RESOLVED FIXED 77192
NULL ptr in chrome.dll!WebCore..`anonymous namespace'..StyleAttributeMutationScope..StyleAttributeMutationScope 
https://bugs.webkit.org/show_bug.cgi?id=77192
Summary NULL ptr in chrome.dll!WebCore..`anonymous namespace'..StyleAttributeMutation...
Berend-Jan Wever
Reported 2012-01-27 01:30:52 PST
Created attachment 124275 [details] Repro Detailed report: https://cluster-fuzz.appspot.com/testcase?key=15758158 Uploader: skylined@chromium.org Crash Type: UNKNOWN Crash Address: 0x00000000000c Crash State: - crash stack - WebCore:: WebCore::CSSMutableStyleDeclaration::setProperty WebCore::EditCommandComposition::unapply Regressed: https://cluster-fuzz.appspot.com/revisions?range=115632:115640 Minimized Testcase (0.72 Kb): https://cluster-fuzz.appspot.com/download/AMIfv97UJ8iv6rs5OAJCOERe2xdXHiyiyVbB4cjJRx7m1546L2F6zjyzPZ-9lCsRtTFu6m4byFsQQiFDu8LMYsM8ViOKDKHqQrFom5AvVtRvJXMU5JRlmXWPXLmNFBVSz5h5jZS30tA4t-3j1UsbvTfovXOKKn9jEQ Repro: orphans:currentColor; <script> var af = [], i = 0; function main(e){console.log(e);af[i++ % af.length]()} af.push(function (){ document.designMode="on"; }) af.push(function (){ document.execCommand("Undo"); document.execCommand("InsertUnorderedList"); document.execCommand("Undo"); }) af.push(function (){ document.execCommand("Subscript"); document.execCommand("SelectAll", false); }) af.push(function (){ document.execCommand("Unlink", false); }) </script> <script> document.addEventListener("DOMNodeInserted",main,true); document.addEventListener("DOMNodeRemoved",main,false); document.addEventListener("DOMSubtreeModified",main,true); setInterval(main, 1); </script> <input> <hr>
Attachments
Repro (734 bytes, text/html)
2012-01-27 01:30 PST, Berend-Jan Wever 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Berend-Jan Wever
Comment 1 2012-01-27 01:31:05 PST
Chromium: http://code.google.com/p/chromium/issues/detail?id=111605
yosin
Comment 2 2013-06-13 21:04:56 PDT
Could not reproduce this on Win7 27.0.1453.110 (Official Build 202711) m Some patches so far fixed this. Note: The script falls into infinite loop by interval and event handlers cause another events.
Note You need to log in before you can comment on or make changes to this bug.