112653 2013-03-18 21:11:02 -0700 Crash in Document::setFocusedNode if the frame of new focused node is detached in 'change' event handler 2013-03-20 15:01:05 -0700 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED P1 Normal --- 1 tkent tkent aroben darin dglazkov jonlee morrita webkit.review.bot oldest_to_newest 857902 0 tkent 2013-03-18 21:11:02 -0700 https://code.google.com/p/chromium/issues/detail?id=201134 Reduction: <div> <input value="foo"></input> <iframe frameborder="0" id="input" height="100" width="540" srcdoc="&lt;input autofocus>"></iframe> </div> <script> addEventListener("change", function(e) { document.body.appendChild(document.getElementById("input")); document.body.appendChild(document.createTextNode("PASS")); }, false); </script> 1. Open the above document 2. Click on the left input field 3. Modify it 4. Click on the right input field --> Crash by null pointer deference 857919 1 193724 tkent 2013-03-18 21:54:30 -0700 Created attachment 193724 Patch 859764 2 193724 webkit.review.bot 2013-03-20 15:01:01 -0700 Comment on attachment 193724 Patch Clearing flags on attachment: 193724 Committed r146393: <http://trac.webkit.org/changeset/146393> 859765 3 webkit.review.bot 2013-03-20 15:01:05 -0700 All reviewed patches have been landed. Closing bug. 193724 2013-03-18 21:54:30 -0700 2013-03-20 15:01:01 -0700 Patch bug-112653-20130319135021.patch text/plain 3970 tkent U3VidmVyc2lvbiBSZXZpc2lvbjogMTQ2MDI2CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNmZmOWU4YjIwMmVlZDQx YTA3ZmQxMGE3MjY2ZjMwNGY5ODgwMWQ4ZS4uYTZhMzk1Yzc0NDdjMmYwMTQyOTQyZjE2ZTBiNjU5 N2MxNTY1ZWVkYSAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDEzLTAzLTE4ICBLZW50 IFRhbXVyYSAgPHRrZW50QGNocm9taXVtLm9yZz4KKworICAgICAgICBDcmFzaCBpbiBEb2N1bWVu dDo6c2V0Rm9jdXNlZE5vZGUgaWYgdGhlIGZyYW1lIG9mIG5ldyBmb2N1c2VkIG5vZGUgaXMgZGV0 YWNoZWQgaW4gJ2NoYW5nZScgZXZlbnQgaGFuZGxlcgorICAgICAgICBodHRwczovL2J1Z3Mud2Vi a2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTEyNjUzCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9C T0RZIChPT1BTISkuCisKKyAgICAgICAgVGVzdDogZmFzdC9mcmFtZXMvZGV0YWNoLWZyYW1lLWR1 cmluZy1mb2N1cy5odG1sCisKKyAgICAgICAgKiBwYWdlL0ZvY3VzQ29udHJvbGxlci5jcHA6Cisg ICAgICAgIChXZWJDb3JlOjpGb2N1c0NvbnRyb2xsZXI6OnNldEZvY3VzZWROb2RlKToKKyAgICAg ICAgQSBvbGREb2N1bWVudC0+c2V0Rm9jdXNlZE5vZGUgY2FsbCBtaWdodCBkaXNwYXRjaCBhICdj aGFuZ2UnIGV2ZW50IGZvcgorICAgICAgICBhbiBvbGQgZm9jdXNlZCBub2RlLCBhbmQgYW4gZXZl bnQgaGFuZGxlciBjb2RlIG1pZ2h0IGRldGFjaCB0aGUKKyAgICAgICAgbmV3Rm9jdXNlZEZyYW1l LiBTbyB3ZSBzaG91bGQgY2hlY2sgaXQuIFdpdGhvdXQgdGhlIGNoZWNrLCB0aGUgZm9sbG93aW5n CisgICAgICAgIG5ld0RvY3VtZW50LT5zZXRGb2N1c2VkTm9kZSBjYWxsIHdvdWxkIGNyYXNoIGJl Y2F1c2Ugb2YgbnVsbAorICAgICAgICBGcmFtZTo6cGFnZSgpLgorCiAyMDEzLTAzLTE3ICBBZGFt IEJhcnRoICA8YWJhcnRoQHdlYmtpdC5vcmc+CiAKICAgICAgICAgTGVnYWN5IENTUyB2ZW5kb3Ig cHJlZml4ZXMgc2hvdWxkIG9ubHkgd29yayBmb3IgRGFzaGJvYXJkCmRpZmYgLS1naXQgYS9Tb3Vy Y2UvV2ViQ29yZS9wYWdlL0ZvY3VzQ29udHJvbGxlci5jcHAgYi9Tb3VyY2UvV2ViQ29yZS9wYWdl L0ZvY3VzQ29udHJvbGxlci5jcHAKaW5kZXggMTM1NWJiN2FmZDYxMzU1ZTA1Nzc2YTVmOWVmYzkw MWVhYTlkMjMyYS4uYmZkMDM1OWIwYjhkYzNjYjM1MzFiYzQ4ZWYyN2FhNjAwNDkzMTY2YiAxMDA2 NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvcGFnZS9Gb2N1c0NvbnRyb2xsZXIuY3BwCisrKyBiL1Nv dXJjZS9XZWJDb3JlL3BhZ2UvRm9jdXNDb250cm9sbGVyLmNwcApAQCAtNjExLDcgKzYxMSwxMSBA QCBib29sIEZvY3VzQ29udHJvbGxlcjo6c2V0Rm9jdXNlZE5vZGUoTm9kZSogbm9kZSwgUGFzc1Jl ZlB0cjxGcmFtZT4gbmV3Rm9jdXNlZEZyYQogICAgIAogICAgIGlmIChvbGREb2N1bWVudCAmJiBv bGREb2N1bWVudCAhPSBuZXdEb2N1bWVudCkKICAgICAgICAgb2xkRG9jdW1lbnQtPnNldEZvY3Vz ZWROb2RlKDApOwotICAgIAorCisgICAgaWYgKG5ld0ZvY3VzZWRGcmFtZSAmJiAhbmV3Rm9jdXNl ZEZyYW1lLT5wYWdlKCkpIHsKKyAgICAgICAgc2V0Rm9jdXNlZEZyYW1lKDApOworICAgICAgICBy ZXR1cm4gZmFsc2U7CisgICAgfQogICAgIHNldEZvY3VzZWRGcmFtZShuZXdGb2N1c2VkRnJhbWUp OwogCiAgICAgLy8gU2V0dGluZyB0aGUgZm9jdXNlZCBub2RlIGNhbiByZXN1bHQgaW4gbG9zaW5n IG91ciBsYXN0IHJlZnQgdG8gbm9kZSB3aGVuIEpTIGV2ZW50IGhhbmRsZXJzIGZpcmUuCmRpZmYg LS1naXQgYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cgYi9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKaW5k ZXggMmMyZjgyOGU4Njc0NGQ3ZWJlM2QzNzg2MzJjOGQ5NzE4MjBkN2NhMS4uYzZhNDY1YzdkNzRi YmRmODk2ZTVhZTA2NzNiZjkwM2E1OWNjMTExYiAxMDA2NDQKLS0tIGEvTGF5b3V0VGVzdHMvQ2hh bmdlTG9nCisrKyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwpAQCAtMSwzICsxLDEzIEBACisyMDEz LTAzLTE4ICBLZW50IFRhbXVyYSAgPHRrZW50QGNocm9taXVtLm9yZz4KKworICAgICAgICBDcmFz aCBpbiBEb2N1bWVudDo6c2V0Rm9jdXNlZE5vZGUgaWYgdGhlIGZyYW1lIG9mIG5ldyBmb2N1c2Vk IG5vZGUgaXMgZGV0YWNoZWQgaW4gJ2NoYW5nZScgZXZlbnQgaGFuZGxlcgorICAgICAgICBodHRw czovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTEyNjUzCisKKyAgICAgICAgUmV2 aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgKiBmYXN0L2ZyYW1lcy9kZXRhY2gt ZnJhbWUtZHVyaW5nLWZvY3VzLWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICogZmFzdC9m cmFtZXMvZGV0YWNoLWZyYW1lLWR1cmluZy1mb2N1cy5odG1sOiBBZGRlZC4KKwogMjAxMy0wMy0x NyAgS2Vpc2hpIEhhdHRvcmkgIDxrZWlzaGlAd2Via2l0Lm9yZz4KIAogICAgICAgICBBZGQgdGVz dHMgZm9yIGNhbGVuZGFyIHBpY2tlciBtb250aCBwb3B1cApkaWZmIC0tZ2l0IGEvTGF5b3V0VGVz dHMvZmFzdC9mcmFtZXMvZGV0YWNoLWZyYW1lLWR1cmluZy1mb2N1cy1leHBlY3RlZC50eHQgYi9M YXlvdXRUZXN0cy9mYXN0L2ZyYW1lcy9kZXRhY2gtZnJhbWUtZHVyaW5nLWZvY3VzLWV4cGVjdGVk LnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwLi5hYTQ0ZTdjOWY5MTFiNzI5MjkxM2FhZTRlZDVhYzE3YzgwNGI5Mjgz Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZmFzdC9mcmFtZXMvZGV0YWNoLWZyYW1l LWR1cmluZy1mb2N1cy1leHBlY3RlZC50eHQKQEAgLTAsMCArMSwyIEBACisKK1BBU1MKZGlmZiAt LWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvZnJhbWVzL2RldGFjaC1mcmFtZS1kdXJpbmctZm9jdXMu aHRtbCBiL0xheW91dFRlc3RzL2Zhc3QvZnJhbWVzL2RldGFjaC1mcmFtZS1kdXJpbmctZm9jdXMu aHRtbApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwLi45ZmFmYTI5YmRmYjAyY2M0MzQ1Mzk5MTdiZTZmMDY4MTQ5YjJlOTA2 Ci0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvZmFzdC9mcmFtZXMvZGV0YWNoLWZyYW1l LWR1cmluZy1mb2N1cy5odG1sCkBAIC0wLDAgKzEsMjIgQEAKKzxzY3JpcHQ+CitpZiAod2luZG93 LnRlc3RSdW5uZXIpIHsKKyAgICB0ZXN0UnVubmVyLndhaXRVbnRpbERvbmUoKTsKKyAgICB0ZXN0 UnVubmVyLmR1bXBBc1RleHQoKTsKK30KKworYWRkRXZlbnRMaXN0ZW5lcignY2hhbmdlJywgZnVu Y3Rpb24oZSkgeworICAgIGRvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoZG9jdW1lbnQuZ2V0RWxl bWVudEJ5SWQoJ2ZyYW1lMScpKTsKK30sIGZhbHNlKTsKKworZnVuY3Rpb24gaGFuZGxlRm9jdXMo KSB7CisgICAgb3V0ZXJJbnB1dC5mb2N1cygpOworICAgIGRvY3VtZW50LmV4ZWNDb21tYW5kKCdp bnNlcnR0ZXh0JywgZmFsc2UsICdhYmMnKTsKKyAgICBmcmFtZTEuaW5uZXJJbnB1dC5mb2N1cygp OworICAgIGRvY3VtZW50LmJvZHkuYXBwZW5kQ2hpbGQoZG9jdW1lbnQuY3JlYXRlVGV4dE5vZGUo J1BBU1MnKSk7CisgICAgdGVzdFJ1bm5lci5ub3RpZnlEb25lKCk7Cit9Cis8L3NjcmlwdD4KKzxk aXY+CisgPGlucHV0IHZhbHVlPSJmb28iIGlkPSJvdXRlcklucHV0Ij48L2lucHV0PgorIDxpZnJh bWUgZnJhbWVib3JkZXI9IjAiIGlkPSJmcmFtZTEiIGhlaWdodD0iMTAwIiB3aWR0aD0iNTQwIiBz cmNkb2M9IiZsdDtpbnB1dCBhdXRvZm9jdXMgaWQ9J2lubmVySW5wdXQnIG9uZm9jdXM9J3BhcmVu dC5oYW5kbGVGb2N1cygpJz4iPjwvaWZyYW1lPgorPC9kaXY+Cg==