200716 and I locally simply fixed it by null-checking stop.m_color, but I like much more your fix. This sharing of the code you did inside this new function writeColorStop() is cool.
Carlos Alberto Lopez Perez
Comment 4 2019-10-15 15:52:19 PDT
This patch needs a rebase after r249013 and r250993
Simon Fraser (smfr)
Comment 5 2019-10-21 18:06:39 PDT
Created attachment 381491 [details] Patch
Simon Fraser (smfr)
Comment 6 2019-10-21 21:20:16 PDT
Created attachment 381506 [details] Patch
Simon Fraser (smfr)
Comment 7 2019-10-21 22:16:36 PDT
Created attachment 381509 [details] Patch
Simon Fraser (smfr)
Comment 8 2019-10-22 10:03:51 PDT
https://trac.webkit.org/changeset/251437/webkit
Radar WebKit Bug Importer
Comment 9 2019-10-22 10:04:22 PDT
<rdar://problem/56503997>
Note You need to log in before you can comment on or make changes to this bug.