Title: [151875] trunk/Source/WebCore
- Revision
- 151875
- Author
- [email protected]
- Date
- 2013-06-21 19:36:13 -0700 (Fri, 21 Jun 2013)
Log Message
Crashes due to NULL dereference beneath WebCore::StyleResolver::loadPendingSVGDocuments and related functions
https://bugs.webkit.org/show_bug.cgi?id=117903
Reviewed by Darin Adler.
* css/StyleResolver.cpp:
(WebCore::StyleResolver::loadPendingSVGDocuments): Add a NULL check for
RenderStyle here...
(WebCore::StyleResolver::loadPendingResources): ...and here.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (151874 => 151875)
--- trunk/Source/WebCore/ChangeLog 2013-06-22 02:27:16 UTC (rev 151874)
+++ trunk/Source/WebCore/ChangeLog 2013-06-22 02:36:13 UTC (rev 151875)
@@ -1,3 +1,15 @@
+2013-06-21 Geoffrey Garen <[email protected]>
+
+ Crashes due to NULL dereference beneath WebCore::StyleResolver::loadPendingSVGDocuments and related functions
+ https://bugs.webkit.org/show_bug.cgi?id=117903
+
+ Reviewed by Darin Adler.
+
+ * css/StyleResolver.cpp:
+ (WebCore::StyleResolver::loadPendingSVGDocuments): Add a NULL check for
+ RenderStyle here...
+ (WebCore::StyleResolver::loadPendingResources): ...and here.
+
2013-06-21 Simon Fraser <[email protected]>
Occasional crash swiping between pages
Modified: trunk/Source/WebCore/css/StyleResolver.cpp (151874 => 151875)
--- trunk/Source/WebCore/css/StyleResolver.cpp 2013-06-22 02:27:16 UTC (rev 151874)
+++ trunk/Source/WebCore/css/StyleResolver.cpp 2013-06-22 02:36:13 UTC (rev 151875)
@@ -3562,7 +3562,12 @@
void StyleResolver::loadPendingSVGDocuments()
{
State& state = m_state;
- if (!state.style()->hasFilter() || state.pendingSVGDocuments().isEmpty())
+
+ // Crash reports indicate that we've seen calls to this function when our
+ // style is NULL. We don't know exactly why this happens. Our guess is
+ // reentering styleForElement().
+ ASSERT(state.style());
+ if (!state.style() || !state.style()->hasFilter() || state.pendingSVGDocuments().isEmpty())
return;
CachedResourceLoader* cachedResourceLoader = state.document()->cachedResourceLoader();
@@ -4195,6 +4200,13 @@
void StyleResolver::loadPendingResources()
{
+ // We've seen crashes in all three of the functions below. Some of them
+ // indicate that style() is NULL. This NULL check will cut down on total
+ // crashes, while the ASSERT will help us find the cause in debug builds.
+ ASSERT(style());
+ if (!style())
+ return;
+
// Start loading images referenced by this style.
loadPendingImages();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
