Bug 161898
| Summary: | Null-pointer dereference in WebCore::MediaPlayer::getStartDate | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | codecolorist |
| Component: | Media | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | CC: | jonlee, ross.kirsling, webkit-bug-importer |
| Priority: | P2 | Keywords: | InRadar |
| Version: | Safari Technology Preview | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
codecolorist
In webkit/Source/WebCore/html/HTMLMediaElement.cpp, the method HTMLMediaElement::getStartDate doesn't check if m_player is null:
double HTMLMediaElement::getStartDate() const
{
return m_player->getStartDate().toDouble();
}
So this simple one line javascript can crash the browser:
document.createElement('video').getStartDate()
| Attachments | ||
|---|---|---|
| Add attachment proposed patch, testcase, etc. |
Radar WebKit Bug Importer
<rdar://problem/54354953>
Ross Kirsling
*** This bug has been marked as a duplicate of bug 161733 ***