[Webkit-unassigned] [Bug 51675] New: chrome.dll!WebCore::Element::getAttribute ReadAV at NULL (e638d540e2cf85abe8d8ca45ba18ccef)

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 28 06:15:12 PST 2010 

https://bugs.webkit.org/show_bug.cgi?id=51675

           Summary: chrome.dll!WebCore::Element::getAttribute ReadAV at NULL
                    (e638d540e2cf85abe8d8ca45ba18ccef)
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: PC
        OS/Version: Windows Vista
            Status: NEW
          Severity: Normal
          Priority: P1
         Component: SVG
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: skylined at chromium.org
                CC: eric at webkit.org, zimmermann at kde.org


Created an attachment (id=77551)
 --> (https://bugs.webkit.org/attachment.cgi?id=77551&action=review)
Repro

Probably not a security issue, just marking as such until this is confirmed... please ignore for now.
http://code.google.com/p/chromium/issues/detail?id=68120
Repro:
<svg>
  <g id="R">
    <defs>
      <linearGradient>
        <animateTransform attributeName="gradientTransform"/>
      </linearGradient>
      <font><font-face font-family="x"/></font>
    </defs>
    <text font-family="x" f=""><textPath/>
</text>
  </g>
  <use xlink:href="#R"><use xlink:href="#R">
</svg>

id:             chrome.dll!WebCore::Element::getAttribute ReadAV at NULL (e638d540e2cf85abe8d8ca45ba18ccef)
description:    Attempt to read from unallocated NULL pointer+0x23E in chrome.dll!WebCore::Element::getAttribute
application:    Chromium 10.0.623.0
stack:          chrome.dll!WebCore::Element::getAttribute
                chrome.dll!WebCore::SVGFontFaceElement::unitsPerEm
                chrome.dll!WebCore::SimpleFontData::SimpleFontData
                chrome.dll!WebCore::CSSFontFaceSource::getFontData
                chrome.dll!WebCore::CSSFontFace::getFontData
                chrome.dll!WebCore::CSSSegmentedFontFace::getFontData
                chrome.dll!WebCore::CSSFontSelector::getFontData
                chrome.dll!WebCore::FontCache::getFontData
                chrome.dll!WebCore::FontFallbackList::fontDataAt
                chrome.dll!WebCore::FontFallbackList::determinePitch
                chrome.dll!WebCore::RenderBlock::findNextLineBreak
                chrome.dll!WebCore::RenderBlock::layoutInlineChildren
                chrome.dll!WebCore::RenderSVGText::layout
                chrome.dll!WebCore::SVGRenderSupport::layoutChildren
                chrome.dll!WebCore::RenderSVGContainer::layout
                chrome.dll!WebCore::SVGRenderSupport::layoutChildren
                chrome.dll!WebCore::RenderSVGContainer::layout
                chrome.dll!WebCore::SVGRenderSupport::layoutChildren
                chrome.dll!WebCore::RenderSVGContainer::layout
                chrome.dll!WebCore::SVGRenderSupport::layoutChildren
                chrome.dll!WebCore::RenderSVGContainer::layout
                chrome.dll!WebCore::SVGRenderSupport::layoutChildren
                chrome.dll!WebCore::RenderSVGRoot::layout
                chrome.dll!WebCore::FrameView::layout
                chrome.dll!WebCore::Document::updateLayout
                chrome.dll!WebCore::Document::updateLayoutIgnorePendingStylesheets
                chrome.dll!WebCore::SVGStyledElement::svgAttributeChanged
                chrome.dll!WebCore::SVGGradientElement::svgAttributeChanged
                chrome.dll!WebCore::SVGLinearGradientElement::svgAttributeChanged
                chrome.dll!WebCore::SVGElement::attributeChanged
                chrome.dll!WebCore::NamedNodeMap::addAttribute
                chrome.dll!WebCore::Element::setAttribute
                chrome.dll!WebCore::Element::setAttribute
                chrome.dll!WebCore::SVGAnimateTransformElement::resetToBaseValue
                chrome.dll!WebCore::SMILTimeContainer::updateAnimations
                chrome.dll!WebCore::SMILTimeContainer::begin
                chrome.dll!WebCore::SVGDocumentExtensions::startAnimations
                chrome.dll!WebCore::FrameLoader::checkCompleted
                chrome.dll!WebCore::FrameLoader::finishedParsing
                chrome.dll!WebCore::Document::finishedParsing
                chrome.dll!WebCore::HTMLDocumentParser::prepareToStopParsing
                chrome.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource
                chrome.dll!WebCore::FrameLoader::finishedLoading
                chrome.dll!WebCore::MainResourceLoader::didFinishLoading
                chrome.dll!WebCore::ResourceLoader::didFinishLoading
                chrome.dll!WebCore::ResourceHandleInternal::didFinishLoading
                chrome.dll!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest
                chrome.dll!ResourceDispatcher::OnRequestComplete
                chrome.dll!IPC::MessageWithTuple<...>::Dispatch<ResourceDispatcher,ResourceDispatcher,void 
                chrome.dll!ResourceDispatcher::DispatchMessageW
                chrome.dll!ResourceDispatcher::OnMessageReceived
                chrome.dll!ChildThread::OnMessageReceived
                chrome.dll!RunnableMethod<ProfileWriter,void 
                chrome.dll!MessageLoop::RunTask
                chrome.dll!MessageLoop::DoWork
                chrome.dll!base::MessagePumpDefault::Run
                chrome.dll!MessageLoop::RunInternal
                ...

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list