[Webkit-unassigned] [Bug 138784] New: Crash when setting 'transition-delay' CSS property to a calculated value

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Sun Nov 16 16:42:46 PST 2014 

https://bugs.webkit.org/show_bug.cgi?id=138784

            Bug ID: 138784
           Summary: Crash when setting 'transition-delay' CSS property to
                    a calculated value
    Classification: Unclassified
           Product: WebKit
           Version: 528+ (Nightly build)
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: CSS
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: cdumez at apple.com

Crash when setting 'transition-delay' CSS property to a calculated value, e.g. 'calc(300ms/2)':
SHOULD NEVER BE REACHED
/Users/chris/WebKit/OpenSource/Source/WebCore/css/CSSPrimitiveValue.h(270) : T WebCore::CSSPrimitiveValue::computeTime() [T = double, timeUnit = 0]
1   0x10e447770 WTFCrash
2   0x10fe3f544 double WebCore::CSSPrimitiveValue::computeTime<double, (WebCore::CSSPrimitiveValue::TimeUnit)0>()
3   0x10fe3c6f7 WebCore::CSSToStyleMap::mapAnimationDelay(WebCore::Animation*, WebCore::CSSValue&)
4   0x10fed02f4 WebCore::ApplyPropertyAnimation<double, &(WebCore::Animation::delay() const), &(WebCore::Animation::setDelay(double)), &(WebCore::Animation::isDelaySet() const), &(WebCore::Animation::clearDelay()), &(WebCore::Animation::initialAnimationDelay()), &(WebCore::CSSToStyleMap::mapAnimationDelay(WebCore::Animation*, WebCore::CSSValue&)), &(WebCore::RenderStyle::accessTransitions()), &(WebCore::RenderStyle::transitions() const)>::map(WebCore::StyleResolver*, WebCore::Animation&, WebCore::CSSValue&)
5   0x10fed01a1 WebCore::ApplyPropertyAnimation<double, &(WebCore::Animation::delay() const), &(WebCore::Animation::setDelay(double)), &(WebCore::Animation::isDelaySet() const), &(WebCore::Animation::clearDelay()), &(WebCore::Animation::initialAnimationDelay()), &(WebCore::CSSToStyleMap::mapAnimationDelay(WebCore::Animation*, WebCore::CSSValue&)), &(WebCore::RenderStyle::accessTransitions()), &(WebCore::RenderStyle::transitions() const)>::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*)
6   0x111680aab WebCore::PropertyHandler::applyValue(WebCore::CSSPropertyID, WebCore::StyleResolver*, WebCore::CSSValue*) const
7   0x111670eb8 WebCore::StyleResolver::applyProperty(WebCore::CSSPropertyID, WebCore::CSSValue*)
8   0x11167e7e7 WebCore::StyleResolver::CascadedProperties::Property::apply(WebCore::StyleResolver&)
9   0x1116709ea WebCore::StyleResolver::applyCascadedProperties(WebCore::StyleResolver::CascadedProperties&, int, int)
10  0x11166f137 WebCore::StyleResolver::applyMatchedProperties(WebCore::StyleResolver::MatchResult const&, WebCore::Element const*, WebCore::StyleResolver::ShouldUseMatchedPropertiesCache)
11  0x11166cdc3 WebCore::StyleResolver::styleForElement(WebCore::Element*, WebCore::RenderStyle*, WebCore::StyleSharingBehavior, WebCore::RuleMatchingBehavior, WebCore::RenderRegion const*)
12  0x11169e513 WebCore::Style::styleForElement(WebCore::Element&, WebCore::RenderStyle&)
13  0x11169c482 WebCore::Style::resolveLocal(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change)
14  0x111699ebd WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change)
15  0x11169a11b WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change)
16  0x11169a11b WebCore::Style::resolveTree(WebCore::Element&, WebCore::RenderStyle&, WebCore::Style::RenderTreePosition&, WebCore::Style::Change)
17  0x111699d78 WebCore::Style::resolveTree(WebCore::Document&, WebCore::Style::Change)
18  0x10ff22516 WebCore::Document::recalcStyle(WebCore::Style::Change)
19  0x10ff1e6ff WebCore::Document::updateStyleIfNeeded()
20  0x10ff189e9 WebCore::Document::styleRecalcTimerFired(WebCore::Timer&)

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20141117/6b336071/attachment-0002.html>

More information about the webkit-unassigned mailing list