160823 2016-08-12 14:44:28 -0700 Dereferenced NULL pointer in StyleResolver 2016-08-14 15:40:35 -0700 1 1 1 Unclassified WebKit CSS WebKit Nightly Build Unspecified Unspecified RESOLVED FIXED P2 Normal --- 1 jbedard webkit-unassigned commit-queue sam oldest_to_newest 1219718 0 jbedard 2016-08-12 14:44:28 -0700 In StyleResolver::CascadedProperties::addMatch(...) a point which is sometimes NULL is dereferenced before being provided as an argument to StyleResolver::CascadedProperties::addStyleProperties(...). 1219722 1 285955 jbedard 2016-08-12 14:48:54 -0700 Created attachment 285955 Patch 1219894 2 sam 2016-08-13 15:27:23 -0700 I don't understand how fixing a nullptr dereference can be no change in behavior? Dereferencing a nullptr will crash the program, so removing it would fix the crash and therefore be testable. Is that not the case here somehow? 1219957 3 darin 2016-08-14 14:53:29 -0700 (In reply to comment #2) > I don't understand how fixing a nullptr dereference can be no change in > behavior? Dereferencing a nullptr will crash the program, so removing it > would fix the crash and therefore be testable. Is that not the case here > somehow? Dereferencing a null pointer and then passing the resulting reference does not necessarily crash the program; as you know under the hood references are implemented almost the same way that pointers are. But Jonathan is using some kind of "undefined behavior testing mode" for clang, and so he was able to detect that the value is null. The rest of us are using clang in its normal compilation mode and like all the other compilers it just passes null to the function, which ignores the passed-in reference. 1219960 4 285955 commit-queue 2016-08-14 15:40:31 -0700 Comment on attachment 285955 Patch Clearing flags on attachment: 285955 Committed r204455: <http://trac.webkit.org/changeset/204455> 1219961 5 commit-queue 2016-08-14 15:40:35 -0700 All reviewed patches have been landed. Closing bug. 285955 2016-08-12 14:48:54 -0700 2016-08-14 15:40:31 -0700 Patch bug-160823-20160812144714.patch text/plain 3452 jbedard SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDIwNDQyMykKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDE5IEBACisyMDE2LTA4LTEyICBKb25hdGhh biBCZWRhcmQgIDxqYmVkYXJkQGFwcGxlLmNvbT4KKworICAgICAgICBEZXJlZmVyZW5jZWQgTlVM TCBwb2ludGVyIGluIFN0eWxlUmVzb2x2ZXIKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5v cmcvc2hvd19idWcuY2dpP2lkPTE2MDgyMworCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAo T09QUyEpLgorCisgICAgICAgIE5vIGJlaGF2aW9yIGNoYW5nZWQsIG5ldyB0ZXN0cyB1bm5lZWRl ZC4KKworICAgICAgICBUaGlzIGNoYW5nZSB3YXMgaW5pdGlhdGVkIGJ5IGEgTlVMTCBwb2ludGVy IGRlcmVmZXJlbmNlIHRvIHByb3ZpZGUgdGhpcyB1bnVzZWQgYXJndW1lbnQuCisKKyAgICAgICAg KiBjc3MvU3R5bGVSZXNvbHZlci5jcHA6CisgICAgICAgIChXZWJDb3JlOjpTdHlsZVJlc29sdmVy OjpDYXNjYWRlZFByb3BlcnRpZXM6OmFkZFN0eWxlUHJvcGVydGllcyk6IFJlbW92ZWQgdW51c2Vk IGZ1bmN0aW9uIGFyZ3VtZW50LgorICAgICAgICAoV2ViQ29yZTo6U3R5bGVSZXNvbHZlcjo6Q2Fz Y2FkZWRQcm9wZXJ0aWVzOjphZGRNYXRjaCk6IERpdHRvLgorICAgICAgICAqIGNzcy9TdHlsZVJl c29sdmVyLmg6IERpdHRvLgorCiAyMDE2LTA4LTEyICBBbGV4IENocmlzdGVuc2VuICA8YWNocmlz dGVuc2VuQHdlYmtpdC5vcmc+CiAKICAgICAgICAgSW5pdGlhbCBVUkxQYXJzZXIgaW1wbGVtZW50 YXRpb24KSW5kZXg6IFNvdXJjZS9XZWJDb3JlL2Nzcy9TdHlsZVJlc29sdmVyLmNwcAo9PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9jc3MvU3R5bGVSZXNvbHZlci5jcHAJKHJldmlzaW9uIDIw NDQxMykKKysrIFNvdXJjZS9XZWJDb3JlL2Nzcy9TdHlsZVJlc29sdmVyLmNwcAkod29ya2luZyBj b3B5KQpAQCAtMjIwOCw3ICsyMjA4LDcgQEAgdm9pZCBTdHlsZVJlc29sdmVyOjpDYXNjYWRlZFBy b3BlcnRpZXM6OgogICAgIG1fZGVmZXJyZWRQcm9wZXJ0aWVzLmFwcGVuZChwcm9wZXJ0eSk7CiB9 CiAKLXZvaWQgU3R5bGVSZXNvbHZlcjo6Q2FzY2FkZWRQcm9wZXJ0aWVzOjphZGRTdHlsZVByb3Bl cnRpZXMoY29uc3QgU3R5bGVQcm9wZXJ0aWVzJiBwcm9wZXJ0aWVzLCBTdHlsZVJ1bGUmLCBib29s IGlzSW1wb3J0YW50LCBib29sIGluaGVyaXRlZE9ubHksIFByb3BlcnR5V2hpdGVsaXN0VHlwZSBw cm9wZXJ0eVdoaXRlbGlzdFR5cGUsIHVuc2lnbmVkIGxpbmtNYXRjaFR5cGUsIENhc2NhZGVMZXZl bCBjYXNjYWRlTGV2ZWwpCit2b2lkIFN0eWxlUmVzb2x2ZXI6OkNhc2NhZGVkUHJvcGVydGllczo6 YWRkU3R5bGVQcm9wZXJ0aWVzKGNvbnN0IFN0eWxlUHJvcGVydGllcyYgcHJvcGVydGllcywgYm9v bCBpc0ltcG9ydGFudCwgYm9vbCBpbmhlcml0ZWRPbmx5LCBQcm9wZXJ0eVdoaXRlbGlzdFR5cGUg cHJvcGVydHlXaGl0ZWxpc3RUeXBlLCB1bnNpZ25lZCBsaW5rTWF0Y2hUeXBlLCBDYXNjYWRlTGV2 ZWwgY2FzY2FkZUxldmVsKQogewogICAgIGZvciAodW5zaWduZWQgaSA9IDAsIGNvdW50ID0gcHJv cGVydGllcy5wcm9wZXJ0eUNvdW50KCk7IGkgPCBjb3VudDsgKytpKSB7CiAgICAgICAgIGF1dG8g Y3VycmVudCA9IHByb3BlcnRpZXMucHJvcGVydHlBdChpKTsKQEAgLTIyNTIsNyArMjI1Miw3IEBA IHZvaWQgU3R5bGVSZXNvbHZlcjo6Q2FzY2FkZWRQcm9wZXJ0aWVzOjoKICAgICBhdXRvIHByb3Bl cnR5V2hpdGVsaXN0VHlwZSA9IHN0YXRpY19jYXN0PFByb3BlcnR5V2hpdGVsaXN0VHlwZT4obWF0 Y2hlZFByb3BlcnRpZXMud2hpdGVsaXN0VHlwZSk7CiAgICAgYXV0byBjYXNjYWRlTGV2ZWwgPSBj YXNjYWRlTGV2ZWxGb3JJbmRleChtYXRjaFJlc3VsdCwgaW5kZXgpOwogCi0gICAgYWRkU3R5bGVQ cm9wZXJ0aWVzKCptYXRjaGVkUHJvcGVydGllcy5wcm9wZXJ0aWVzLCAqbWF0Y2hSZXN1bHQubWF0 Y2hlZFJ1bGVzW2luZGV4XSwgaXNJbXBvcnRhbnQsIGluaGVyaXRlZE9ubHksIHByb3BlcnR5V2hp dGVsaXN0VHlwZSwgbWF0Y2hlZFByb3BlcnRpZXMubGlua01hdGNoVHlwZSwgY2FzY2FkZUxldmVs KTsKKyAgICBhZGRTdHlsZVByb3BlcnRpZXMoKm1hdGNoZWRQcm9wZXJ0aWVzLnByb3BlcnRpZXMs IGlzSW1wb3J0YW50LCBpbmhlcml0ZWRPbmx5LCBwcm9wZXJ0eVdoaXRlbGlzdFR5cGUsIG1hdGNo ZWRQcm9wZXJ0aWVzLmxpbmtNYXRjaFR5cGUsIGNhc2NhZGVMZXZlbCk7CiB9CiAKIHZvaWQgU3R5 bGVSZXNvbHZlcjo6Q2FzY2FkZWRQcm9wZXJ0aWVzOjphZGROb3JtYWxNYXRjaGVzKGNvbnN0IE1h dGNoUmVzdWx0JiBtYXRjaFJlc3VsdCwgaW50IHN0YXJ0SW5kZXgsIGludCBlbmRJbmRleCwgYm9v bCBpbmhlcml0ZWRPbmx5KQpJbmRleDogU291cmNlL1dlYkNvcmUvY3NzL1N0eWxlUmVzb2x2ZXIu aAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2ViQ29yZS9jc3MvU3R5bGVSZXNvbHZlci5oCShyZXZp c2lvbiAyMDQ0MTMpCisrKyBTb3VyY2UvV2ViQ29yZS9jc3MvU3R5bGVSZXNvbHZlci5oCSh3b3Jr aW5nIGNvcHkpCkBAIC0zMDEsNyArMzAxLDcgQEAgcHVibGljOgogICAgICAgICAKICAgICBwcml2 YXRlOgogICAgICAgICB2b2lkIGFkZE1hdGNoKGNvbnN0IE1hdGNoUmVzdWx0JiwgdW5zaWduZWQg aW5kZXgsIGJvb2wgaXNJbXBvcnRhbnQsIGJvb2wgaW5oZXJpdGVkT25seSk7Ci0gICAgICAgIHZv aWQgYWRkU3R5bGVQcm9wZXJ0aWVzKGNvbnN0IFN0eWxlUHJvcGVydGllcyYsIFN0eWxlUnVsZSYs IGJvb2wgaXNJbXBvcnRhbnQsIGJvb2wgaW5oZXJpdGVkT25seSwgUHJvcGVydHlXaGl0ZWxpc3RU eXBlLCB1bnNpZ25lZCBsaW5rTWF0Y2hUeXBlLCBDYXNjYWRlTGV2ZWwpOworICAgICAgICB2b2lk IGFkZFN0eWxlUHJvcGVydGllcyhjb25zdCBTdHlsZVByb3BlcnRpZXMmLCBib29sIGlzSW1wb3J0 YW50LCBib29sIGluaGVyaXRlZE9ubHksIFByb3BlcnR5V2hpdGVsaXN0VHlwZSwgdW5zaWduZWQg bGlua01hdGNoVHlwZSwgQ2FzY2FkZUxldmVsKTsKICAgICAgICAgc3RhdGljIHZvaWQgc2V0UHJv cGVydHlJbnRlcm5hbChQcm9wZXJ0eSYsIENTU1Byb3BlcnR5SUQsIENTU1ZhbHVlJiwgdW5zaWdu ZWQgbGlua01hdGNoVHlwZSwgQ2FzY2FkZUxldmVsKTsKIAogICAgICAgICBQcm9wZXJ0eSBtX3By b3BlcnRpZXNbbnVtQ1NTUHJvcGVydGllcyArIDJdOwo=