120145 2013-08-21 17:54:18 -0700 Another null-deref under WebDragClient::startDrag 2013-08-21 17:59:08 -0700 1 1 1 Unclassified WebKit WebKit2 528+ (Nightly build) Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 thorton thorton andersca sam simon.fraser oldest_to_newest 919696 0 thorton 2013-08-21 17:54:18 -0700 In http://trac.webkit.org/changeset/153511 I made convertImageToBitmap return null instead of dereferencing the null ShareableBitmap, but missed the place where we dereference the return value, and I missed that because I simultaneously fixed the one reproducible case of getting a null into this method in the first place :( Add the second null-deref. <rdar://problem/14650652> 919697 1 209316 thorton 2013-08-21 17:55:51 -0700 Created attachment 209316 patch 919699 2 thorton 2013-08-21 17:59:08 -0700 http://trac.webkit.org/changeset/154433 209316 2013-08-21 17:55:51 -0700 2013-08-21 17:57:00 -0700 patch nullderef.diff text/plain 1535 thorton ZGlmZiAtLWdpdCBhL1NvdXJjZS9XZWJLaXQyL0NoYW5nZUxvZyBiL1NvdXJjZS9XZWJLaXQyL0No YW5nZUxvZwppbmRleCBiMjE2ZDJmLi5iYTFjMzE1IDEwMDY0NAotLS0gYS9Tb3VyY2UvV2ViS2l0 Mi9DaGFuZ2VMb2cKKysrIGIvU291cmNlL1dlYktpdDIvQ2hhbmdlTG9nCkBAIC0xLDMgKzEsMTYg QEAKKzIwMTMtMDgtMjEgIFRpbSBIb3J0b24gIDx0aW1vdGh5X2hvcnRvbkBhcHBsZS5jb20+CisK KyAgICAgICAgQW5vdGhlciBudWxsLWRlcmVmIHVuZGVyIFdlYkRyYWdDbGllbnQ6OnN0YXJ0RHJh ZworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTIwMTQ1 CisgICAgICAgIDxyZGFyOi8vcHJvYmxlbS8xNDY1MDY1Mj4KKworICAgICAgICBSZXZpZXdlZCBi eSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBjb252ZXJ0SW1hZ2VUb0JpdG1hcCBjYW4gbGVn aXRpbWF0ZWx5IHJldHVybiBudWxsLCBzbyBkb24ndCBkZXJlZmVyZW5jZSBpdC4KKworICAgICAg ICAqIFdlYlByb2Nlc3MvV2ViQ29yZVN1cHBvcnQvbWFjL1dlYkRyYWdDbGllbnRNYWMubW06Cisg ICAgICAgIChXZWJLaXQ6OldlYkRyYWdDbGllbnQ6OnN0YXJ0RHJhZyk6CisKIDIwMTMtMDgtMjEg IEFsZXhleSBQcm9za3VyeWFrb3YgIDxhcEBhcHBsZS5jb20+CiAKICAgICAgICAgUkVHUkVTU0lP TiAocjE0NTQ1OD8pOiBXZWJQcm9jZXNzIGRvZXNuJ3QgcmVzcGVjdCBVSSBwcm9jZXNzIGxvY2Fs aXphdGlvbgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9XZWJDb3JlU3Vw cG9ydC9tYWMvV2ViRHJhZ0NsaWVudE1hYy5tbSBiL1NvdXJjZS9XZWJLaXQyL1dlYlByb2Nlc3Mv V2ViQ29yZVN1cHBvcnQvbWFjL1dlYkRyYWdDbGllbnRNYWMubW0KaW5kZXggMzI2NzhiOS4uMTQ3 ODc1NyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYktpdDIvV2ViUHJvY2Vzcy9XZWJDb3JlU3VwcG9y dC9tYWMvV2ViRHJhZ0NsaWVudE1hYy5tbQorKysgYi9Tb3VyY2UvV2ViS2l0Mi9XZWJQcm9jZXNz L1dlYkNvcmVTdXBwb3J0L21hYy9XZWJEcmFnQ2xpZW50TWFjLm1tCkBAIC04Miw3ICs4Miw3IEBA IHZvaWQgV2ViRHJhZ0NsaWVudDo6c3RhcnREcmFnKFJldGFpblB0cjxOU0ltYWdlPiBpbWFnZSwg Y29uc3QgSW50UG9pbnQmIHBvaW50LCBjCiAgICAgYml0bWFwU2l6ZS5zY2FsZShmcmFtZS0+cGFn ZSgpLT5kZXZpY2VTY2FsZUZhY3RvcigpKTsKICAgICBSZWZQdHI8U2hhcmVhYmxlQml0bWFwPiBi aXRtYXAgPSBjb252ZXJ0SW1hZ2VUb0JpdG1hcChpbWFnZS5nZXQoKSwgYml0bWFwU2l6ZSk7CiAg ICAgU2hhcmVhYmxlQml0bWFwOjpIYW5kbGUgaGFuZGxlOwotICAgIGlmICghYml0bWFwLT5jcmVh dGVIYW5kbGUoaGFuZGxlKSkKKyAgICBpZiAoIWJpdG1hcCB8fCAhYml0bWFwLT5jcmVhdGVIYW5k bGUoaGFuZGxlKSkKICAgICAgICAgcmV0dXJuOwogCiAgICAgLy8gRklYTUU6IFNlZW1zIHRoaXMg bWVzc2FnZSBzaG91bGQgYmUgbmFtZWQgU3RhcnREcmFnLCBub3QgU2V0RHJhZ0ltYWdlLgo=