Bug 21063

Summary: NULL pointer crash in dispatchEvent(null);
Product: WebKit Reporter: Dean McNamee <deanm>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, mihnea, sam, skylined
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
patch ap: review+

Dean McNamee
Reported 2008-09-24 10:01:21 PDT
We found this a while ago, looks like it never got filed: var xhr = new XMLHttpRequest(); xhr.dispatchEvent(null); I don't have a mac, or a webkit build where I can test and make a layout test. However, it should be trivial to turn the above into a layout test, and apply and test this patch: diff --git a/WebCore/xml/XMLHttpRequest.cpp b/WebCore/xml/XMLHttpRequest.cpp index 4b4bc96..0303d01 100644 --- a/WebCore/xml/XMLHttpRequest.cpp +++ b/WebCore/xml/XMLHttpRequest.cpp @@ -309,7 +309,7 @@ void XMLHttpRequest::removeEventListener(const AtomicString& bool XMLHttpRequest::dispatchEvent(PassRefPtr<Event> evt, ExceptionCode& ec, bo { // FIXME: check for other error conditions enumerated in the spec. - if (evt->type().isEmpty()) { + if (!evt || evt->type().isEmpty()) { ec = EventException::UNSPECIFIED_EVENT_TYPE_ERR; return true; }
Attachments
patch (7.60 KB, patch)
2008-11-29 14:06 PST, Sam Weinig 		ap: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Alexey Proskuryakov
Comment 1 2008-09-25 08:21:18 PDT
We seem to have the same issue in other dispatchEvent() implementations (why are there so many?). E.g. XMLHttpRequestUpload::dispatchEvent, DOMApplicationCache::dispatchEvent, MessagePort::dispatchEvent.
Sam Weinig
Comment 2 2008-09-25 11:10:04 PDT
(In reply to comment #1) > We seem to have the same issue in other dispatchEvent() implementations (why > are there so many?). E.g. XMLHttpRequestUpload::dispatchEvent, > DOMApplicationCache::dispatchEvent, MessagePort::dispatchEvent. Anders and I just discussed this yesterday. The functions seem generic enough that we should be able to factor them up to EventTarget (or elsewhere).
Dean McNamee
Comment 3 2008-11-24 20:51:24 PST
Any word on this? Could we check in the simple NULL checks for now until it gets refactored?
Alexey Proskuryakov
Comment 4 2008-11-25 00:10:10 PST
Yes. Would you be willing to make a patch with test cases?
Sam Weinig
Comment 5 2008-11-29 14:06:18 PST
Created attachment 25601 [details] patch
Alexey Proskuryakov
Comment 6 2008-11-29 14:09:48 PST
Comment on attachment 25601 [details] patch r=me
Sam Weinig
Comment 7 2008-11-29 14:34:05 PST
Fixed in r38845.
Note You need to log in before you can comment on or make changes to this bug.