[Webkit-unassigned] [Bug 99587] New: REGRESSION(r131464): Null-pointer crash in StyleResolver::styleForElement

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Oct 17 05:06:03 PDT 2012 

https://bugs.webkit.org/show_bug.cgi?id=99587

           Summary: REGRESSION(r131464): Null-pointer crash in
                    StyleResolver::styleForElement
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: Unspecified
        OS/Version: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: dstockwell at chromium.org
                CC: dglazkov at chromium.org, tasak at google.com


Created an attachment (id=169161)
 --> (https://bugs.webkit.org/attachment.cgi?id=169161&action=review)
Test case

==26072== ERROR: AddressSanitizer crashed on unknown address 0x000000000030 (pc 0x00000066533d sp 0x7fffd83fb500 bp 0x7fffd83fb500 T0)
AddressSanitizer can not provide additional info.
    #0 0x66533c in WTF::RefPtr<WebCore::StyleRareInheritedData>::get() const third_party/WebKit/Source/WTF/wtf/RefPtr.h:58
    #1 0xb8df7c in WebCore::RenderStyle::userModify() const third_party/WebKit/Source/WebCore/rendering/style/RenderStyle.h:838
    #2 0x1ab07bf in WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion*) third_party/WebKit/Source/WebCore/css/StyleResolver.cpp:1551
    #3 0xadba28 in WebCore::Document::styleForElementIgnoringPendingStylesheets(WebCore::Element*) third_party/WebKit/Source/WebCore/dom/Document.cpp:1972
    #4 0xb56d24 in WebCore::Element::computedStyle(WebCore::PseudoId) third_party/WebKit/Source/WebCore/dom/Element.cpp:1759
    #5 0x148813e in WebCore::HTMLTitleElement::textWithDirection() third_party/WebKit/Source/WebCore/html/HTMLTitleElement.cpp:87
    #6 0x1488041 in WebCore::HTMLTitleElement::childrenChanged(bool, WebCore::Node*, WebCore::Node*, int) third_party/WebKit/Source/WebCore/html/HTMLTitleElement.cpp:67
    #7 0xab3e3c in WebCore::ContainerNode::parserAppendChild(WTF::PassRefPtr<WebCore::Node>) third_party/WebKit/Source/WebCore/dom/ContainerNode.cpp:627
    #8 0x15d0e4b in WebCore::executeTask(WebCore::HTMLConstructionSiteTask&) third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:83
    #9 0x15d4e95 in WebCore::HTMLConstructionSite::insertTextNode(WTF::String const&, WebCore::WhitespaceMode) third_party/WebKit/Source/WebCore/html/parser/HTMLConstructionSite.cpp:385
    #10 0x154d2bf in WebCore::HTMLTreeBuilder::processCharacterBuffer(WebCore::HTMLTreeBuilder::ExternalCharacterTokenBuffer&) third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2281
    #11 0x154c47e in WebCore::HTMLTreeBuilder::processCharacter(WebCore::AtomicHTMLToken*) third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:2154
    #12 0x15496d1 in WebCore::HTMLTreeBuilder::constructTreeFromAtomicToken(WebCore::AtomicHTMLToken*) third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:389
    #13 0x154952c in WebCore::HTMLTreeBuilder::constructTreeFromToken(WebCore::HTMLToken&) third_party/WebKit/Source/WebCore/html/parser/HTMLTreeBuilder.cpp:370
    #14 0x150c04e in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:269
    #15 0x150d1e9 in WebCore::HTMLDocumentParser::append(WebCore::SegmentedString const&) third_party/WebKit/Source/WebCore/html/parser/HTMLDocumentParser.cpp:361
    #16 0x32430eb in WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter*) third_party/WebKit/Source/WebCore/dom/DecodedDataDocumentParser.cpp:60
    #17 0x1d1d9ea in WebCore::DocumentWriter::end() third_party/WebKit/Source/WebCore/loader/DocumentWriter.cpp:241
    #18 0x1d06714 in WebCore::DocumentLoader::finishedLoading() third_party/WebKit/Source/WebCore/loader/DocumentLoader.cpp:299
    #19 0x1d5c02d in WebCore::MainResourceLoader::didFinishLoading(double) third_party/WebKit/Source/WebCore/loader/MainResourceLoader.cpp:525

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list