4716 – NodeIterator will crash if the filter function removes the current node from the document

RESOLVED FIXED 4716

NodeIterator will crash if the filter function removes the current node from the document

https://bugs.webkit.org/show_bug.cgi?id=4716

Summary NodeIterator will crash if the filter function removes the current node from ...

Darin Adler

Reported 2005-08-28 11:18:38 PDT

Code inspection of functions like NodeIteratorImpl::findNextNode make it clear that the NodeIterator does not do correct memory management of the nodes. As it iterates through nodes, the function holds a node pointer across a call to arbitrary JavaScript without calling ref() on that node. Clearly that can lead to a crash.

Attachments
Add attachment proposed patch, testcase, etc.

Darin Adler

Comment 1 2008-01-08 22:52:26 PST

Bug 3492 now has a patch that addresses this.

Darin Adler

Comment 2 2008-02-08 02:36:13 PST

Committed revision 30089.

Lucas Forschler

Comment 3 2019-02-06 09:02:35 PST

Mass moving XML DOM bugs to the "DOM" Component.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 420+

Hardware Mac

OS OS X 10.4

Product WebKit

Component DOM

Assignee

Darin Adler

Reported

2005-08-28 11:18 PDT

Modified

2019-02-06 09:02 PST History

CC List

2 users Show

URL

Keywords

Depends on

Blocks