Bug 27796 - CSS -webkit-transition and (overflow: (and/or) display:) properties crash the browser
Summary: CSS -webkit-transition and (overflow: (and/or) display:) properties crash the...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: Mac (Intel) OS X 10.5
: P2 Normal
Assignee: Simon Fraser (smfr)
URL:
Keywords: InRadar, NeedsReduction
Depends on:
Blocks:
 
Reported: 2009-07-29 01:46 PDT by webkit
Modified: 2009-07-29 12:49 PDT (History)
2 users (show)

See Also:

Attachments
Example (4.81 KB, text/html)
2009-07-29 01:46 PDT, webkit 		no flags Details
Patch, testcase, changelog (4.71 KB, patch)
2009-07-29 11:51 PDT, Simon Fraser (smfr) 		mitz: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description webkit 2009-07-29 01:46:43 PDT 
Created attachment 33701 [details]
Example

On the attached file, see the line 228 to 236 :

	.content{
		-webkit-transition-property: -webkit-transform;
		-webkit-transition-duration: 5s;
		-webkit-transition-timing-function: cubic-bezier(0.2, 0.6, 0.6, 0.9);
		-webkit-transform: translate3d(0, 0, 0);

		-webkit-column-count:0;

		overflow:hidden;/* only this line can generate a bug too */
		display:table-row;/*only this line can generate a bug too */
	}

This CSS class crash the browser (I think it's a buffer overflow error... If anyone can confirm :).
Comment 1 Mark Rowe (bdash) 2009-07-29 02:21:05 PDT 
I only see a crash with display: table-row present.  The overflow: hidden does not appear to be relevant at all.  It's a simple null-dereference.
Comment 2 Mark Rowe (bdash) 2009-07-29 02:21:34 PDT 
<rdar://problem/7101325>
Comment 3 Simon Fraser (smfr) 2009-07-29 11:51:41 PDT 
Created attachment 33727 [details]
Patch, testcase, changelog
Comment 4 Simon Fraser (smfr) 2009-07-29 12:49:13 PDT 
http://trac.webkit.org/changeset/46549