Bug 11777

Summary: Crash when using XMLSerializer.serializeToString() on documentless, DocumentType nodes.
Product: WebKit Reporter: Sam Weinig <sam>
Component: DOMAssignee: Sam Weinig <sam>
Status: RESOLVED FIXED    
Severity: Critical CC: cdumez
Priority: P1    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
testcase
none
another testcase
none
patch ggaren: review+

Description Sam Weinig 2006-12-07 12:59:56 PST 
If the DocumentType node does not have a Document associated with it, as in cases where you just created one from the DOMImplementation object, webkit crashes reliably.  This is a regression from the current shipping Safari.
Comment 1 Sam Weinig 2006-12-07 14:44:58 PST 
Created attachment 11765 [details]
testcase

Testcase.  This will cause your browser to crash!
Comment 2 Sam Weinig 2006-12-07 15:11:33 PST 
Created attachment 11766 [details]
another testcase

Another testcase that will crash ToT.
Comment 3 Sam Weinig 2006-12-07 16:48:52 PST 
Created attachment 11767 [details]
patch
Comment 4 Geoffrey Garen 2006-12-07 23:12:00 PST 
Comment on attachment 11767 [details]
patch

+    if (node->nodeType() == Node::DOCUMENT_TYPE_NODE && !node->document()) {

It's true that only the DocumentType node can have a NULL document, but I don't see any need to test for the node being a DocumentType node. !node->document() should do.

r=me
Comment 5 Sam Weinig 2006-12-08 15:58:55 PST 
Landed in r18085.
Comment 6 Lucas Forschler 2019-02-06 09:04:03 PST 
Mass moving XML DOM bugs to the "DOM" Component.