[Webkit-unassigned] [Bug 37709] Make RenderObject::isTransparent tolerate NULL style

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Apr 16 09:20:28 PDT 2010 

https://bugs.webkit.org/show_bug.cgi?id=37709





--- Comment #1 from anton muhin <antonm at chromium.org>  2010-04-16 09:20:28 PST ---
Moving http://code.google.com/p/chromium/issues/detail?id=41555 into WebKit bug
tracker as most probably it's a problem on WebKit side, not Chromium proper.

After WebKit roll 57510 -> 57582 (http://codereview.chromium.org/1540037/show)
almost all fast/ruby tests started to fail.

Here is sample stack trace (obtained with gdb):

#0  WebCore::RenderObject::isTransparent (this=0xaa28724) at
third_party/WebKit/WebCore/rendering/RenderObject.h:662
#1  0x0886cba8 in WebCore::RenderBoxModelObject::requiresLayer (this=0xaa28724)
at third_party/WebKit/WebCore/rendering/RenderBoxModelObject.h:62
#2  0x0889670b in WebCore::RenderBoxModelObject::styleDidChange
(this=0xaa28724, diff=WebCore::StyleDifferenceEqual, oldStyle=0xaa287a8) at
third_party/WebKit/WebCore/rendering/RenderBoxModelObject.cpp:276
#3  0x0888dc92 in WebCore::RenderBox::styleDidChange (this=0xaa28724,
diff=WebCore::StyleDifferenceEqual, oldStyle=0xaa287a8) at
third_party/WebKit/WebCore/rendering/RenderBox.cpp:165
#4  0x0886294a in WebCore::RenderBlock::styleDidChange (this=0xaa28724,
diff=WebCore::StyleDifferenceEqual, oldStyle=0xaa287a8) at
third_party/WebKit/WebCore/rendering/RenderBlock.cpp:231
#5  0x088e0277 in WebCore::RenderObject::setStyle (this=0xaa28724,
style=@0xbfa77394) at
third_party/WebKit/WebCore/rendering/RenderObject.cpp:1530
#6  0x088ebcfb in WebCore::RenderRubyRun::staticCreateRubyRun
(parentRuby=0xaa2864c) at
third_party/WebKit/WebCore/rendering/RenderRubyRun.cpp:222
#7  0x088eb2a5 in WebCore::RenderRubyAsInline::addChild (this=0xaa2864c,
child=0xaa286d4, beforeChild=0x0) at
third_party/WebKit/WebCore/rendering/RenderRuby.cpp:104
#8  0x085ad199 in WebCore::Node::createRendererIfNeeded (this=0xaa0bf68) at
third_party/WebKit/WebCore/dom/Node.cpp:1393
#9  0x085de2a5 in WebCore::Text::attach (this=0xaa0bf68) at
third_party/WebKit/WebCore/dom/Text.cpp:272
#10 0x08b13938 in WebCore::HTMLParser::insertNode (this=0xa842e38, n=0xaa0bf68,
flat=false) at third_party/WebKit/WebCore/html/HTMLParser.cpp:399
#11 0x08b18b9f in WebCore::HTMLParser::insertNodeAfterLimitBlockDepth
(this=0xa842e38, n=0xaa0bf68, flat=false) at
third_party/WebKit/WebCore/html/HTMLParser.cpp:227
#12 0x08b15eb8 in WebCore::HTMLParser::parseToken (this=0xa842e38, t=0xa8460fc)
at third_party/WebKit/WebCore/html/HTMLParser.cpp:268
#13 0x0868e9b1 in WebCore::HTMLTokenizer::processToken (this=0xa8460e0) at
third_party/WebKit/WebCore/html/HTMLTokenizer.cpp:1941
#14 0x0869582c in WebCore::HTMLTokenizer::write (this=0xa8460e0,
str=@0xbfa77628, appendData=true) at
third_party/WebKit/WebCore/html/HTMLTokenizer.cpp:1760
#15 0x0870caf7 in WebCore::FrameLoader::write (this=0xa82e090, str=0x0, len=0,
flush=true) at third_party/WebKit/WebCore/loader/FrameLoader.cpp:949
#16 0x0870cca3 in WebCore::FrameLoader::endIfNotLoadingMainResource
(this=0xa82e090) at third_party/WebKit/WebCore/loader/FrameLoader.cpp:984
#17 0x0870cce1 in WebCore::FrameLoader::end (this=0xa82e090) at
third_party/WebKit/WebCore/loader/FrameLoader.cpp:970
#18 0x086feda6 in WebCore::DocumentLoader::finishedLoading (this=0xa9d2400) at
third_party/WebKit/WebCore/loader/DocumentLoader.cpp:268
#19 0x08711482 in WebCore::FrameLoader::finishedLoading (this=0xa82e090) at
third_party/WebKit/WebCore/loader/FrameLoader.cpp:2824
#20 0x087209b7 in WebCore::MainResourceLoader::didFinishLoading
(this=0xa9d3230) at
third_party/WebKit/WebCore/loader/MainResourceLoader.cpp:424
#21 0x0872a194 in WebCore::ResourceLoader::didFinishLoading (this=0xa9d3230) at
third_party/WebKit/WebCore/loader/ResourceLoader.cpp:443
#22 0x09248b93 in WebCore::ResourceHandleInternal::didFinishLoading
(this=0xa9d7248) at
third_party/WebKit/WebKit/chromium/src/ResourceHandle.cpp:180
#23 0x08ee745b in webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest
(this=0xa9d6180, status=@0xa84948c, security_info=@0xa849494) at
webkit/glue/weburlloader_impl.cc:552
#24 0x08f099da in NotifyCompletedRequest (this=0xa9d6200, status=@0xa84948c,
security_info=@0xa849494) at
webkit/tools/test_shell/simple_resource_loader_bridge.cc:199
#25 0x08f09eb0 in DispatchToMethod<<unnamed>::RequestProxy, void
(<unnamed>::RequestProxy::*)(const URLRequestStatus&, const std::string&),
URLRequestStatus, std::basic_string<char, std::char_traits<char>,
std::allocator<char> > > (obj=0xa9d6200, 
    method=0x8f099a4 <NotifyCompletedRequest>, arg=@0xa84948c) at
./base/tuple.h:429
#26 0x08f09ee6 in Run (this=0xa849470) at ./base/task.h:296
#27 0x0812f016 in MessageLoop::RunTask (this=0xbfa78844, task=0xa849470) at
base/message_loop.cc:328
#28 0x0812f6c7 in MessageLoop::DeferOrRunPendingTask (this=0xbfa78844,
pending_task=@0xbfa779e4) at base/message_loop.cc:336
#29 0x0812f957 in MessageLoop::DoWork (this=0xbfa78844) at
base/message_loop.cc:443
#30 0x0816ee0d in base::MessagePumpForUI::RunWithDispatcher (this=0xa7d6530,
delegate=0xbfa78844, dispatcher=0x0) at base/message_pump_glib.cc:199
#31 0x0816f7bf in base::MessagePumpForUI::Run (this=0xa7d6530,
delegate=0xbfa78844) at ./base/message_pump_glib.h:59
#32 0x081300b7 in MessageLoop::RunInternal (this=0xbfa78844) at
base/message_loop.cc:204
#33 0x081300d1 in MessageLoop::RunHandler (this=0xbfa78844) at
base/message_loop.cc:176
#34 0x08130175 in MessageLoop::Run (this=0xbfa78844) at
base/message_loop.cc:154
#35 0x08049be2 in main (argc=Cannot access memory at address 0x0

Here, in isTransparent() style() returns NULL and we crash.

Looking through committed revisions, I don't see what might have triggered
that.

I am not an expert in this area, but apparently the case of NULL style() should
be handled here---at least RenderObject::setStyle naturally accepts the case
when original style is NULL.  Similarly hasMask() (another one in
requiresLayer() check) checks style() before querying it.  Thus, with my
non-existent understanding of WebKit rendering process, I'd try to fix it
checking if style() is NULL before querying opacity().

The bug is difficult to reproduce for me---at least on my box there seems to be
troubles with hitting this path at all (probably something disables ruby
support).

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list