Browser crashes while looking at dojo theme tester. Doesn't happen in nightly release r79303. Happens in all nightly beyond that. Chromium 11.0.683.0 is also getting a renderer crash, might be due to the same.
Confirmed with nightly r79488. Suspecting <http://trac.webkit.org/r79398>. 0 com.apple.WebCore 0x0000000100ef1e1d WebCore::Editor::selectionStartCSSPropertyValue(int) + 45 1 com.apple.WebCore 0x0000000100efdc18 WebCore::valueStyle(WebCore::Frame*, int) + 24 2 com.apple.WebCore 0x0000000100efdca6 WebCore::valueFontName(WebCore::Frame*, WebCore::Event*) + 22 3 com.apple.WebCore 0x0000000100eff1df WebCore::Editor::Command::value(WebCore::Event*) const + 111 4 com.apple.WebCore 0x0000000100e060c9 WebCore::Document::queryCommandValue(WTF::String const&) + 41 5 com.apple.WebCore 0x00000001011d8c36 WebCore::jsDocumentPrototypeFunctionQueryCommandValue(JSC::ExecState*) + 278
<rdar://problem/9058070>
(In reply to comment #1) > Confirmed with nightly r79488. Suspecting <http://trac.webkit.org/r79398>. > > 0 com.apple.WebCore 0x0000000100ef1e1d WebCore::Editor::selectionStartCSSPropertyValue(int) + 45 > 1 com.apple.WebCore 0x0000000100efdc18 WebCore::valueStyle(WebCore::Frame*, int) + 24 > 2 com.apple.WebCore 0x0000000100efdca6 WebCore::valueFontName(WebCore::Frame*, WebCore::Event*) + 22 > 3 com.apple.WebCore 0x0000000100eff1df WebCore::Editor::Command::value(WebCore::Event*) const + 111 > 4 com.apple.WebCore 0x0000000100e060c9 WebCore::Document::queryCommandValue(WTF::String const&) + 41 > 5 com.apple.WebCore 0x00000001011d8c36 WebCore::jsDocumentPrototypeFunctionQueryCommandValue(JSC::ExecState*) + 278 Oops! Yes, it's missing a null check. http://trac.webkit.org/browser/trunk/Source/WebCore/editing/Editor.cpp#L1043 RefPtr<EditingStyle> selectionStyle = selectionStartStyle(); if (!selectionStyle->style()) return String(); should be RefPtr<EditingStyle> selectionStyle = selectionStartStyle(); if (!selectionStyle || !selectionStyle->style()) return String(); instead.
Created attachment 83937 [details] fixes the bug
This was an embarrassing bug :(
Comment on attachment 83937 [details] fixes the bug Clearing flags on attachment: 83937 Committed r79794: <http://trac.webkit.org/changeset/79794>
All reviewed patches have been landed. Closing bug.
*** Bug 55359 has been marked as a duplicate of this bug. ***