Bug 11777

Summary: Crash when using XMLSerializer.serializeToString() on documentless, DocumentType nodes.
Product: WebKit Reporter: Sam Weinig <sam>
Component: DOMAssignee: Sam Weinig <sam>
Status: RESOLVED FIXED    
Severity: Critical CC: cdumez
Priority: P1    
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Attachments:
Description Flags
testcase
none
another testcase
none
patch ggaren: review+

Sam Weinig
Reported 2006-12-07 12:59:56 PST
If the DocumentType node does not have a Document associated with it, as in cases where you just created one from the DOMImplementation object, webkit crashes reliably. This is a regression from the current shipping Safari.
Attachments
testcase (1.01 KB, text/html)
2006-12-07 14:44 PST, Sam Weinig 		no flags
Details
another testcase (1.39 KB, text/html)
2006-12-07 15:11 PST, Sam Weinig 		no flags
Details
patch (9.83 KB, patch)
2006-12-07 16:48 PST, Sam Weinig 		ggaren: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Sam Weinig
Comment 1 2006-12-07 14:44:58 PST
Created attachment 11765 [details] testcase Testcase. This will cause your browser to crash!
Sam Weinig
Comment 2 2006-12-07 15:11:33 PST
Created attachment 11766 [details] another testcase Another testcase that will crash ToT.
Sam Weinig
Comment 3 2006-12-07 16:48:52 PST
Created attachment 11767 [details] patch
Geoffrey Garen
Comment 4 2006-12-07 23:12:00 PST
Comment on attachment 11767 [details] patch + if (node->nodeType() == Node::DOCUMENT_TYPE_NODE && !node->document()) { It's true that only the DocumentType node can have a NULL document, but I don't see any need to test for the node being a DocumentType node. !node->document() should do. r=me
Sam Weinig
Comment 5 2006-12-08 15:58:55 PST
Landed in r18085.
Lucas Forschler
Comment 6 2019-02-06 09:04:03 PST
Mass moving XML DOM bugs to the "DOM" Component.
Note You need to log in before you can comment on or make changes to this bug.