[Webkit-unassigned] [Bug 50379] New: NULL-ptr with media queries

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Dec 2 01:10:45 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=50379

           Summary: NULL-ptr with media queries
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: hamaji at chromium.org
                CC: dglazkov at chromium.org


Though I couldn't reproduce this issue yet, we've seen several crash reports for deviantart.com .

http://code.google.com/p/chromium/issues/detail?id=58960

It seems this website uses media queries like "@media (max-width:768px) { ... }".

Deepak kindly created a video where this issue is happening http://bit.ly/ecwpR6 . This video and the following stacktrace would suggest this is a timing issue. The media query evaluation is happening while frame->view is unset. We may need a NULL check just like other places.

../platform/graphics/IntSize.h:73]    WebCore::ScrollView::layoutWidth
MediaQueryEvaluator.cpp:350]    WebCore::widthMediaFeatureEval
MediaQueryEvaluator.cpp:424]    WebCore::max_widthMediaFeatureEval
MediaQueryEvaluator.cpp:535]    WebCore::MediaQueryEvaluator::eval
CSSStyleSelector.cpp:6542]    WebCore::CSSStyleSelector::affectedByViewportChange
FrameView.cpp:644]    WebCore::FrameView::layout
RenderWidget.cpp:353]    WebCore::RenderWidget::updateWidgetPosition
RenderView.cpp:584]    WebCore::RenderView::updateWidgetPositions
FrameView.cpp:1634]    WebCore::FrameView::performPostLayoutTasks
FrameView.cpp:819]    WebCore::FrameView::layout
Document.cpp:1566]    WebCore::Document::updateLayout
Document.cpp:1559]    WebCore::Document::updateLayoutIgnorePendingStylesheets
Element.cpp:320]    WebCore::Element::offsetLeft
V8Element.cpp:72]    WebCore::ElementInternal::offsetLeftAttrGetter
objects.cc:175]    v8::internal::Object::GetPropertyWithCallback
ic.cc:888]    v8::internal::LoadIC::Load
ic.cc:1609]    v8::internal::LoadIC_Miss

I'm not sure if this issue happens on other ports, but it seems android has a similar issue

http://code.google.com/p/android/issues/detail?id=10967

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list