94628 2012-08-21 13:09:30 -0700 DOM manipulation crashes the browser 2012-08-22 12:27:22 -0700 1 1 1 Unclassified WebKit Media 528+ (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 1 vcarbune webkit-unassigned annacc eric.carlson inferno webkit-bug-importer webkit.review.bot oldest_to_newest 701035 0 vcarbune 2012-08-21 13:09:30 -0700 Creating a DOM track element by script and changing the mode crashes results in a browser crash. 701047 1 159750 vcarbune 2012-08-21 13:18:29 -0700 Created attachment 159750 Fix and test 701051 2 vcarbune 2012-08-21 13:21:10 -0700 Not sure if this is the best fix, but the spec doesn't have anything to say about combinations of DOM mutation and JS changes; Either way, we shouldn't crash, I'm open to suggestions. 701427 3 inferno 2012-08-21 18:16:32 -0700 isnt this a null pointer crash, if it yes, it is not a security bug 701428 4 webkit-bug-importer 2012-08-21 18:16:55 -0700 <rdar://problem/12147515> 701432 5 vcarbune 2012-08-21 18:19:10 -0700 (In reply to comment #3) > isnt this a null pointer crash, if it yes, it is not a security bug Indeed, it's just a null pointer crash; thought it might be more, initially. 701646 6 159750 webkit.review.bot 2012-08-22 00:48:15 -0700 Comment on attachment 159750 Fix and test Rejecting attachment 159750 from commit-queue. victor@rosedu.org does not have committer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/committers.py. - If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have committer rights please correct the error in Tools/Scripts/webkitpy/common/config/committers.py by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your committer rights. 702192 7 159750 webkit.review.bot 2012-08-22 12:27:19 -0700 Comment on attachment 159750 Fix and test Clearing flags on attachment: 159750 Committed r126331: <http://trac.webkit.org/changeset/126331> 702193 8 webkit.review.bot 2012-08-22 12:27:22 -0700 All reviewed patches have been landed. Closing bug. 159750 2012-08-21 13:18:29 -0700 2012-08-22 12:27:19 -0700 Fix and test bug-94628-20120821221827.patch text/plain 4612 vcarbune U3VidmVyc2lvbiBSZXZpc2lvbjogMTI2MTY0CmRpZmYgLS1naXQgYS9Tb3VyY2UvV2ViQ29yZS9D aGFuZ2VMb2cgYi9Tb3VyY2UvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXggMmQyMmRhNjI4ZGM5NjVj YzZlN2JkNGZjNDA1YzYyYzBiMDE4NWU1OS4uN2NmNGYwOTdmMTVjOTdlYjhjZGE5YjFiMmYyYTZj MjE1NjBhNzFmNyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvQ2hhbmdlTG9nCisrKyBiL1Nv dXJjZS9XZWJDb3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDIwIEBACisyMDEyLTA4LTIxICBWaWN0 b3IgQ2FyYnVuZSAgPHZpY3RvckByb3NlZHUub3JnPgorCisgICAgICAgIERPTSBtYW5pcHVsYXRp b24gY3Jhc2hlcyB0aGUgYnJvd3NlcgorCisgICAgICAgIENyZWF0aW5nIGEgRE9NIHRyYWNrIGVs ZW1lbnQgYnkgc2NyaXB0IGFuZCBjaGFuZ2luZyB0aGUgbW9kZSBjcmFzaGVzCisgICAgICAgIHJl c3VsdHMgaW4gYSBicm93c2VyIGNyYXNoLgorICAgICAgICBodHRwczovL2J1Z3Mud2Via2l0Lm9y Zy9zaG93X2J1Zy5jZ2k/aWQ9OTQ2MjgKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9P UFMhKS4KKworICAgICAgICBTaW1wbGUgZml4IHRoYXQgY3JlYXRlcyB0aGUgdGV4dCB0cmFjayBj dWUgbGlzdCBpbiBjYXNlIG9mIG1vZGUgY2hhbmdlLgorCisgICAgICAgIFRlc3Q6IG1lZGlhL3Ry YWNrL3RyYWNrLWVsZW1lbnQtZG9tLWNoYW5nZS1jcmFzaC5odG1sCisKKyAgICAgICAgKiBodG1s L0hUTUxNZWRpYUVsZW1lbnQuY3BwOgorICAgICAgICAoV2ViQ29yZTo6SFRNTE1lZGlhRWxlbWVu dDo6dGV4dFRyYWNrTW9kZUNoYW5nZWQpOgorCiAyMDEyLTA4LTIxICBEYW4gQmVybnN0ZWluICA8 bWl0ekBhcHBsZS5jb20+CiAKICAgICAgICAgPHJkYXI6Ly9wcm9ibGVtLzEyMTA0NTA4PiBUZXh0 SXRlcmF0b3IgdGFrZXMgTyhuXjIpIHRvIGl0ZXJhdGUgb3ZlciBuIGVtcHR5IGJsb2NrcwpkaWZm IC0tZ2l0IGEvU291cmNlL1dlYkNvcmUvaHRtbC9IVE1MTWVkaWFFbGVtZW50LmNwcCBiL1NvdXJj ZS9XZWJDb3JlL2h0bWwvSFRNTE1lZGlhRWxlbWVudC5jcHAKaW5kZXggZmFkY2ZlN2M2OTM0Y2Yz NmFjMWM3MGI4YTNkOGRjYmNlMTFmMzNkYi4uZmZiMzA4OTRiOGViZjg1MDcxMDEyODhlYTllOGM0 ZmRmNzA1N2M5YyAxMDA2NDQKLS0tIGEvU291cmNlL1dlYkNvcmUvaHRtbC9IVE1MTWVkaWFFbGVt ZW50LmNwcAorKysgYi9Tb3VyY2UvV2ViQ29yZS9odG1sL0hUTUxNZWRpYUVsZW1lbnQuY3BwCkBA IC0xMzAwLDYgKzEzMDAsMTAgQEAgdm9pZCBIVE1MTWVkaWFFbGVtZW50Ojp0ZXh0VHJhY2tNb2Rl Q2hhbmdlZChUZXh0VHJhY2sqIHRyYWNrKQogICAgICAgICAgICAgICAgICAgICB0ZXh0VHJhY2tB ZGRDdWVzKHRyYWNrLCB0cmFjay0+Y3VlcygpKTsKICAgICAgICAgICAgICAgICBlbHNlIGlmICh0 cmFja0VsZW1lbnQtPnJlYWR5U3RhdGUoKSA9PSBIVE1MVHJhY2tFbGVtZW50OjpOT05FKQogICAg ICAgICAgICAgICAgICAgICB0cmFja0VsZW1lbnQtPnNjaGVkdWxlTG9hZCgpOworCisgICAgICAg ICAgICAgICAgLy8gSWYgdGhpcyBpcyB0aGUgZmlyc3QgYWRkZWQgdHJhY2ssIGNyZWF0ZSB0aGUg bGlzdCBvZiB0ZXh0IHRyYWNrcy4KKyAgICAgICAgICAgICAgICBpZiAoIW1fdGV4dFRyYWNrcykK KyAgICAgICAgICAgICAgICAgIG1fdGV4dFRyYWNrcyA9IFRleHRUcmFja0xpc3Q6OmNyZWF0ZSh0 aGlzLCBBY3RpdmVET01PYmplY3Q6OnNjcmlwdEV4ZWN1dGlvbkNvbnRleHQoKSk7CiAgICAgICAg ICAgICB9CiAgICAgICAgICAgICBicmVhazsKICAgICAgICAgfQpkaWZmIC0tZ2l0IGEvTGF5b3V0 VGVzdHMvQ2hhbmdlTG9nIGIvTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCmluZGV4IDA4NmMyMGJhMDU3 ODA1YmUxMGRjYWMzYzVjYWU2MTJhZGNlYjcxZGMuLmU0OTdiNWJmNmJkODZjMTAwY2U3YjQzMTY2 YmE4ZGVkOTUxODg2MTAgMTAwNjQ0Ci0tLSBhL0xheW91dFRlc3RzL0NoYW5nZUxvZworKysgYi9M YXlvdXRUZXN0cy9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxNiBAQAorMjAxMi0wOC0yMSAgVmljdG9y IENhcmJ1bmUgIDx2aWN0b3JAcm9zZWR1Lm9yZz4KKworICAgICAgICBET00gbWFuaXB1bGF0aW9u IGNyYXNoZXMgdGhlIGJyb3dzZXIKKworICAgICAgICBDcmVhdGluZyBhIERPTSB0cmFjayBlbGVt ZW50IGJ5IHNjcmlwdCBhbmQgY2hhbmdpbmcgdGhlIG1vZGUgY3Jhc2hlcworICAgICAgICByZXN1 bHRzIGluIGEgYnJvd3NlciBjcmFzaC4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcv c2hvd19idWcuY2dpP2lkPTk0NjI4CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BT ISkuCisKKyAgICAgICAgKiBtZWRpYS90cmFjay90cmFjay1lbGVtZW50LWRvbS1jaGFuZ2UtY3Jh c2gtZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBtZWRpYS90cmFjay90cmFjay1lbGVt ZW50LWRvbS1jaGFuZ2UtY3Jhc2guaHRtbDogQWRkZWQuCisKIDIwMTItMDgtMjEgIEJyYWR5IEVp ZHNvbiAgPGJlaWRzb25AYXBwbGUuY29tPgogCiAgICAgICAgIFdLVFIgZG9lc24ndCBpbXBsZW1l bnQgZHVtcFdpbGxDYWNoZVJlc3BvbnNlKCkuCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9tZWRp YS90cmFjay90cmFjay1lbGVtZW50LWRvbS1jaGFuZ2UtY3Jhc2gtZXhwZWN0ZWQudHh0IGIvTGF5 b3V0VGVzdHMvbWVkaWEvdHJhY2svdHJhY2stZWxlbWVudC1kb20tY2hhbmdlLWNyYXNoLWV4cGVj dGVkLnR4dApuZXcgZmlsZSBtb2RlIDEwMDY0NAppbmRleCAwMDAwMDAwMDAwMDAwMDAwMDAwMDAw MDAwMDAwMDAwMDAwMDAwMDAwLi5jYjRkMzA1Y2VhNWI0OTk4MjliZDhjMGI2MWE4YzUxMjRjZjc1 YmJiCi0tLSAvZGV2L251bGwKKysrIGIvTGF5b3V0VGVzdHMvbWVkaWEvdHJhY2svdHJhY2stZWxl bWVudC1kb20tY2hhbmdlLWNyYXNoLWV4cGVjdGVkLnR4dApAQCAtMCwwICsxLDEwIEBACitUZXN0 cyB0aGF0IHRoZSBicm93c2VyIGhhbmRsZXMgcHJvcGVybHkgc2ltcGxlIERPTSBtdXRhdGlvbnMu CisKKyoqIENyZWF0ZSB2aWRlbyBhbmQgdGV4dCB0cmFjayBlbGVtZW50ICoqCisqKiBBcHBlbmQg dGhlIHRyYWNrIGVsZW1lbnQgdG8gdGhlIHZpZGVvIGVsZW1lbnQgKioKKyoqIFNldCB0aGUgbW9k ZSBvZiB0aGUgdGV4dCB0cmFjayB0byBTSE9XSU5HICoqCisKK05vIGNyYXNoLiBQQVNTLgorCitF TkQgT0YgVEVTVAorCmRpZmYgLS1naXQgYS9MYXlvdXRUZXN0cy9tZWRpYS90cmFjay90cmFjay1l bGVtZW50LWRvbS1jaGFuZ2UtY3Jhc2guaHRtbCBiL0xheW91dFRlc3RzL21lZGlhL3RyYWNrL3Ry YWNrLWVsZW1lbnQtZG9tLWNoYW5nZS1jcmFzaC5odG1sCm5ldyBmaWxlIG1vZGUgMTAwNjQ0Cmlu ZGV4IDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAuLmRkNmU1MThiM2Rh ZWQyY2EzMTBiY2NhMWVlZmMxZGM1ZTI3NTczYTkKLS0tIC9kZXYvbnVsbAorKysgYi9MYXlvdXRU ZXN0cy9tZWRpYS90cmFjay90cmFjay1lbGVtZW50LWRvbS1jaGFuZ2UtY3Jhc2guaHRtbApAQCAt MCwwICsxLDMyIEBACis8IURPQ1RZUEUgaHRtbD4KKzxodG1sPgorICAgIDxoZWFkPgorICAgICAg ICA8bWV0YSBodHRwLWVxdWl2PSJDb250ZW50LVR5cGUiIGNvbnRlbnQ9InRleHQvaHRtbDsgY2hh cnNldD11dGYtOCIgLz4KKworICAgICAgICA8c2NyaXB0IHNyYz0uLi9tZWRpYS1maWxlLmpzPjwv c2NyaXB0PgorICAgICAgICA8c2NyaXB0IHNyYz0uLi92aWRlby10ZXN0LmpzPjwvc2NyaXB0Pgor ICAgICAgICA8c2NyaXB0PgorICAgICAgICAgICAgZnVuY3Rpb24gc3RhcnRUZXN0KCkKKyAgICAg ICAgICAgIHsKKyAgICAgICAgICAgICAgICBjb25zb2xlV3JpdGUoIioqIENyZWF0ZSB2aWRlbyBh bmQgdGV4dCB0cmFjayBlbGVtZW50ICoqIik7CisgICAgICAgICAgICAgICAgdmFyIHZpZGVvID0g ZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgidmlkZW8iKTsKKyAgICAgICAgICAgICAgICB2YXIgdHJh Y2sgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCJ0cmFjayIpOworCisgICAgICAgICAgICAgICAg Y29uc29sZVdyaXRlKCIqKiBBcHBlbmQgdGhlIHRyYWNrIGVsZW1lbnQgdG8gdGhlIHZpZGVvIGVs ZW1lbnQgKioiKTsKKyAgICAgICAgICAgICAgICB2aWRlby5hcHBlbmRDaGlsZCh0cmFjayk7CisK KyAgICAgICAgICAgICAgICBjb25zb2xlV3JpdGUoIioqIFNldCB0aGUgbW9kZSBvZiB0aGUgdGV4 dCB0cmFjayB0byBTSE9XSU5HICoqIik7CisgICAgICAgICAgICAgICAgdHJhY2sudHJhY2subW9k ZSA9IDI7CisKKyAgICAgICAgICAgICAgICBjb25zb2xlV3JpdGUoIiIpOworICAgICAgICAgICAg ICAgIGNvbnNvbGVXcml0ZSgiTm8gY3Jhc2guIFBBU1MuIik7CisgICAgICAgICAgICAgICAgY29u c29sZVdyaXRlKCIiKTsKKworICAgICAgICAgICAgICAgIGVuZFRlc3QoKTsKKyAgICAgICAgICAg IH0KKyAgICAgICAgPC9zY3JpcHQ+CisgICAgPC9oZWFkPgorICAgIDxib2R5IG9ubG9hZD0ic3Rh cnRUZXN0KCkiPgorICAgICAgPHA+VGVzdHMgdGhhdCB0aGUgYnJvd3NlciBoYW5kbGVzIHByb3Bl cmx5IHNpbXBsZSBET00gbXV0YXRpb25zLjwvcD4KKyAgICA8L2JvZHk+Cis8L2h0bWw+Cg==