Bug 165926

Summary: Possible nullptr dereference when applying pagination to viewport
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: WebCore Misc.Assignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: bdakin, bfulgham, cdumez, commit-queue, simon.fraser, zalan
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch none

Description Brent Fulgham 2016-12-15 15:32:51 PST 
In FrameView::applyPaginationToViewport we check if documentElement is nullptr before accessing its renderer.

Later, we dereference documentElement without checking for null.
Comment 1 Brent Fulgham 2016-12-16 11:10:22 PST 
Created attachment 297331 [details]
Patch
Comment 2 Brent Fulgham 2016-12-16 11:11:00 PST 
Note: If documentElement is nullptr, documentRenderer will also be nullptr. We dereference both documentElement and documentRenderer without checking for null.
Comment 3 zalan 2016-12-16 15:54:42 PST 
Created attachment 297366 [details]
Patch
Comment 4 WebKit Commit Bot 2016-12-16 16:49:09 PST 
Comment on attachment 297366 [details]
Patch

Clearing flags on attachment: 297366

Committed r209951: <http://trac.webkit.org/changeset/209951>
Comment 5 WebKit Commit Bot 2016-12-16 16:49:13 PST 
All reviewed patches have been landed.  Closing bug.