44178 2010-08-18 08:45:51 -0700 WebCore::ResourceLoader::setShouldBufferData WriteAV@NULL 2010-09-29 12:12:20 -0700 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) PC Windows Vista RESOLVED FIXED P1 Normal --- 1 skylined webkit-unassigned abarth eric tonyg oldest_to_newest 266131 0 64715 skylined 2010-08-18 08:45:51 -0700 Created attachment 64715 Repro The following repro causes a NULL pointer write AV in latest Chromium on Windows with QuickTime installed. <script> var win = window.open('repro.wav', 'test'); setTimeout(function () { win.document.open(); win.document.close(); }, 100); </script> Note: you should make a "repro.wav" file available with the right mime-type to cause the QuickTime plugin to load. The content of the .wav file is not important: it can be empty and you can also use a "repro.mp3" file, as long as the QuickTime plugin gets loaded. I guess that if QuickTime is installed, the plugin is opened in the window without an actual "document" (or a stub that is missing certain features). This causes problems when you try to open/close the document. id: WebCore::ResourceLoader::setShouldBufferData WriteAV@NULL (f6f1dbd366ffad2e955db625bd543082) description: Attempt to write to NULL pointer (+0x25D) in WebCore::ResourceLoader::setShouldBufferData stack: WebCore::ResourceLoader::setShouldBufferData WebCore::PluginDocumentParser::appendBytes WebCore::DocumentWriter::endIfNotLoadingMainResource WebCore::Document::close WebCore::HTMLDocumentInternal::closeCallback v8::internal::HandleApiCallHelper<...> v8::internal::Builtin_HandleApiCall v8::internal::Invoke v8::internal::Execution::Call ... 266152 1 eric 2010-08-18 09:12:50 -0700 I like that your'e fuzzing with open/close! We definitely have a bunch of bugs here. I don't think this is realted to bug 43055, or at least not directly. But we should wait to try and fix it until after bug 43055 lands as the open/close landscape will dramatically change. 287052 2 skylined 2010-09-29 12:12:20 -0700 This no longer reproduces in Chrome/Chromium, marking as fixed. 64715 2010-08-18 08:45:51 -0700 2010-08-18 08:45:51 -0700 Repro repro.html text/html 153 skylined PHNjcmlwdD4KICB2YXIgd2luID0gd2luZG93Lm9wZW4oJ3JlcHJvLndhdicsICd0ZXN0Jyk7CiAg c2V0VGltZW91dChmdW5jdGlvbiAoKSB7CiAgICB3aW4uZG9jdW1lbnQub3BlbigpOwogICAgd2lu LmRvY3VtZW50LmNsb3NlKCk7CiAgfSwgMTAwKTsKPC9zY3JpcHQ+