Bug 37709 - Make RenderObject::isTransparent tolerate NULL style
Summary: Make RenderObject::isTransparent tolerate NULL style
Status: RESOLVED INVALID
Alias: None
Product: WebKit
Classification: Unclassified
Component: Layout and Rendering (show other bugs)
Version: 528+ (Nightly build)
Hardware: Other Linux
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-04-16 09:08 PDT by anton muhin
Modified: 2010-04-16 12:01 PDT (History)
1 user (show)

See Also:

Attachments
Patch (1.10 KB, patch)
2010-04-16 09:22 PDT, anton muhin 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description anton muhin 2010-04-16 09:08:39 PDT 
Make RenderObject::isTransparent tolerate NULL style
Comment 1 anton muhin 2010-04-16 09:20:28 PDT 
Moving http://code.google.com/p/chromium/issues/detail?id=41555 into WebKit bug tracker as most probably it's a problem on WebKit side, not Chromium proper.

After WebKit roll 57510 -> 57582 (http://codereview.chromium.org/1540037/show) almost all fast/ruby tests started to fail.

Here is sample stack trace (obtained with gdb):

#0  WebCore::RenderObject::isTransparent (this=0xaa28724) at third_party/WebKit/WebCore/rendering/RenderObject.h:662
#1  0x0886cba8 in WebCore::RenderBoxModelObject::requiresLayer (this=0xaa28724) at third_party/WebKit/WebCore/rendering/RenderBoxModelObject.h:62
#2  0x0889670b in WebCore::RenderBoxModelObject::styleDidChange (this=0xaa28724, diff=WebCore::StyleDifferenceEqual, oldStyle=0xaa287a8) at third_party/WebKit/WebCore/rendering/RenderBoxModelObject.cpp:276
#3  0x0888dc92 in WebCore::RenderBox::styleDidChange (this=0xaa28724, diff=WebCore::StyleDifferenceEqual, oldStyle=0xaa287a8) at third_party/WebKit/WebCore/rendering/RenderBox.cpp:165
#4  0x0886294a in WebCore::RenderBlock::styleDidChange (this=0xaa28724, diff=WebCore::StyleDifferenceEqual, oldStyle=0xaa287a8) at third_party/WebKit/WebCore/rendering/RenderBlock.cpp:231
#5  0x088e0277 in WebCore::RenderObject::setStyle (this=0xaa28724, style=@0xbfa77394) at third_party/WebKit/WebCore/rendering/RenderObject.cpp:1530
#6  0x088ebcfb in WebCore::RenderRubyRun::staticCreateRubyRun (parentRuby=0xaa2864c) at third_party/WebKit/WebCore/rendering/RenderRubyRun.cpp:222
#7  0x088eb2a5 in WebCore::RenderRubyAsInline::addChild (this=0xaa2864c, child=0xaa286d4, beforeChild=0x0) at third_party/WebKit/WebCore/rendering/RenderRuby.cpp:104
#8  0x085ad199 in WebCore::Node::createRendererIfNeeded (this=0xaa0bf68) at third_party/WebKit/WebCore/dom/Node.cpp:1393
#9  0x085de2a5 in WebCore::Text::attach (this=0xaa0bf68) at third_party/WebKit/WebCore/dom/Text.cpp:272
#10 0x08b13938 in WebCore::HTMLParser::insertNode (this=0xa842e38, n=0xaa0bf68, flat=false) at third_party/WebKit/WebCore/html/HTMLParser.cpp:399
#11 0x08b18b9f in WebCore::HTMLParser::insertNodeAfterLimitBlockDepth (this=0xa842e38, n=0xaa0bf68, flat=false) at third_party/WebKit/WebCore/html/HTMLParser.cpp:227
#12 0x08b15eb8 in WebCore::HTMLParser::parseToken (this=0xa842e38, t=0xa8460fc) at third_party/WebKit/WebCore/html/HTMLParser.cpp:268
#13 0x0868e9b1 in WebCore::HTMLTokenizer::processToken (this=0xa8460e0) at third_party/WebKit/WebCore/html/HTMLTokenizer.cpp:1941
#14 0x0869582c in WebCore::HTMLTokenizer::write (this=0xa8460e0, str=@0xbfa77628, appendData=true) at third_party/WebKit/WebCore/html/HTMLTokenizer.cpp:1760
#15 0x0870caf7 in WebCore::FrameLoader::write (this=0xa82e090, str=0x0, len=0, flush=true) at third_party/WebKit/WebCore/loader/FrameLoader.cpp:949
#16 0x0870cca3 in WebCore::FrameLoader::endIfNotLoadingMainResource (this=0xa82e090) at third_party/WebKit/WebCore/loader/FrameLoader.cpp:984
#17 0x0870cce1 in WebCore::FrameLoader::end (this=0xa82e090) at third_party/WebKit/WebCore/loader/FrameLoader.cpp:970
#18 0x086feda6 in WebCore::DocumentLoader::finishedLoading (this=0xa9d2400) at third_party/WebKit/WebCore/loader/DocumentLoader.cpp:268
#19 0x08711482 in WebCore::FrameLoader::finishedLoading (this=0xa82e090) at third_party/WebKit/WebCore/loader/FrameLoader.cpp:2824
#20 0x087209b7 in WebCore::MainResourceLoader::didFinishLoading (this=0xa9d3230) at third_party/WebKit/WebCore/loader/MainResourceLoader.cpp:424
#21 0x0872a194 in WebCore::ResourceLoader::didFinishLoading (this=0xa9d3230) at third_party/WebKit/WebCore/loader/ResourceLoader.cpp:443
#22 0x09248b93 in WebCore::ResourceHandleInternal::didFinishLoading (this=0xa9d7248) at third_party/WebKit/WebKit/chromium/src/ResourceHandle.cpp:180
#23 0x08ee745b in webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest (this=0xa9d6180, status=@0xa84948c, security_info=@0xa849494) at webkit/glue/weburlloader_impl.cc:552
#24 0x08f099da in NotifyCompletedRequest (this=0xa9d6200, status=@0xa84948c, security_info=@0xa849494) at webkit/tools/test_shell/simple_resource_loader_bridge.cc:199
#25 0x08f09eb0 in DispatchToMethod<<unnamed>::RequestProxy, void (<unnamed>::RequestProxy::*)(const URLRequestStatus&, const std::string&), URLRequestStatus, std::basic_string<char, std::char_traits<char>, std::allocator<char> > > (obj=0xa9d6200, 
    method=0x8f099a4 <NotifyCompletedRequest>, arg=@0xa84948c) at ./base/tuple.h:429
#26 0x08f09ee6 in Run (this=0xa849470) at ./base/task.h:296
#27 0x0812f016 in MessageLoop::RunTask (this=0xbfa78844, task=0xa849470) at base/message_loop.cc:328
#28 0x0812f6c7 in MessageLoop::DeferOrRunPendingTask (this=0xbfa78844, pending_task=@0xbfa779e4) at base/message_loop.cc:336
#29 0x0812f957 in MessageLoop::DoWork (this=0xbfa78844) at base/message_loop.cc:443
#30 0x0816ee0d in base::MessagePumpForUI::RunWithDispatcher (this=0xa7d6530, delegate=0xbfa78844, dispatcher=0x0) at base/message_pump_glib.cc:199
#31 0x0816f7bf in base::MessagePumpForUI::Run (this=0xa7d6530, delegate=0xbfa78844) at ./base/message_pump_glib.h:59
#32 0x081300b7 in MessageLoop::RunInternal (this=0xbfa78844) at base/message_loop.cc:204
#33 0x081300d1 in MessageLoop::RunHandler (this=0xbfa78844) at base/message_loop.cc:176
#34 0x08130175 in MessageLoop::Run (this=0xbfa78844) at base/message_loop.cc:154
#35 0x08049be2 in main (argc=Cannot access memory at address 0x0

Here, in isTransparent() style() returns NULL and we crash.

Looking through committed revisions, I don't see what might have triggered that.

I am not an expert in this area, but apparently the case of NULL style() should be handled here---at least RenderObject::setStyle naturally accepts the case when original style is NULL.  Similarly hasMask() (another one in requiresLayer() check) checks style() before querying it.  Thus, with my non-existent understanding of WebKit rendering process, I'd try to fix it checking if style() is NULL before querying opacity().

The bug is difficult to reproduce for me---at least on my box there seems to be troubles with hitting this path at all (probably something disables ruby support).
Comment 2 anton muhin 2010-04-16 09:22:31 PDT 
Created attachment 53533 [details]
Patch
Comment 3 anton muhin 2010-04-16 09:42:02 PDT 
Comment on attachment 53533 [details]
Patch

I found one strange thing.  Need some more time to investigate.
Comment 4 anton muhin 2010-04-16 12:01:51 PDT 
The reason seems to be spoiled build.  Closing this bug.