72222 2011-11-12 17:06:41 -0800 REGRESSION(99849): NULL-deref in updateLastMediaLine when parsing some media-queries 2011-11-13 09:43:50 -0800 1 1 1 Unclassified WebKit CSS 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 jchaffraix jchaffraix apavlov macpherson pfeldman webkit.review.bot oldest_to_newest 501483 0 jchaffraix 2011-11-12 17:06:41 -0800 Seems like r99849 missed a code path in CSSGrammar.y: CSSParser* p = static_cast<CSSParser*>(parser); if ($$) $$->appendMediaQuery(p->sinkFloatingMediaQuery($4)); p->updateLastMediaLine($$); ($$ can be null and we would crash in updateLastMediaLine) I had some bandwidth today so I reduced the crashes seen in the wild and came up with a small patch. I will attach it shortly. 501484 1 114848 jchaffraix 2011-11-12 17:20:04 -0800 Created attachment 114848 Proposed fix: extend the NULL-check. Reduced test case from our top-most crashers as test-case. 501520 2 114848 webkit.review.bot 2011-11-13 09:43:46 -0800 Comment on attachment 114848 Proposed fix: extend the NULL-check. Reduced test case from our top-most crashers as test-case. Clearing flags on attachment: 114848 Committed r100092: <http://trac.webkit.org/changeset/100092> 501521 3 webkit.review.bot 2011-11-13 09:43:50 -0800 All reviewed patches have been landed. Closing bug. 114848 2011-11-12 17:20:04 -0800 2011-11-13 09:43:45 -0800 Proposed fix: extend the NULL-check. Reduced test case from our top-most crashers as test-case. bug-72222-20111112172003.patch text/plain 3540 jchaffraix U3VidmVyc2lvbiBSZXZpc2lvbjogMTAwMDg0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggNWEwMGQ2NTBiNmFkMGQ5 NzYwMjUwMDAxMzQ0Yzg0ZWY0MDlkOTBjMy4uMjJmYWQzMGY1NDdlZWMxYTY2YzUxYmNmNzY5NTJl OTUwMzk4MDZmNCAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDE0IEBACisyMDExLTExLTEyICBKdWxp ZW4gQ2hhZmZyYWl4ICA8amNoYWZmcmFpeEB3ZWJraXQub3JnPgorCisgICAgICAgIFJFR1JFU1NJ T04oOTk4NDkpOiBOVUxMLWRlcmVmIGluIHVwZGF0ZUxhc3RNZWRpYUxpbmUgd2hlbiBwYXJzaW5n IHNvbWUgbWVkaWEtcXVlcmllcworICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93 X2J1Zy5jZ2k/aWQ9NzIyMjIKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4K KworICAgICAgICBUZXN0OiBmYXN0L21lZGlhL3VwZGF0ZS1tZWRpYS1xdWVyeS1jc3MtcGFyc2Vy Lmh0bWwKKworICAgICAgICAqIGNzcy9DU1NHcmFtbWFyLnk6IEFkZGVkIGEgcHJvcGVyIE5VTEwt Y2hlY2suCisKIDIwMTEtMTEtMTIgIE5hdCBEdWNhICA8bmR1Y2FAY2hyb21pdW0ub3JnPgogCiAg ICAgICAgIEZpeGVzIHRvIEdyYXBoaWNzQ29udGV4dDNEOjptYWtlQ3VycmVudCBvbiBndGsgYW5k IG1hYwpkaWZmIC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvY3NzL0NTU0dyYW1tYXIueSBiL1NvdXJj ZS9XZWJDb3JlL2Nzcy9DU1NHcmFtbWFyLnkKaW5kZXggYWVmNDU0ZTJiNDkxMDkyODAxNjRjMzEx NWQxYmVjMWY0NDMwZjlmYy4uZjFjMDRhZWE4MzNjOWVhYmJhNGViMDY0YzMzOGFmOWEzYzI1YzZi MyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvY3NzL0NTU0dyYW1tYXIueQorKysgYi9Tb3Vy Y2UvV2ViQ29yZS9jc3MvQ1NTR3JhbW1hci55CkBAIC01NzksMTAgKzU3OSwxMSBAQCBtZWRpYV9s aXN0OgogICAgIH0KICAgICB8IG1lZGlhX2xpc3QgJywnIG1heWJlX3NwYWNlIG1lZGlhX3F1ZXJ5 IHsKICAgICAgICAgJCQgPSAkMTsKLSAgICAgICAgQ1NTUGFyc2VyKiBwID0gc3RhdGljX2Nhc3Q8 Q1NTUGFyc2VyKj4ocGFyc2VyKTsKLSAgICAgICAgaWYgKCQkKQorICAgICAgICBpZiAoJCQpIHsK KyAgICAgICAgICAgIENTU1BhcnNlciogcCA9IHN0YXRpY19jYXN0PENTU1BhcnNlcio+KHBhcnNl cik7CiAgICAgICAgICAgICAkJC0+YXBwZW5kTWVkaWFRdWVyeShwLT5zaW5rRmxvYXRpbmdNZWRp YVF1ZXJ5KCQ0KSk7Ci0gICAgICAgIHAtPnVwZGF0ZUxhc3RNZWRpYUxpbmUoJCQpOworICAgICAg ICAgICAgcC0+dXBkYXRlTGFzdE1lZGlhTGluZSgkJCk7CisgICAgICAgIH0KICAgICB9CiAgICAg fCBtZWRpYV9saXN0IGVycm9yIHsKICAgICAgICAgJCQgPSAwOwpkaWZmIC0tZ2l0IGEvTGF5b3V0 VGVzdHMvQ2hhbmdlTG9nIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCmluZGV4IDZiOWNjMjUxOTZk YjcyYjcxNzEwZmY2MmJmMDI3NWZjYjIwMzczYjEuLmUyMmRiNTE0MmY3ZWZmMTk2ZWFkMmI1YWI5 MzgyNjNiNjMzMGJlYzEgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL0NoYW5nZUxvZworKysgYi9M YXlvdXRUZXN0cy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxMyBAQAorMjAxMS0xMS0xMiAgSnVsaWVu IENoYWZmcmFpeCAgPGpjaGFmZnJhaXhAd2Via2l0Lm9yZz4KKworICAgICAgICBSRUdSRVNTSU9O KDk5ODQ5KTogTlVMTC1kZXJlZiBpbiB1cGRhdGVMYXN0TWVkaWFMaW5lIHdoZW4gcGFyc2luZyBz b21lIG1lZGlhLXF1ZXJpZXMKKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19i dWcuY2dpP2lkPTcyMjIyCisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisK KyAgICAgICAgKiBmYXN0L21lZGlhL3VwZGF0ZS1tZWRpYS1xdWVyeS1jc3MtcGFyc2VyLWV4cGVj dGVkLnR4dDogQWRkZWQuCisgICAgICAgICogZmFzdC9tZWRpYS91cGRhdGUtbWVkaWEtcXVlcnkt Y3NzLXBhcnNlci5odG1sOiBBZGRlZC4KKwogMjAxMS0xMS0xMiAgQW50dGkgS29pdmlzdG8gIDxh bnR0aUBhcHBsZS5jb20+CiAKICAgICAgICAgUkVHUkVTU0lPTihyOTg1NDIpOiBSZW5kZXJpbmcg ZXJyb3Igb24gR29vZ2xlIG1hcHMKZGlmZiAtLWdpdCBhL0xheW91dFRlc3RzL2Zhc3QvbWVkaWEv dXBkYXRlLW1lZGlhLXF1ZXJ5LWNzcy1wYXJzZXItZXhwZWN0ZWQudHh0IGIvTGF5b3V0VGVzdHMv ZmFzdC9tZWRpYS91cGRhdGUtbWVkaWEtcXVlcnktY3NzLXBhcnNlci1leHBlY3RlZC50eHQKbmV3 IGZpbGUgbW9kZSAxMDA2NDQKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMC4uYmY3YWMzOTI1NjViNzk4YjBkNzQ3MDdkNTlmOTE1Zjg3YzNiY2QyNAotLS0gL2Rl di9udWxsCisrKyBiL0xheW91dFRlc3RzL2Zhc3QvbWVkaWEvdXBkYXRlLW1lZGlhLXF1ZXJ5LWNz cy1wYXJzZXItZXhwZWN0ZWQudHh0CkBAIC0wLDAgKzEsMyBAQAorQnVnIDcyMjIyOiBOVUxMLWRl cmVmIGluIHVwZGF0ZUxhc3RNZWRpYUxpbmUgd2hlbiBwYXJzaW5nIHNvbWUgbWVkaWEtcXVlcmll cy4KKworVGhpcyB0ZXN0IGhhcyBwYXNzZWQgaWYgaXQgZG9lcyBub3QgY3Jhc2guCmRpZmYgLS1n aXQgYS9MYXlvdXRUZXN0cy9mYXN0L21lZGlhL3VwZGF0ZS1tZWRpYS1xdWVyeS1jc3MtcGFyc2Vy Lmh0bWwgYi9MYXlvdXRUZXN0cy9mYXN0L21lZGlhL3VwZGF0ZS1tZWRpYS1xdWVyeS1jc3MtcGFy c2VyLmh0bWwKbmV3IGZpbGUgbW9kZSAxMDA3NTUKaW5kZXggMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwMC4uN2NlNWY2NTkxNDVhYzNiNTVmM2RlYjJjNDM5MWNhMDk2OTYy N2VhOQotLS0gL2Rldi9udWxsCisrKyBiL0xheW91dFRlc3RzL2Zhc3QvbWVkaWEvdXBkYXRlLW1l ZGlhLXF1ZXJ5LWNzcy1wYXJzZXIuaHRtbApAQCAtMCwwICsxLDIxIEBACis8IURPQ1RZUEUgSFRN TD4KKzxodG1sPgorPGhlYWQ+Cis8c3R5bGU+CitAbWVkaWEgYWxsIGFuZCgtd2Via2l0LW1pbi1k ZXZpY2UtcGl4ZWwtcmF0aW86MTAwMDApLG5vdCBhbGwgYW5kKC13ZWJraXQtbWluLWRldmljZS1w aXhlbC1yYXRpbzowKQoreworICAgIHRvcDotMTAwJTsKKyAgICBsZWZ0OjA7CisgICAgZGlzcGxh eTpibG9jazsKK30KKzwvc3R5bGU+Cis8c2NyaXB0PgoraWYgKHdpbmRvdy5sYXlvdXRUZXN0Q29u dHJvbGxlcikKKyAgICBsYXlvdXRUZXN0Q29udHJvbGxlci5kdW1wQXNUZXh0KCk7Cis8L3Njcmlw dD4KKzwvaGVhZD4KKzxib2R5PgorPHA+QnVnIDxhIGhyZWY9Imh0dHBzOi8vYnVncy53ZWJraXQu b3JnL3Nob3dfYnVnLmNnaT9pZD03MjIyMiI+NzIyMjI8L2E+OiBOVUxMLWRlcmVmIGluIHVwZGF0 ZUxhc3RNZWRpYUxpbmUgd2hlbiBwYXJzaW5nIHNvbWUgbWVkaWEtcXVlcmllcy48cD4KKzxwPlRo aXMgdGVzdCBoYXMgcGFzc2VkIGlmIGl0IGRvZXMgbm90IGNyYXNoLjwvcD4KKzwvYm9keT4KKzwv aHRtbD4K