Bug 17655

Summary: Reproducible crash calling querySelector on viewless Document
Product: WebKit Reporter: Mark Rowe (bdash) <mrowe>
Component: WebCore JavaScriptAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: alex, catfish.man, jresig, mitz
Priority: P1 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: Mac   
OS: OS X 10.5   
Attachments:
Description Flags
Reduction (will crash Release builds of TOT) none

Mark Rowe (bdash)
Reported 2008-03-03 14:58:59 PST
After fixing the main crash reported on bug 17313, the original test case still crashes. This is because a document is created via DOMParser.parseFromString and is then queried with querySelectorAll. As the document is not attached to any view it has no style selector, which leads to a null dereference. Top of backtrace is as follows: Exception Type: EXC_BAD_ACCESS (SIGBUS) Exception Codes: KERN_PROTECTION_FAILURE at 0x00000000000000e8 Crashed Thread: 0 Thread 0 Crashed: 0 com.apple.WebCore 0x00e3745a WebCore::CSSStyleSelector::initElementAndPseudoState(WebCore::Element*) + 26 (CSSStyleSelector.cpp:535) 1 com.apple.WebCore 0x011192be WebCore::Node::querySelector(WebCore::String const&, int&) + 542 (Node.cpp:1225) 2 com.apple.WebCore 0x01036aee WebCore::jsDocumentPrototypeFunctionQuerySelector(KJS::ExecState*, KJS::JSObject*, KJS::List const&) + 142 (PassRefPtr.h:49) 3 com.apple.JavaScriptCore 0x00487228 KJS::FunctionCallDotNode::evaluate(KJS::ExecState*) + 696 (object.cpp:99)
Attachments
Reduction (will crash Release builds of TOT) (191 bytes, text/html)
2008-03-03 15:04 PST, Mark Rowe (bdash) 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Mark Rowe (bdash)
Comment 1 2008-03-03 15:04:22 PST
Created attachment 19504 [details] Reduction (will crash Release builds of TOT)
Mark Rowe (bdash)
Comment 2 2008-03-03 15:06:59 PST
<rdar://problem/5778077>
mitz
Comment 3 2008-05-20 12:18:01 PDT
Fixed in <http://trac.webkit.org/changeset/33939>.
Note You need to log in before you can comment on or make changes to this bug.