WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
97951
Crashing in MediaControlPanelElement::makeTransparent()
https://bugs.webkit.org/show_bug.cgi?id=97951
Summary
Crashing in MediaControlPanelElement::makeTransparent()
Andrew Scherkus
Reported
2012-09-28 16:18:56 PDT
See
https://code.google.com/p/chromium/issues/detail?id=153071
for additional crash investigation This seems to be the makeTransparent() equivalent of
bug 76391
where document()->page() isn't checked for being null. From a crash dump: chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0xc [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\shadow\mediacontrolelements.cpp @ 258]: 258 5ff62f80 6849040000 push 449h 258 5ff62f85 682b050000 push 52Bh 258 5ff62f8a 8bc6 mov eax,esi 258 5ff62f8c e8f42ef9ff call chrome_5f7b0000!WebCore::StyledElement::setInlineStyleProperty (5fef5e85) 259 5ff62f91 8b4614 mov eax,dword ptr [esi+14h] 259 5ff62f94 8b8040010000 mov eax,dword ptr [eax+140h] 259 5ff62f9a 85c0 test eax,eax 259 5ff62f9c 7405 je chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x2f (5ff62fa3) chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x2a [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\shadow\mediacontrolelements.cpp @ 259]: 259 5ff62f9e 8b4018 mov eax,dword ptr [eax+18h] 259 5ff62fa1 eb02 jmp chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x31 (5ff62fa5) chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x2f [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\shadow\mediacontrolelements.cpp @ 259]: 259 5ff62fa3 33c0 xor eax,eax chrome_5f7b0000!WebCore::MediaControlPanelElement::makeTransparent+0x31 [c:\b\build\slave\win\build\src\third_party\webkit\source\webcore\html\shadow\mediacontrolelements.cpp @ 259]: 259 5ff62fa5 8b4848 mov ecx,dword ptr [eax+48h] // *** CRASH *** 259 5ff62fa8 8b01 mov eax,dword ptr [ecx] 259 5ff62faa 8b90a8000000 mov edx,dword ptr [eax+0A8h] 259 5ff62fb0 ffd2 call edx 259 5ff62fb2 83ec08 sub esp,8 259 5ff62fb5 dd1c24 fstp qword ptr [esp] 259 5ff62fb8 6a0f push 0Fh 259 5ff62fba 682a050000 push 52Ah 259 5ff62fbf 8bc6 mov eax,esi 259 5ff62fc1 e88f2ff9ff call chrome_5f7b0000!WebCore::StyledElement::setInlineStyleProperty (5fef5f55) Notes: * esi contains the this pointer * Document::page() is inlined * Either Document::m_frame or Document::m_frame->page() is null, which makes eax 0x00000000 * We explode when de-reffing page()->theme()->mediAControlsFadeOutDuration() Page* Document::page() const { return m_frame ? m_frame->page() : 0; }
Attachments
Patch
(1.89 KB, patch)
2012-09-28 16:35 PDT
,
Andrew Scherkus
no flags
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Andrew Scherkus
Comment 1
2012-09-28 16:35:29 PDT
Created
attachment 166328
[details]
Patch
Build Bot
Comment 2
2012-09-28 18:24:39 PDT
Comment on
attachment 166328
[details]
Patch
Attachment 166328
[details]
did not pass mac-ews (mac): Output:
http://queues.webkit.org/results/14090024
New failing tests: http/tests/workers/terminate-during-sync-operation.html
Andrew Scherkus
Comment 3
2012-10-03 13:27:48 PDT
+jer and sullivan, who wrote and reviewed
bug 76391
WebKit Review Bot
Comment 4
2012-10-16 14:42:35 PDT
Comment on
attachment 166328
[details]
Patch Clearing flags on attachment: 166328 Committed
r131505
: <
http://trac.webkit.org/changeset/131505
>
WebKit Review Bot
Comment 5
2012-10-16 14:42:38 PDT
All reviewed patches have been landed. Closing bug.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug