Bug 11505

Summary: REGRESSION: Null pointer deref in HitTestResult::spellingToolTip() (assertion failure in Node::document)
Product: WebKit Reporter: mitz
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, sullivan
Priority: P1 Keywords: Regression
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
manual test case
none
Automatic test
none
Patch with the automated test bdakin: review+

mitz
Reported 2006-11-03 08:01:06 PST
HitTestResult::spellingToolTip() dereferences m_innerNonSharedNode which may be null. This causes the first assert in Node::document() to fail.
Attachments
manual test case (101 bytes, text/html)
2006-11-04 02:48 PST, Alexey Proskuryakov 		no flags
Details
Automatic test (907 bytes, text/html)
2006-11-04 06:29 PST, mitz 		no flags
Details
Patch with the automated test (31.83 KB, patch)
2006-11-07 07:03 PST, mitz 		bdakin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2006-11-04 02:48:44 PST
Created attachment 11377 [details] manual test case
mitz
Comment 2 2006-11-04 06:29:49 PST
Created attachment 11379 [details] Automatic test
Beth Dakin
Comment 3 2006-11-06 23:30:01 PST
Fixed with r17640.
mitz
Comment 4 2006-11-07 07:03:51 PST
Created attachment 11414 [details] Patch with the automated test Alexey suggested adding this test which is specific to the missing null check. The test that was included with the fix doesn't cover it, since the fix prevents a null m_innerNonSharedNode in that case.
Alexey Proskuryakov
Comment 5 2006-11-07 10:11:25 PST
Reopening for review.
Beth Dakin
Comment 6 2006-11-07 10:31:19 PST
Comment on attachment 11414 [details] Patch with the automated test good call!
Alexey Proskuryakov
Comment 7 2006-11-07 10:47:52 PST
Test committed revision 17642.
Note You need to log in before you can comment on or make changes to this bug.