[Webkit-unassigned] [Bug 20855] Crashes when <style> @import "style.css"; </style> importing a CSS file, but works fine when same CSS is inlined

Mon Sep 15 11:19:44 PDT 2008

https://bugs.webkit.org/show_bug.cgi?id=20855

------- Comment #5 from john.engelhart at gmail.com  2008-09-15 11:19 PDT -------
I don't know the webkit code base, but I took a very quick stab at trying to
find the problem.

The problem seems to be in WebCore/css/CSSStyleSelector.cpp
CSSStyleSelector::addKeyframeStyle().

Now, keep in mind I worked this out from taking the stack trace, a quick
disassemble of the library (no debugging symbols), and did the sort of 'line up
function calls / basic blocks' as best you can.

for (unsigned i = 0; i < rule->length(); ++i) {
  const WebKitCSSKeyframeRule* kf = rule->item(i);
  m_style = new (doc->renderArena()) RenderStyle();
  m_style->ref();
  CSSMutableStyleDeclaration* decl = kf->style();

If I had to guess, I'd say it's that last line.  Well, the first line in the
loop sets the value, and it (seems) to set it to NULL in this case.

In WebCore/css/WebKitCSSKeyframesRule.cpp we have this:

WebKitCSSKeyframeRule* WebKitCSSKeyframesRule::item(unsigned index)
 {
     CSSRule* rule = m_lstCSSRules.get()->item(index);
     return (rule && rule->isKeyframeRule()) ?
static_cast<WebKitCSSKeyframeRule*>(rule) : 0;
 }

My guess, not knowing the source base at all, is that this is kicking back a
NULL because isKeyframeRule() is false.. ?

For me at least, trying to glean anything beyond that is in the "takes longer
than 15 minutes" category.  I have no idea what the execution path is that
builds up these rule structures in the first place, so I can't check if the
problem starts way up stream.  Of course, anyone who knows the code base will
probably take a look at this and figure out the problem and the fix in about 10
seconds.

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.