RESOLVED CONFIGURATION CHANGED 50379
NULL-ptr with media queries 
https://bugs.webkit.org/show_bug.cgi?id=50379
Summary NULL-ptr with media queries
Shinichiro Hamaji
Reported 2010-12-02 01:10:45 PST
Though I couldn't reproduce this issue yet, we've seen several crash reports for deviantart.com . http://code.google.com/p/chromium/issues/detail?id=58960 It seems this website uses media queries like "@media (max-width:768px) { ... }". Deepak kindly created a video where this issue is happening http://bit.ly/ecwpR6 . This video and the following stacktrace would suggest this is a timing issue. The media query evaluation is happening while frame->view is unset. We may need a NULL check just like other places. ../platform/graphics/IntSize.h:73] WebCore::ScrollView::layoutWidth MediaQueryEvaluator.cpp:350] WebCore::widthMediaFeatureEval MediaQueryEvaluator.cpp:424] WebCore::max_widthMediaFeatureEval MediaQueryEvaluator.cpp:535] WebCore::MediaQueryEvaluator::eval CSSStyleSelector.cpp:6542] WebCore::CSSStyleSelector::affectedByViewportChange FrameView.cpp:644] WebCore::FrameView::layout RenderWidget.cpp:353] WebCore::RenderWidget::updateWidgetPosition RenderView.cpp:584] WebCore::RenderView::updateWidgetPositions FrameView.cpp:1634] WebCore::FrameView::performPostLayoutTasks FrameView.cpp:819] WebCore::FrameView::layout Document.cpp:1566] WebCore::Document::updateLayout Document.cpp:1559] WebCore::Document::updateLayoutIgnorePendingStylesheets Element.cpp:320] WebCore::Element::offsetLeft V8Element.cpp:72] WebCore::ElementInternal::offsetLeftAttrGetter objects.cc:175] v8::internal::Object::GetPropertyWithCallback ic.cc:888] v8::internal::LoadIC::Load ic.cc:1609] v8::internal::LoadIC_Miss I'm not sure if this issue happens on other ports, but it seems android has a similar issue http://code.google.com/p/android/issues/detail?id=10967
Attachments
Patch v1 (2.50 KB, patch)
2010-12-02 01:13 PST, Shinichiro Hamaji 		ap: review-
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Shinichiro Hamaji
Comment 1 2010-12-02 01:13:08 PST
Created attachment 75360 [details] Patch v1
Adam Barth
Comment 2 2010-12-02 01:43:14 PST
Comment on attachment 75360 [details] Patch v1 No test? I bet you can repro pretty easily using an SVG image.
Adam Barth
Comment 3 2010-12-02 01:43:55 PST
Alternatively, you can try an iframe that's be removed from the DOM but you still have a JavaScript pointer to.
Alexey Proskuryakov
Comment 4 2010-12-02 12:04:05 PST
Comment on attachment 75360 [details] Patch v1 r- due to no tests. This looks like an issue that should be reproducible.
Shinichiro Hamaji
Comment 5 2010-12-02 19:17:38 PST
Thanks Adam for the suggestion! I've tried to make a repro (by removing iframe) for a while but I couldn't reproduce this issue. Unfortunately, I'm not familiar with either iframe loading and SVG image in WebKit. Could you tell me a change or a test which is related to similar issue? Thanks!
Adam Barth
Comment 6 2010-12-02 23:30:42 PST
Look for tests with SVG images. You then have a <foreignObject> element in your SVG (try greping the LayoutTests for an example). In the foriegnObject you can put your iframe. I think that should have a null view. Another option is to look at some other null checks of the view and see if they were added together with a similar test for what you need.
Shinichiro Hamaji
Comment 7 2010-12-05 23:30:20 PST
Thanks again for your suggestion. > Look for tests with SVG images. You then have a <foreignObject> element in your SVG (try greping the LayoutTests for an example). In the foriegnObject you can put your iframe. I think that should have a null view. I tried some HTMLs like <?xml version="1.0"?> <svg xmlns="http://www.w3.org/2000/svg" id="svg" width="600" height="400"> <foreignObject width="100%" height="100%"> <html xmlns="http://www.w3.org/1999/xhtml"> <body> <!-- foo.html contains @media (max-width:1768px) { ... } in its style --> <iframe id="iframe" src="foo.html"></iframe> </body> </html> </foreignObject> </svg> but iframe always had non-NULL views. Maybe I'm misunderstanding your suggestion? > Another option is to look at some other null checks of the view and see if they were added together with a similar test for what you need. I checked bunch of similar NULL checks. Unfortunately, most of them are part of big change and didn't have a corresponding test. This change was a small one but it doesn't have a test... http://trac.webkit.org/changeset/24800 It seems I need better understanding on frames lifetime...
Deepak Mittal
Comment 8 2014-02-03 20:52:25 PST
The changes are already been merged in the MediaWueryEvaluator.cpp file.. So this issue should be Resolved. Thanks Deepak Mittal
Ahmad Saleem
Comment 9 2022-06-09 10:07:30 PDT
Based on Comment 08, this can be closed. Thanks!
Radar WebKit Bug Importer
Comment 10 2022-06-09 12:58:25 PDT
<rdar://problem/94752029>
Note You need to log in before you can comment on or make changes to this bug.