Bug 21845

Summary: m_frame null checked but then dereferenced
Product: WebKit Reporter: Darin Fisher (:fishd, Google) <fishd>
Component: WebCore Misc.Assignee: Darin Fisher (:fishd, Google) <fishd>
Status: RESOLVED FIXED    
Severity: Normal CC: oliver
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
v1 patch: add early return eric: review+

Description Darin Fisher (:fishd, Google) 2008-10-23 17:57:40 PDT
m_frame null checked but then dereferenced

in EventHandler::allowDHTMLDrag, it appears that a return statement is missing.

it looks like this code was introduced in http://trac.webkit.org/changeset/19230 

this was found using a static analysis tool.  i don't know if it is actually possible for m_frame to be null, so i don't know how to judge the severity of this bug.  maybe the null checking code should just be removed.
Comment 1 Darin Fisher (:fishd, Google) 2008-10-23 17:59:53 PDT
Created attachment 24629 [details]
v1 patch: add early return
Comment 2 Eric Seidel (no email) 2008-10-23 18:01:12 PDT
Comment on attachment 24629 [details]
v1 patch: add early return

This looks to me like what the author intended in their original code.  Certainly the existing code is incorrect.
Comment 3 Eric Seidel (no email) 2008-10-23 18:01:53 PDT
Please add a comment to your changelog when landing about how this was found using a static analysis tool and thus there are no reproduction steps for a test case.
Comment 4 Darin Fisher (:fishd, Google) 2008-10-23 18:05:39 PDT
http://trac.webkit.org/changeset/37834