RESOLVED WORKSFORME 57487
chrome.dll!WebCore::RenderBlock::findNextLineBreak ReadAV@NULL (bb0085b7cdfcb99eb1362265d1fea9f0)
https://bugs.webkit.org/show_bug.cgi?id=57487
Summary chrome.dll!WebCore::RenderBlock::findNextLineBreak ReadAV@NULL (bb0085b7cdfcb...
Berend-Jan Wever
Reported 2011-03-30 11:39:55 PDT
Created attachment 87583 [details] Repro Chromium: http://code.google.com/p/chromium/issues/detail?id=77933 Repro: <details><style>:first-line{ -webkit-perspective-origin:3;}</style> webcore\rendering\renderblocklinelayout.cpp: InlineIterator RenderBlock::findNextLineBreak(InlineBidiResolver& resolver, bool firstLine, bool& isLineEmpty, LineBreakIteratorInfo& lineBreakIteratorInfo, bool& previousLineBrokeCleanly, bool& hyphenated, EClear* clear, FloatingObject* lastFloatFromPreviousLine, Vector<RenderBox*>& positionedBoxes) { <snip> RenderStyle* style = t->style(firstLine); if (style->hasTextCombine() && o->isCombineText()) style is NULL, causing a NULL ptr read accessv violation: id: chrome.dll!WebCore::RenderBlock::findNextLineBreak ReadAV@NULL (bb0085b7cdfcb99eb1362265d1fea9f0) description: Attempt to read from unallocated NULL pointer+0x1C in chrome.dll!WebCore::RenderBlock::findNextLineBreak stack: chrome.dll!WebCore::RenderBlock::findNextLineBreak chrome.dll!WebCore::RenderBlock::layoutInlineChildren chrome.dll!WebCore::RenderBlock::layoutBlock chrome.dll!WebCore::RenderBlock::layout chrome.dll!WebCore::RenderBlock::layoutBlockChild chrome.dll!WebCore::RenderBlock::layoutBlockChildren chrome.dll!WebCore::RenderBlock::layoutBlock chrome.dll!WebCore::RenderBlock::layout chrome.dll!WebCore::RenderBlock::layoutBlockChild chrome.dll!WebCore::RenderBlock::layoutBlockChildren chrome.dll!WebCore::RenderBlock::layoutBlock chrome.dll!WebCore::RenderBlock::layout chrome.dll!WebCore::RenderDetails::layout chrome.dll!WebCore::RenderBlock::layoutBlockChild chrome.dll!WebCore::RenderBlock::layoutBlockChildren chrome.dll!WebCore::RenderBlock::layoutBlock chrome.dll!WebCore::RenderBlock::layout chrome.dll!WebCore::RenderBlock::layoutBlockChild chrome.dll!WebCore::RenderBlock::layoutBlockChildren chrome.dll!WebCore::RenderBlock::layoutBlock chrome.dll!WebCore::RenderBlock::layout chrome.dll!WebCore::RenderBlock::layoutBlockChild chrome.dll!WebCore::RenderBlock::layoutBlockChildren chrome.dll!WebCore::RenderBlock::layoutBlock chrome.dll!WebCore::RenderBlock::layout chrome.dll!WebCore::RenderView::layout chrome.dll!WebCore::FrameView::layout chrome.dll!WebCore::FrameView::updateLayoutAndStyleIfNeededRecursive chrome.dll!RenderWidget::DoDeferredUpdate chrome.dll!RenderWidget::CallDoDeferredUpdate chrome.dll!MessageLoop::RunTask chrome.dll!MessageLoop::DoWork chrome.dll!base::MessagePumpDefault::Run chrome.dll!MessageLoop::RunInternal chrome.dll!MessageLoop::Run chrome.dll!RendererMain
Attachments
Repro (68 bytes, text/html)
2011-03-30 11:39 PDT, Berend-Jan Wever
no flags
Patch (2.53 KB, patch)
2011-04-04 05:58 PDT, Emil A Eklund
mitz: review-
Emil A Eklund
Comment 1 2011-04-04 05:58:06 PDT
Levi Weintraub
Comment 2 2011-04-04 06:04:07 PDT
Comment on attachment 88052 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=88052&action=review > Source/WebCore/rendering/RenderObject.cpp:2375 > + return style ? style : m_style.get(); Yup, this was my fix too, but I'd set style to 0 on 2361 to start. We don't need to set it to reference m_style.get() twice.
Levi Weintraub
Comment 3 2011-04-04 06:28:39 PDT
*** Bug 57751 has been marked as a duplicate of this bug. ***
mitz
Comment 4 2011-04-04 08:14:38 PDT
Comment on attachment 88052 [details] Patch Whatever is causing this, which is most likely a bug in <details> needs to be fixed.
Emil A Eklund
Comment 5 2011-04-04 08:16:57 PDT
Comment on attachment 88052 [details] Patch Good point, I'll see if I can track down the root cause.
Berend-Jan Wever
Comment 6 2011-07-28 01:13:33 PDT
This appears to have been fixed by now.
Note You need to log in before you can comment on or make changes to this bug.