[Webkit-unassigned] [Bug 153333] WebKitCSSMatrix transformList with calculated relative length crashes Safari.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Jan 25 15:45:01 PST 2016
https://bugs.webkit.org/show_bug.cgi?id=153333
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |bdakin at apple.com,
| |mmaxfield at apple.com,
| |simon.fraser at apple.com,
| |zalan at apple.com
Keywords| |InRadar
--- Comment #1 from Alexey Proskuryakov <ap at webkit.org> ---
<rdar://problem/17198383>
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 com.apple.WebCore 0x00007fff96e86464 WebCore::RenderStyle::fontDescription() const + 4
1 com.apple.WebCore 0x00007fff9720ce85 WebCore::CSSPrimitiveValue::computeNonCalcLengthDouble(WebCore::CSSToLengthConversionData const&, unsigned short, double) + 85
2 com.apple.WebCore 0x00007fff971ceb13 WebCore::CSSCalcValue::computeLengthPx(WebCore::CSSToLengthConversionData const&) const + 19
3 com.apple.WebCore 0x00007fff97b77a27 WebCore::Length WebCore::CSSPrimitiveValue::convertToLength<26>(WebCore::CSSToLengthConversionData const&) const + 87
4 com.apple.WebCore 0x00007fff97c6661e WebCore::transformsForValue(WebCore::CSSValue&, WebCore::CSSToLengthConversionData const&, WebCore::TransformOperations&) + 3742
5 com.apple.WebCore 0x00007fff9701c77e WebCore::WebKitCSSMatrix::setMatrixValue(WTF::String const&, int&) + 270
6 com.apple.WebCore 0x00007fff9701c4d0 WebCore::JSWebKitCSSMatrixConstructor::constructJSWebKitCSSMatrix(JSC::ExecState*) + 208
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160125/d4a7baf4/attachment.html>
More information about the webkit-unassigned
mailing list