<html>
<head>
<base href="https://bugs.webkit.org/" />
</head>
<body><table border="1" cellspacing="0" cellpadding="8">
<tr>
<th>Bug ID</th>
<td><a class="bz_bug_link
bz_status_NEW "
title="NEW - Null dereference loading Blink layout test fast/css/background-repeat-null-y-crash.html"
href="https://bugs.webkit.org/show_bug.cgi?id=150211">150211</a>
</td>
</tr>
<tr>
<th>Summary</th>
<td>Null dereference loading Blink layout test fast/css/background-repeat-null-y-crash.html
</td>
</tr>
<tr>
<th>Classification</th>
<td>Unclassified
</td>
</tr>
<tr>
<th>Product</th>
<td>WebKit
</td>
</tr>
<tr>
<th>Version</th>
<td>WebKit Local Build
</td>
</tr>
<tr>
<th>Hardware</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>OS</th>
<td>Unspecified
</td>
</tr>
<tr>
<th>Status</th>
<td>NEW
</td>
</tr>
<tr>
<th>Keywords</th>
<td>BlinkMergeCandidate, HasReduction, NeedsRadar
</td>
</tr>
<tr>
<th>Severity</th>
<td>Normal
</td>
</tr>
<tr>
<th>Priority</th>
<td>P2
</td>
</tr>
<tr>
<th>Component</th>
<td>CSS
</td>
</tr>
<tr>
<th>Assignee</th>
<td>webkit-unassigned@lists.webkit.org
</td>
</tr>
<tr>
<th>Reporter</th>
<td>jhoneycutt@apple.com
</td>
</tr>
<tr>
<th>CC</th>
<td>webkit-bug-importer@group.apple.com
</td>
</tr></table>
<p>
<div>
<pre>Created <span class=""><a href="attachment.cgi?id=263228" name="attach_263228" title="crashing test">attachment 263228</a> <a href="attachment.cgi?id=263228&action=edit" title="crashing test">[details]</a></span>
crashing test
Null dereference loading Blink layout test fast/css/background-repeat-null-y-crash.html.
Stack trace:
Crashed Thread: 0 Dispatch queue: com.apple.main-thread
Exception Type: EXC_BAD_ACCESS (SIGABRT)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000004
VM Regions Near 0x4:
-->
__TEXT 000000010ba77000-000000010bb11000 [ 616K] r-x/rwx SM=COW /Users/USER/*
Application Specific Information:
CRASHING TEST: blink-tests-that-are-unknown/fast/css/background-repeat-null-y-crash.html
================================================================
==22030==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000004 (pc 0x0001116375e9 bp 0x7fff54181c70 sp 0x7fff54181c70 T0)
#0 0x1116375e8 in WebCore::CSSValue::isValueList() const CSSValue.h:66
#1 0x1134376f1 in WebCore::StyleProperties::getLayeredShorthandValue(WebCore::StylePropertyShorthand const&) const StyleProperties.cpp:426
#2 0x113436aa3 in WebCore::StyleProperties::getPropertyValue(WebCore::CSSPropertyID) const StyleProperties.cpp:130
#3 0x112cd55f3 in WebCore::PropertySetCSSStyleDeclaration::getPropertyValueInternal(WebCore::CSSPropertyID) PropertySetCSSStyleDeclaration.cpp:274
#4 0x11226fdbb in WebCore::getPropertyValueFallback(JSC::ExecState*, WebCore::JSCSSStyleDeclaration*, unsigned int) JSCSSStyleDeclarationCustom.cpp:281
#5 0x11226e180 in WebCore::cssPropertyGetter(JSC::ExecState*, WebCore::JSCSSStyleDeclaration*, unsigned int) JSCSSStyleDeclarationCustom.cpp:307
#6 0x11226d3f4 in WebCore::JSCSSStyleDeclaration::getOwnPropertySlotDelegate(JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) JSCSSStyleDeclarationCustom.cpp:319
#7 0x112269b3b in WebCore::JSCSSStyleDeclaration::getOwnPropertySlot(JSC::JSObject*, JSC::ExecState*, JSC::PropertyName, JSC::PropertySlot&) JSCSSStyleDeclaration.cpp:195
#8 0x10c88d969 in llint_slow_path_get_by_id JSObject.h:1123
#9 0x10c8a35ff in llint_entry (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xab15ff)
#10 0x10c8a0a0a in vmEntryToJavaScript (/Users/jhoneycutt/src/OpenSource/WebKitBuild2/Release/JavaScriptCore.framework/Versions/A/JavaScriptCore+0xaaea0a)
#11 0x10c60207d in JSC::JITCode::execute(JSC::VM*, JSC::ProtoCallFrame*) JITCode.cpp:80
#12 0x10c5becc6 in JSC::Interpreter::execute(JSC::ProgramExecutable*, JSC::ExecState*, JSC::JSObject*) Interpreter.cpp:961
#13 0x10bf81689 in JSC::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) Completion.cpp:104
#14 0x1125763ad in WebCore::JSMainThreadExecState::evaluate(JSC::ExecState*, JSC::SourceCode const&, JSC::JSValue, WTF::NakedPtr<JSC::Exception>&) JSMainThreadExecState.h:62
#15 0x1131b2410 in WebCore::ScriptController::evaluateInWorld(WebCore::ScriptSourceCode const&, WebCore::DOMWrapperWorld&) ScriptController.cpp:164
#16 0x1131b2618 in WebCore::ScriptController::evaluate(WebCore::ScriptSourceCode const&) ScriptController.cpp:180
#17 0x1131c4586 in WebCore::ScriptElement::executeScript(WebCore::ScriptSourceCode const&) ScriptElement.cpp:309
#18 0x1131c1e6a in WebCore::ScriptElement::prepareScript(WTF::TextPosition const&, WebCore::ScriptElement::LegacyTypeSupport) ScriptElement.cpp:242
#19 0x111eb79cb in WebCore::HTMLScriptRunner::runScript(WebCore::Element*, WTF::TextPosition const&) HTMLScriptRunner.cpp:308
#20 0x111eb7705 in WebCore::HTMLScriptRunner::execute(WTF::PassRefPtr<WebCore::Element>, WTF::TextPosition const&) HTMLScriptRunner.cpp:177
#21 0x111de2a6f in WebCore::HTMLDocumentParser::runScriptsForPausedTreeBuilder() HTMLDocumentParser.cpp:195
#22 0x111de2ce3 in WebCore::HTMLDocumentParser::canTakeNextToken(WebCore::HTMLDocumentParser::SynchronousMode, WebCore::PumpSession&) HTMLDocumentParser.cpp:213
#23 0x111de22a8 in WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) HTMLDocumentParser.cpp:259
#24 0x111de3c9d in WebCore::HTMLDocumentParser::resumeParsingAfterScriptExecution() HTMLDocumentParser.cpp:496
#25 0x111de3f61 in WebCore::HTMLDocumentParser::notifyFinished(WebCore::CachedResource*) HTMLDocumentParser.cpp:536
#26 0x111405ca7 in WebCore::CachedResource::checkNotify() CachedResource.cpp:297
#27 0x11348e588 in WebCore::SubresourceLoader::didFinishLoading(double) SubresourceLoader.cpp:372
#28 0x7fff8c4a3850 in __65-[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:]_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e850)
#29 0x7fff8c4a3765 in -[NSURLConnectionInternal _withConnectionAndDelegate:onlyActive:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e765)
#30 0x7fff8c4a366a in -[NSURLConnectionInternal _withActiveConnectionAndDelegate:] (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e66a)
#31 0x7fff8c4a8491 in ___ZN27URLConnectionClient_Classic26_delegate_didFinishLoadingEU13block_pointerFvvE_block_invoke (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x33491)
#32 0x7fff8c63c976 in ___ZN27URLConnectionClient_Classic18_withDelegateAsyncEPKcU13block_pointerFvP16_CFURLConnectionPK33CFURLConnectionClientCurrent_VMaxE_block_invoke_2 (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x1c7976)
#33 0x7fff9a99c3c2 in _dispatch_client_callout (/usr/lib/system/libdispatch.dylib+0x23c2)
#34 0x7fff9a9aa0bd in _dispatch_block_invoke (/usr/lib/system/libdispatch.dylib+0x100bd)
#35 0x7fff8c4a3527 in RunloopBlockContext::_invoke_block(void const*, void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e527)
#36 0x7fff96f5ce63 in CFArrayApplyFunction (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x4ce63)
#37 0x7fff8c4a3420 in RunloopBlockContext::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e420)
#38 0x7fff8c4a32c1 in MultiplexerSource::perform() (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e2c1)
#39 0x7fff8c4a30e3 in MultiplexerSource::_perform(void*) (/System/Library/Frameworks/CFNetwork.framework/Versions/A/CFNetwork+0x2e0e3)
#40 0x7fff96fba8b0 in __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0xaa8b0)
#41 0x7fff96f9a0ab in __CFRunLoopDoSources0 (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x8a0ab)
#42 0x7fff96f995ce in __CFRunLoopRun (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x895ce)
#43 0x7fff96f98fc7 in CFRunLoopRunSpecific (/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation+0x88fc7)
#44 0x10ba9998d in runTest(std::__1::basic_string<char, std::__1::char_traits<char>, std::__1::allocator<char> > const&) DumpRenderTree.mm:2030
#45 0x10ba98f39 in runTestingServerLoop() DumpRenderTree.mm:1180
#46 0x10ba98267 in dumpRenderTree(int, char const**) DumpRenderTree.mm:1288
#47 0x10ba9a2b1 in DumpRenderTreeMain(int, char const**) DumpRenderTree.mm:1418
#48 0x7fff931e95ac in start (/usr/lib/system/libdyld.dylib+0x35ac)
#49 0x1 (<unknown module>)</pre>
</div>
</p>
<hr>
<span>You are receiving this mail because:</span>
<ul>
<li>You are the assignee for the bug.</li>
</ul>
</body>
</html>