| Summary: | Null-pointer dereference in WebCore::MediaPlayer::getStartDate | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | codecolorist |
| Component: | Media | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | Normal | ||
| Priority: | P2 | ||
| Version: | Safari Technology Preview | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
In webkit/Source/WebCore/html/HTMLMediaElement.cpp, the method HTMLMediaElement::getStartDate doesn't check if m_player is null: double HTMLMediaElement::getStartDate() const { return m_player->getStartDate().toDouble(); } So this simple one line javascript can crash the browser: document.createElement('video').getStartDate()