WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
221378
Nullptr crash in Node::renderStyle() via CSSLinearGradientValue::createGradient
https://bugs.webkit.org/show_bug.cgi?id=221378
Summary
Nullptr crash in Node::renderStyle() via CSSLinearGradientValue::createGradient
Ryosuke Niwa
Reported
2021-02-03 20:15:10 PST
e.g. Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010d33c39c WebCore::Node::renderStyle() const + 0 (NodeRenderStyle.h:36) [inlined] 1 com.apple.WebCore 0x000000010d33c39c WebCore::CSSLinearGradientValue::createGradient(WebCore::RenderElement&, WebCore::FloatSize const&) + 76 (CSSGradientValue.cpp:809) 2 com.apple.WebCore 0x000000010d33b360 WebCore::createGradient(WebCore::CSSGradientValue&, WebCore::RenderElement&, WebCore::FloatSize) + 49 (CSSGradientValue.cpp:46) [inlined] 3 com.apple.WebCore 0x000000010d33b360 WebCore::CSSGradientValue::image(WebCore::RenderElement&, WebCore::FloatSize const&) + 144 (CSSGradientValue.cpp:63) 4 com.apple.WebCore 0x000000010d34cad0 WebCore::CSSImageGeneratorValue::image(WebCore::RenderElement&, WebCore::FloatSize const&) + 48 5 com.apple.WebCore 0x000000010df24512 WebCore::StyleGeneratedImage::image(WebCore::RenderElement*, WebCore::FloatSize const&) const + 18 (StyleGeneratedImage.cpp:104) 6 com.apple.WebCore 0x000000010dda89b8 WebCore::RenderBoxModelObject::paintFillLayerExtended(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::InlineFlowBox*, WebCore::LayoutSize const&, WebCore::CompositeOperator, WebCore::RenderElement*, WebCore::BaseBackgroundColorUsage) + 6424 (RenderBoxModelObject.cpp:966) 7 com.apple.WebCore 0x000000010dda07f4 WebCore::RenderBox::paintFillLayer(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderElement*, WebCore::BaseBackgroundColorUsage) + 43 (RenderBox.cpp:1790) [inlined] 8 com.apple.WebCore 0x000000010dda07f4 WebCore::RenderBox::paintFillLayers(WebCore::PaintInfo const&, WebCore::Color const&, WebCore::FillLayer const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance, WebCore::CompositeOperator, WebCore::RenderElement*) + 596 (RenderBox.cpp:1781) 9 com.apple.WebCore 0x000000010dda3fca WebCore::RenderBox::paintBackground(WebCore::PaintInfo const&, WebCore::LayoutRect const&, WebCore::BackgroundBleedAvoidance) + 314 (RenderBox.cpp:1504) 10 com.apple.WebCore 0x000000010dda13b0 WebCore::RenderBox::paintBoxDecorations(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 1024 (RenderBox.cpp:1459) 11 com.apple.WebCore 0x000000010dd730ad WebCore::RenderBlock::paintObject(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 77 (RenderBlock.cpp:1231) 12 com.apple.WebCore 0x000000010dd7296d WebCore::RenderBlock::paint(WebCore::PaintInfo&, WebCore::LayoutPoint const&) + 285 (RenderBlock.cpp:1108) 13 com.apple.WebCore 0x000000010de7f524 WebCore::RenderScrollbarPart::paintIntoRect(WebCore::GraphicsContext&, WebCore::LayoutPoint const&, WebCore::LayoutRect const&) + 548 (RenderScrollbarPart.cpp:180) 14 com.apple.WebCore 0x000000010de7f2f1 WebCore::RenderScrollbar::paintPart(WebCore::GraphicsContext&, WebCore::ScrollbarPart, WebCore::IntRect const&) + 481 (RenderScrollbar.cpp:267) 15 com.apple.WebCore 0x000000010de83275 WebCore::RenderScrollbarTheme::paintScrollbarBackground(WebCore::GraphicsContext&, WebCore::Scrollbar&) + 53 (RenderScrollbarTheme.cpp:136) 16 com.apple.WebCore 0x000000010db16cb9 WebCore::ScrollbarThemeComposite::paint(WebCore::Scrollbar&, WebCore::GraphicsContext&, WebCore::IntRect const&) + 617 (ScrollbarThemeComposite.cpp:79) 17 com.apple.WebCore 0x000000010db15f2d WebCore::Scrollbar::paint(WebCore::GraphicsContext&, WebCore::IntRect const&, WebCore::Widget::SecurityOriginPaintPolicy, WebCore::EventRegionContext*) + 173 (Scrollbar.cpp:153) 18 com.apple.WebCore 0x000000010de37a60 WebCore::paintScrollbar(WebCore::Scrollbar*, WebCore::GraphicsContext&, WebCore::IntRect const&) + 160 (RenderLayerCompositor.cpp:3562) 19 com.apple.WebCore 0x000000010de45a85 WebCore::RenderLayerCompositor::paintContents(WebCore::GraphicsLayer const*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 325 20 com.apple.WebCore 0x000000010db939b6 WebCore::GraphicsLayer::paintGraphicsLayerContents(WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 182 (GraphicsLayer.cpp:530) 21 com.apple.WebCore 0x000000010dbdb0f7 WebCore::GraphicsLayerCA::platformCALayerPaintContents(WebCore::PlatformCALayer*, WebCore::GraphicsContext&, WebCore::FloatRect const&, unsigned int) + 231 (GraphicsLayerCA.cpp:1715) <
rdar://problem/72995309
>
Attachments
Test
(405 bytes, text/html)
2021-02-03 20:15 PST
,
Ryosuke Niwa
no flags
Details
Patch
(9.75 KB, patch)
2021-02-05 07:33 PST
,
Rob Buis
no flags
Details
Formatted Diff
Diff
Patch
(8.42 KB, patch)
2021-02-05 07:34 PST
,
Rob Buis
no flags
Details
Formatted Diff
Diff
Show Obsolete
(1)
View All
Add attachment
proposed patch, testcase, etc.
Ryosuke Niwa
Comment 1
2021-02-03 20:15:22 PST
Created
attachment 419222
[details]
Test
Rob Buis
Comment 2
2021-02-05 07:33:35 PST
Created
attachment 419403
[details]
Patch
Rob Buis
Comment 3
2021-02-05 07:34:31 PST
Created
attachment 419405
[details]
Patch
EWS
Comment 4
2021-02-08 09:36:25 PST
Committed
r272497
: <
https://commits.webkit.org/r272497
> All reviewed patches have been landed. Closing bug and clearing flags on
attachment 419405
[details]
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug