RESOLVED FIXED 50149
chrome.dll!WebCore::CSSStyleSelector::loadPendingImages ReadAV@NULL (830f1940d708882124521ea60de442b0) 
https://bugs.webkit.org/show_bug.cgi?id=50149
Summary chrome.dll!WebCore::CSSStyleSelector::loadPendingImages ReadAV@NULL (830f1940...
Berend-Jan Wever
Reported 2010-11-29 05:59:53 PST
Created attachment 75019 [details] Repro Repro: <style> *{ -webkit-box-reflect: none !important; -webkit-box-reflect: below 0 url(x); } </style> id: chrome.dll!WebCore::CSSStyleSelector::loadPendingImages ReadAV@NULL (830f1940d708882124521ea60de442b0) description: Attempt to read from unallocated NULL pointer+0xC in chrome.dll!WebCore::CSSStyleSelector::loadPendingImages application: Chromium 9.0.596.0 stack: chrome.dll!WebCore::CSSStyleSelector::loadPendingImages chrome.dll!WebCore::CSSStyleSelector::styleForElement chrome.dll!WebCore::Element::recalcStyle chrome.dll!WebCore::Document::recalcStyle chrome.dll!WebCore::Document::styleSelectorChanged chrome.dll!WebCore::Document::removePendingSheet chrome.dll!WebCore::StyleElement::sheetLoaded chrome.dll!WebCore::SVGStyleElement::sheetLoaded chrome.dll!WebCore::CSSStyleSheet::checkLoaded chrome.dll!WebCore::StyleElement::createSheet chrome.dll!WebCore::StyleElement::process chrome.dll!WebCore::StyleElement::finishParsingChildren chrome.dll!WebCore::HTMLStyleElement::finishParsingChildren chrome.dll!WebCore::HTMLElementStack::popCommon chrome.dll!WebCore::HTMLTreeBuilder::processEndTag chrome.dll!WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken chrome.dll!WebCore::HTMLTreeBuilder::constructTreeFromToken chrome.dll!WebCore::HTMLDocumentParser::pumpTokenizer chrome.dll!WebCore::HTMLDocumentParser::insert chrome.dll!WebCore::Document::write chrome.dll!WebCore::V8HTMLDocument::writeCallback chrome.dll!v8::internal::HandleApiCallHelper<...> chrome.dll!v8::internal::Builtin_HandleApiCall chrome.dll!v8::internal::Invoke chrome.dll!v8::internal::Execution::Call ...
Attachments
Repro (108 bytes, text/html)
2010-11-29 05:59 PST, Berend-Jan Wever 		no flags
Details
Patch (3.87 KB, patch)
2010-11-29 11:02 PST, Simon Fraser (smfr) 		mitz: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2010-11-29 10:05:50 PST
See also: bug 46224.
Simon Fraser (smfr)
Comment 2 2010-11-29 10:16:03 PST
<rdar://problem/8706182>
Simon Fraser (smfr)
Comment 3 2010-11-29 10:19:20 PST
Crashes WebKit mac too.
Simon Fraser (smfr)
Comment 4 2010-11-29 11:02:21 PST
Created attachment 75042 [details] Patch
Simon Fraser (smfr)
Comment 5 2010-11-29 11:09:11 PST
http://trac.webkit.org/changeset/72814
Note You need to log in before you can comment on or make changes to this bug.