61511 2011-05-26 01:09:11 -0700 WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL 2011-05-27 11:18:21 -0700 1 1 1 Unclassified WebKit DOM 528+ (Nightly build) PC Windows Vista RESOLVED FIXED P1 Normal --- 1 skylined morrita ademar dglazkov eric morrita oldest_to_newest 410280 0 skylined 2011-05-26 01:09:11 -0700 Chromium: https://code.google.com/p/chromium/issues/detail?id=84018 Repro: <body onload="f()"></body> <script> function f() { var oImg = new Image(); document.open(); oImg.innerHTML = "<summary>"; document.insertBefore(oImg.lastChild, null); } </script> id: chrome.dll!WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL (2d237efc21d08331051148bfdb203706) description: Attempt to read from unallocated NULL pointer+0x8 in chrome.dll!WebCore::HTMLSummaryElement::isMainSummary application: Chromium 13.0.777.0 stack: chrome.dll!WebCore::HTMLSummaryElement::isMainSummary chrome.dll!WebCore::DetailsMarkerControl::rendererIsNeeded chrome.dll!WebCore::NodeRendererFactory::createRendererAndStyle chrome.dll!WebCore::NodeRendererFactory::createRendererIfNeeded chrome.dll!WebCore::Node::createRendererIfNeeded chrome.dll!WebCore::Element::attach chrome.dll!WebCore::ContainerNode::attach chrome.dll!WebCore::ShadowRoot::attach chrome.dll!WebCore::Element::attach chrome.dll!WebCore::Element::recalcStyle chrome.dll!WebCore::Document::recalcStyle chrome.dll!WebCore::Document::updateStyleIfNeeded chrome.dll!WebCore::Document::implicitClose chrome.dll!WebCore::FrameLoader::checkCompleted chrome.dll!WebCore::FrameLoader::finishedParsing chrome.dll!WebCore::Document::finishedParsing chrome.dll!WebCore::HTMLDocumentParser::prepareToStopParsing chrome.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource chrome.dll!WebCore::FrameLoader::finishedLoading chrome.dll!WebCore::MainResourceLoader::didFinishLoading chrome.dll!WebCore::ResourceLoader::didFinishLoading chrome.dll!WebCore::ResourceHandleInternal::didFinishLoading chrome.dll!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest chrome.dll!ResourceDispatcher::OnRequestComplete chrome.dll!IPC::MessageWithTuple<...>::Dispatch<ResourceDispatcher,ResourceDispatcher,void chrome.dll!ResourceDispatcher::DispatchMessageW chrome.dll!ResourceDispatcher::OnMessageReceived chrome.dll!ChildThread::OnMessageReceived chrome.dll!RunnableMethod<DetectTabLanguageFunction,void chrome.dll!`anonymous namespace'::TaskClosureAdapter::Run ... 411153 1 95114 morrita 2011-05-26 22:21:38 -0700 Created attachment 95114 Patch 411224 2 95114 tkent 2011-05-27 00:02:18 -0700 Comment on attachment 95114 Patch View in context: https://bugs.webkit.org/attachment.cgi?id=95114&action=review > LayoutTests/ChangeLog:5 > + WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL nit: ReadAV@NULL is not normal English. 411230 3 morrita 2011-05-27 00:27:09 -0700 Committed r87480: <http://trac.webkit.org/changeset/87480> 411566 4 ademar 2011-05-27 11:18:21 -0700 Revision r87480 cherry-picked into qtwebkit-2.2 with commit 27ca4d8 <http://gitorious.org/webkit/qtwebkit/commit/27ca4d8> 95114 2011-05-26 22:21:38 -0700 2011-05-27 00:02:18 -0700 Patch bug-61511-20110527142136.patch text/plain 3405 morrita U3VidmVyc2lvbiBSZXZpc2lvbjogODc0NjAKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL0NoYW5n ZUxvZyBiL0xheW91dFRlc3RzL0NoYW5nZUxvZwppbmRleCBjNGI1Y2ViYTQwMDM4NTQxMWRiYWI3 NTVhNjZkZGI1OTE2M2FjZmQ0Li5lOTExY2Q3YTUwZjViNDZiYTI1NmJhYzNhNzg5ZjgzNzNlMjg5 ZWQ1IDEwMDY0NAotLS0gYS9MYXlvdXRUZXN0cy9DaGFuZ2VMb2cKKysrIGIvTGF5b3V0VGVzdHMv Q2hhbmdlTG9nCkBAIC0xLDMgKzEsMTMgQEAKKzIwMTEtMDUtMjYgIE1PUklUQSBIYWppbWUgPG1v cnJpdGFAZ29vZ2xlLmNvbT4KKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBXZWJDb3JlOjpIVE1MU3VtbWFyeUVsZW1lbnQ6OmlzTWFpblN1bW1hcnkgUmVh ZEFWQE5VTEwKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcuY2dpP2lk PTYxNTExCisKKyAgICAgICAgKiBmYXN0L2h0bWwvZGV0YWlscy1zdW1tYXJ5LWRvY3VtZW50LWNo aWxkLWV4cGVjdGVkLnR4dDogQWRkZWQuCisgICAgICAgICogZmFzdC9odG1sL2RldGFpbHMtc3Vt bWFyeS1kb2N1bWVudC1jaGlsZC5odG1sOiBBZGRlZC4KKwogMjAxMS0wNS0yNiAgTU9SSVRBIEhh amltZSAgPG1vcnJpdGFAZ29vZ2xlLmNvbT4KIAogICAgICAgICBVbnJldmlld2VkIGV4cGVjdGF0 aW9ucyB1cGRhdGUgZm9yIDxkZXRhaWxzPi4KZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3Qv aHRtbC9kZXRhaWxzLXN1bW1hcnktZG9jdW1lbnQtY2hpbGQtZXhwZWN0ZWQudHh0IGIvTGF5b3V0 VGVzdHMvZmFzdC9odG1sL2RldGFpbHMtc3VtbWFyeS1kb2N1bWVudC1jaGlsZC1leHBlY3RlZC50 eHQKbmV3IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMC4uMzRlMWZjNWFiZGQwNmNiNTIzZTEyN2I0YWU4OTRmMmJkZWZlZWNlNAot LS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2Zhc3QvaHRtbC9kZXRhaWxzLXN1bW1hcnkt ZG9jdW1lbnQtY2hpbGQtZXhwZWN0ZWQudHh0CkBAIC0wLDAgKzEsMiBAQAorQ09OU09MRSBNRVNT QUdFOiBsaW5lIDEyOiBQQVNTIHVubGVzcyBjcmFzaAorCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0 cy9mYXN0L2h0bWwvZGV0YWlscy1zdW1tYXJ5LWRvY3VtZW50LWNoaWxkLmh0bWwgYi9MYXlvdXRU ZXN0cy9mYXN0L2h0bWwvZGV0YWlscy1zdW1tYXJ5LWRvY3VtZW50LWNoaWxkLmh0bWwKbmV3IGZp bGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMC4uNzdkYmU3NDRkNWY4YjIwYTdkMTUxM2FjYTFkMjU3NWI2NTkyMjdmZAotLS0gL2Rldi9u dWxsCisrKyBiL0xheW91dFRlc3RzL2Zhc3QvaHRtbC9kZXRhaWxzLXN1bW1hcnktZG9jdW1lbnQt Y2hpbGQuaHRtbApAQCAtMCwwICsxLDE2IEBACis8aHRtbD4KKzxib2R5IG9ubG9hZD0idGVzdCgp Ij4KKzxzY3JpcHQ+CitpZiAod2luZG93LmxheW91dFRlc3RDb250cm9sbGVyKQorICAgIGxheW91 dFRlc3RDb250cm9sbGVyLmR1bXBBc1RleHQoKTsKKworZnVuY3Rpb24gdGVzdCgpIHsKKyAgICBk b2N1bWVudC5vcGVuKCk7CisgICAgZG9jdW1lbnQuaW5zZXJ0QmVmb3JlKGRvY3VtZW50LmNyZWF0 ZUVsZW1lbnQoInN1bW1hcnkiKSk7CisgICAgLy8gVGhlIGRvY3VtZW50IGRvbid0IGhhdmUgPGJv ZHk+IHNvIHdlIG5lZWQgdXNlIGNvbnNvbGUubG9nKCkKKyAgICAvLyB0byBtYWtlIHJlYWRhYmxl IGV4cGVjdGF0aW9uLgorICAgIGNvbnNvbGUubG9nKCJQQVNTIHVubGVzcyBjcmFzaCIpOworfQor PC9zY3JpcHQ+Cis8L2JvZHk+Cis8L2h0bWw+CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggZjIzMjAwMjFiYmViNTI2 OWEwYWQ5Y2U4ZTZkODRjMWRhZjViNmFjYi4uNTU4YTczNzY0ODBiYzVmMjIyN2U2NzhjNmFhN2M1 NDlhMDc1MWJkNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE3IEBACisyMDExLTA1LTI2ICBNT1JJ VEEgSGFqaW1lICA8bW9ycml0YUBnb29nbGUuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5P Qk9EWSAoT09QUyEpLgorCisgICAgICAgIFdlYkNvcmU6OkhUTUxTdW1tYXJ5RWxlbWVudDo6aXNN YWluU3VtbWFyeSBSZWFkQVZATlVMTAorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9z aG93X2J1Zy5jZ2k/aWQ9NjE1MTEKKworICAgICAgICBSZW1vdmVkIFVubmVjZXNzYXJ5IHdyb25n IGNhc3QgdG8gRWxtZW1lbnQsIHdoaWNoIGNhbiBiZSBub24tRWxlbWVudC4KKworICAgICAgICBU ZXN0OiBmYXN0L2h0bWwvZGV0YWlscy1zdW1tYXJ5LWRvY3VtZW50LWNoaWxkLmh0bWwKKworICAg ICAgICAqIGh0bWwvSFRNTFN1bW1hcnlFbGVtZW50LmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OkhU TUxTdW1tYXJ5RWxlbWVudDo6ZGV0YWlsc0VsZW1lbnQpOgorCiAyMDExLTA1LTI2ICBTdGVwaGFu aWUgTGV3aXMgIDxzbGV3aXNAYXBwbGUuY29tPgogCiAgICAgICAgIFJldmlld2VkIGJ5IEdlb2Zm IEdhcmVuLgpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvaHRtbC9IVE1MU3VtbWFyeUVsZW1l bnQuY3BwIGIvU291cmNlL1dlYkNvcmUvaHRtbC9IVE1MU3VtbWFyeUVsZW1lbnQuY3BwCmluZGV4 IDAyYzQ0M2I0MGFiMzJiODEzMGRlNzFmMmVkNjYxYjA1ZTc5MTY3MWYuLmQ1MjQ3NTcyNTM3ZjVh YzkxMDQ4OWQ5NDNmM2I0OGU5ZjkzZTk1NDcgMTAwNjQ0Ci0tLSBhL1NvdXJjZS9XZWJDb3JlL2h0 bWwvSFRNTFN1bW1hcnlFbGVtZW50LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9odG1sL0hUTUxT dW1tYXJ5RWxlbWVudC5jcHAKQEAgLTgyLDcgKzgyLDcgQEAgdm9pZCBIVE1MU3VtbWFyeUVsZW1l bnQ6OmNyZWF0ZVNoYWRvd1N1YnRyZWUoKQogCiBIVE1MRGV0YWlsc0VsZW1lbnQqIEhUTUxTdW1t YXJ5RWxlbWVudDo6ZGV0YWlsc0VsZW1lbnQoKSBjb25zdAogewotICAgIEVsZW1lbnQqIG1heURl dGFpbHMgPSB0b0VsZW1lbnQoY29uc3RfY2FzdDxIVE1MU3VtbWFyeUVsZW1lbnQqPih0aGlzKS0+ cGFyZW50Tm9kZUZvclJlbmRlcmluZ0FuZFN0eWxlKCkpOworICAgIE5vZGUqIG1heURldGFpbHMg PSBjb25zdF9jYXN0PEhUTUxTdW1tYXJ5RWxlbWVudCo+KHRoaXMpLT5wYXJlbnROb2RlRm9yUmVu ZGVyaW5nQW5kU3R5bGUoKTsKICAgICBpZiAoIW1heURldGFpbHMgfHwgIW1heURldGFpbHMtPmhh c1RhZ05hbWUoZGV0YWlsc1RhZykpCiAgICAgICAgIHJldHVybiAwOwogICAgIHJldHVybiBzdGF0 aWNfY2FzdDxIVE1MRGV0YWlsc0VsZW1lbnQqPihtYXlEZXRhaWxzKTsK