Bug 165926

Summary: Possible nullptr dereference when applying pagination to viewport
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebCore Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: bdakin, bfulgham, cdumez, commit-queue, simon.fraser, zalan
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Brent Fulgham
Reported 2016-12-15 15:32:51 PST
In FrameView::applyPaginationToViewport we check if documentElement is nullptr before accessing its renderer. Later, we dereference documentElement without checking for null.
Attachments
Patch (1.50 KB, patch)
2016-12-16 11:10 PST, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Patch (2.77 KB, patch)
2016-12-16 15:54 PST, zalan 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2016-12-16 11:10:22 PST
Created attachment 297331 [details] Patch
Brent Fulgham
Comment 2 2016-12-16 11:11:00 PST
Note: If documentElement is nullptr, documentRenderer will also be nullptr. We dereference both documentElement and documentRenderer without checking for null.
zalan
Comment 3 2016-12-16 15:54:42 PST
Created attachment 297366 [details] Patch
WebKit Commit Bot
Comment 4 2016-12-16 16:49:09 PST
Comment on attachment 297366 [details] Patch Clearing flags on attachment: 297366 Committed r209951: <http://trac.webkit.org/changeset/209951>
WebKit Commit Bot
Comment 5 2016-12-16 16:49:13 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.