Bug 114624

Summary: Crash when favicon is requested
Product: WebKit Reporter: peavo
Component: WebKit APIAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: beidson, commit-queue, roger_fong, thorton
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Unspecified   
URL: http://www.hotmail.com
Attachments:
Description Flags
Patch none

Description peavo 2013-04-15 07:50:09 PDT 
A NULL pointer exception occurs when a favicon is requested with WebIconDatabase::iconForURL.
The crash occurs in WebIconDatabase::getOrCreateDefaultIconBitmap (WebKit/win/WebIconDatabase.cpp, line 310),
because the call iconDatabase().defaultIcon(*size) returns NULL and gets dereferenced.
Comment 1 peavo 2013-04-15 07:53:59 PDT 
Created attachment 198127 [details]
Patch
Comment 2 Brent Fulgham 2013-04-15 11:51:20 PDT 
Comment on attachment 198127 [details]
Patch

r=me.  Is there an existing test for this?
Comment 3 WebKit Commit Bot 2013-04-15 12:30:35 PDT 
The commit-queue encountered the following flaky tests while processing attachment 198127 [details]:

platform/mac/editing/deleting/deletionUI-single-instance.html bug 114181 (author: rniwa@webkit.org)
transitions/color-transition-rounding.html bug 114182 (author: simon.fraser@apple.com)
transitions/cubic-bezier-overflow-svg-length.html bug 114183 (author: peter@chromium.org)
transitions/interrupt-zero-duration.html bug 114184 (authors: cmarrin@apple.com, rniwa@webkit.org, and simon.fraser@apple.com)
transitions/multiple-background-transitions.html bug 114185 (author: simon.fraser@apple.com)
transitions/cubic-bezier-overflow-color.html bug 114186 (author: peter@chromium.org)
transitions/multiple-shadow-transitions.html bug 114187 (author: simon.fraser@apple.com)
transitions/mismatched-shadow-transitions.html bug 114188 (author: simon.fraser@apple.com)
transitions/color-transition-all.html bug 114189 (authors: ossy@webkit.org and simon.fraser@apple.com)
transitions/negative-delay.html bug 114190 (author: simon.fraser@apple.com)
transitions/cubic-bezier-overflow-shadow.html bug 114191 (author: peter@chromium.org)
transitions/min-max-width-height-transitions.html bug 114192 (author: simon.fraser@apple.com)
transitions/cancel-transition.html bug 114193 (authors: ojan@chromium.org, rniwa@webkit.org, and simon.fraser@apple.com)
transitions/border-radius-transition.html bug 114194 (author: simon.fraser@apple.com)
transitions/flex-transitions.html bug 114195 (author: tony@chromium.org)
transitions/mixed-type.html bug 114196 (author: mikelawther@chromium.org)
transitions/multiple-mask-transitions.html bug 114197 (author: simon.fraser@apple.com)
transitions/color-transition-premultiplied.html bug 114198 (author: simon.fraser@apple.com)
transitions/mismatched-shadow-styles.html bug 114199 (author: simon.fraser@apple.com)
transitions/mask-transitions.html bug 114200 (authors: ojan@chromium.org, oliver@apple.com, and simon.fraser@apple.com)
transitions/cubic-bezier-overflow-length.html bug 114201 (author: peter@chromium.org)
transitions/multiple-background-size-transitions.html bug 114202 (authors: mitz@webkit.org and simon.fraser@apple.com)
transitions/clip-transition.html bug 114203 (authors: dglazkov@chromium.org and simon.fraser@apple.com)
transitions/cubic-bezier-overflow-transform.html bug 114204 (author: peter@chromium.org)
transitions/shorthand-border-transitions.html bug 114205 (authors: ojan@chromium.org and simon.fraser@apple.com)
transitions/interrupted-accelerated-transition.html bug 56242 (authors: rniwa@webkit.org, simon.fraser@apple.com, and tonyg@chromium.org)
transitions/background-transitions.html bug 114206 (author: simon.fraser@apple.com)
http/tests/security/cookies/third-party-cookie-blocking-user-action.html bug 114511 (authors: ap@webkit.org, jochen@chromium.org, and rniwa@webkit.org)
http/tests/security/mixedContent/redirect-https-to-http-iframe-in-main-frame.html bug 114208 (authors: abarth@webkit.org and rniwa@webkit.org)
fast/loader/javascript-url-in-object.html bug 114210 (authors: rniwa@webkit.org and sam@webkit.org)
The commit-queue is continuing to process your patch.
Comment 4 WebKit Commit Bot 2013-04-15 12:31:24 PDT 
Comment on attachment 198127 [details]
Patch

Clearing flags on attachment: 198127

Committed r148456: <http://trac.webkit.org/changeset/148456>
Comment 5 WebKit Commit Bot 2013-04-15 12:31:26 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 6 peavo 2013-04-16 00:15:51 PDT 
(In reply to comment #2)
> (From update of attachment 198127 [details])
> r=me.  Is there an existing test for this?

No, not that I'm aware of.