RESOLVED FIXED 93380
Crash when inspecting an element with border-image 
https://bugs.webkit.org/show_bug.cgi?id=93380
Summary Crash when inspecting an element with border-image
Alexander Pavlov (apavlov)
Reported 2012-08-07 11:35:56 PDT
In the following document: <html> <head> <style> div { border-image: url(images/shadow-border.png) stretch 10; } </style> </head> <body> <div>FOO</div> </body> </html> Inspect the FOO div. A crash. The crashing line: case CSS_PAIR: text = m_value.pair->first()->cssText(); if (m_value.pair->second() != m_value.pair->first()) { text += " "; text += m_value.pair->second()->cssText(); // <------------- } This is due to CSSParser::parseBorderImageRepeat(RefPtr<CSSValue>& result) building a CSSPair with second() equal to 0 (last else-branch inside "if (val)" does not initialize secondValue). Upstreaming http://crbug.com/141139
Attachments
Repro that doesn't involve the inspector (249 bytes, text/html)
2012-08-07 22:38 PDT, Tim Horton 		no flags
Details
Fix this bug (3.07 KB, patch)
2012-08-07 23:57 PDT, Matt Arsenault 		no flags
DetailsFormatted DiffDiff
Fix quality English (3.06 KB, patch)
2012-08-08 00:09 PDT, Matt Arsenault 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Simon Fraser (smfr)
Comment 1 2012-08-07 11:39:57 PDT
Similar to bug 70105.
Tim Horton
Comment 2 2012-08-07 22:38:56 PDT
Created attachment 157117 [details] Repro that doesn't involve the inspector
Matt Arsenault
Comment 3 2012-08-07 23:07:37 PDT
I know what's going on, I have a patch.
Matt Arsenault
Comment 4 2012-08-07 23:57:55 PDT
Created attachment 157133 [details] Fix this bug
Matt Arsenault
Comment 5 2012-08-08 00:09:43 PDT
Created attachment 157136 [details] Fix quality English
WebKit Review Bot
Comment 6 2012-08-08 03:22:18 PDT
Comment on attachment 157136 [details] Fix quality English Clearing flags on attachment: 157136 Committed r125016: <http://trac.webkit.org/changeset/125016>
WebKit Review Bot
Comment 7 2012-08-08 03:22:22 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.