Bug 51465 - chrome.dll!WebCore::RenderLayer::currentTransform ReadAV@NULL (8968fc97874fa23b6799ff8f09c142e4)
Summary: chrome.dll!WebCore::RenderLayer::currentTransform ReadAV@NULL (8968fc97874fa2...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: CSS (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows Vista
: P1 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2010-12-22 05:41 PST by Berend-Jan Wever
Modified: 2011-04-07 20:21 PDT (History)
3 users (show)

See Also:

Attachments
Repro (87 bytes, text/html)
2010-12-22 05:41 PST, Berend-Jan Wever 		no flags Details
Proposed fix: check that the RenderBox has a layer before calling layer() on it (2.40 KB, patch)
2011-03-20 22:32 PDT, Julien Chaffraix 		no flags Details | Formatted Diff | Diff
Trivial patch: add the missing test cases (1.91 KB, patch)
2011-03-22 06:33 PDT, Julien Chaffraix 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Berend-Jan Wever 2010-12-22 05:41:23 PST 
Created attachment 77209 [details]
Repro

http://code.google.com/p/chromium/issues/detail?id=67785

Repro:
<style>
* {
  display: table-column;
  -webkit-transform-style: preserve-3d;
}
</style>

id:             chrome.dll!WebCore::RenderLayer::currentTransform ReadAV@NULL (8968fc97874fa23b6799ff8f09c142e4)
description:    Attempt to read from unallocated NULL pointer+0xA4 in chrome.dll!WebCore::RenderLayer::currentTransform
stack:          chrome.dll!WebCore::RenderLayer::currentTransform
                chrome.dll!WebCore::RenderBox::layoutOverflowRectForPropagation
                chrome.dll!WebCore::RenderBox::addOverflowFromChild
                chrome.dll!WebCore::RenderBlock::addOverflowFromBlockChildren
                chrome.dll!WebCore::RenderBlock::computeOverflow
                chrome.dll!WebCore::RenderBlock::layoutBlock
                chrome.dll!WebCore::RenderBlock::layout
                chrome.dll!WebCore::RenderBlock::layoutBlockChild
                chrome.dll!WebCore::RenderBlock::layoutBlockChildren
                chrome.dll!WebCore::RenderBlock::layoutBlock
                chrome.dll!WebCore::RenderBlock::layout
                chrome.dll!WebCore::RenderView::layout
                ...
Comment 1 Julien Chaffraix 2011-03-20 22:32:44 PDT 
Created attachment 86295 [details]
Proposed fix: check that the RenderBox has a layer before calling layer() on it
Comment 2 Eric Seidel (no email) 2011-03-20 23:14:21 PDT 
Comment on attachment 86295 [details]
Proposed fix: check that the RenderBox has a layer before calling layer() on it

ok.
Comment 3 WebKit Commit Bot 2011-03-21 01:20:25 PDT 
Comment on attachment 86295 [details]
Proposed fix: check that the RenderBox has a layer before calling layer() on it

Clearing flags on attachment: 86295

Committed r81574: <http://trac.webkit.org/changeset/81574>
Comment 4 WebKit Commit Bot 2011-03-21 01:20:29 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 5 Eric Seidel (no email) 2011-03-21 11:03:35 PDT 
I knew after I closed my laptop last night that something was wrong with this patch.  It's missing the added files!

Julien, please add the misisng files.
Comment 6 Julien Chaffraix 2011-03-21 16:54:01 PDT 
> Julien, please add the misisng files.

Sure I will update a new missing files to this bug tonight.
Comment 7 Julien Chaffraix 2011-03-22 06:33:46 PDT 
Created attachment 86456 [details]
Trivial patch: add the missing test cases
Comment 8 Eric Seidel (no email) 2011-03-28 21:37:46 PDT 
Comment on attachment 86456 [details]
Trivial patch: add the missing test cases

LGTM.  Don't we normally obscure the bug title in the ChangeLog for securityb ugs?
Comment 9 Julien Chaffraix 2011-03-28 22:13:07 PDT 
(In reply to comment #8)
> (From update of attachment 86456 [details])
> LGTM.  Don't we normally obscure the bug title in the ChangeLog for securityb ugs?

Not sure about the security bugs' policy. This bug was not marked as such so it won't apply anyway.
Comment 10 WebKit Commit Bot 2011-04-07 20:21:31 PDT 
Comment on attachment 86456 [details]
Trivial patch: add the missing test cases

Clearing flags on attachment: 86456

Committed r83243: <http://trac.webkit.org/changeset/83243>
Comment 11 WebKit Commit Bot 2011-04-07 20:21:37 PDT 
All reviewed patches have been landed.  Closing bug.