WebKitCSSMatrix: Avoid crash resolving relative lengths.

Source/core/css/CSSMatrix.cpp

Index: Source/core/css/CSSMatrix.cpp
diff --git a/Source/core/css/CSSMatrix.cpp b/Source/core/css/CSSMatrix.cpp
index c11b392b64e1d86f95e1de7cb1371e77963a7d9b..0ccb2ed01c4af18048aca89c3419bf57b417475c 100644
--- a/Source/core/css/CSSMatrix.cpp
+++ b/Source/core/css/CSSMatrix.cpp
@@ -57,6 +57,13 @@ CSSMatrix::CSSMatrix(const String& s, ExceptionState& exceptionState)
     setMatrixValue(s, exceptionState);
 }
 
+static inline PassRefPtr<LayoutStyle> createInitialStyle()
+{
+    RefPtr<LayoutStyle> initialStyle = LayoutStyle::create();
+    initialStyle->font().update(nullptr);
+    return initialStyle;
+}
+
 void CSSMatrix::setMatrixValue(const String& string, ExceptionState& exceptionState)
 {
     if (string.isEmpty())
@@ -68,8 +75,7 @@ void CSSMatrix::setMatrixValue(const String& string, ExceptionState& exceptionSt
         if (value->isPrimitiveValue() && (toCSSPrimitiveValue(value.get()))->getValueID() == CSSValueNone)
             return;
 
-        // FIXME: This has a null pointer crash if we use ex units (crbug.com/414145)
-        DEFINE_STATIC_REF(LayoutStyle, initialStyle, LayoutStyle::create());
+        DEFINE_STATIC_REF(LayoutStyle, initialStyle, createInitialStyle());
         TransformOperations operations;
         if (!TransformBuilder::createTransformOperations(value.get(), CSSToLengthConversionData(initialStyle, initialStyle, nullptr, 1.0f), operations)) {
             exceptionState.throwDOMException(SyntaxError, "Failed to interpret '" + string + "' as a transformation operation.");