Bug 236409

Summary: null ptr deref in WebCore::HTMLModelElement::enterFullscreen()
Product: WebKit Reporter: Gabriel Nava Marino <gnavamarino>
Component: New BugsAssignee: Gabriel Nava Marino <gnavamarino>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, graouts, ntim, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
graouts: review+, ews-feeder: commit-queue-
Patch
none
Patch
none
Patch none

Gabriel Nava Marino
Reported 2022-02-09 14:40:10 PST
m_modelPlayer is a RefPtr that can become nullptr, so it needs a check before dereferencing. <rdar://problem/88475491>
Attachments
Patch (3.88 KB, patch)
2022-02-09 14:45 PST, Gabriel Nava Marino 		graouts: review+
ews-feeder: commit-queue-
DetailsFormatted DiffDiff
Patch (5.17 KB, patch)
2022-02-10 11:03 PST, Gabriel Nava Marino 		no flags
DetailsFormatted DiffDiff
Patch (3.85 KB, patch)
2022-02-11 09:55 PST, Gabriel Nava Marino 		no flags
DetailsFormatted DiffDiff
Patch (3.90 KB, patch)
2022-02-14 10:53 PST, Gabriel Nava Marino 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Gabriel Nava Marino
Comment 1 2022-02-09 14:45:01 PST
Created attachment 451445 [details] Patch
Antoine Quint
Comment 2 2022-02-09 23:52:15 PST
This method is only defined on Cocoa ports, so make sure to only run this test on those platforms.
Gabriel Nava Marino
Comment 3 2022-02-10 11:03:39 PST
Created attachment 451574 [details] Patch
Gabriel Nava Marino
Comment 4 2022-02-10 11:08:15 PST
(In reply to Antoine Quint from comment #2) > This method is only defined on Cocoa ports, so make sure to only run this > test on those platforms. Thank you, I have updated TestExpectations for those platforms.
Tim Nguyen (:ntim)
Comment 5 2022-02-10 15:48:43 PST
Comment on attachment 451574 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=451574&action=review > Source/WebCore/ChangeLog:14 > + Test: fast/model-element/model-element-enter-fullscreen-crash.html Can you move this test in the LayoutTests/model-element folder instead of creating a new subfolder under LayoutTests/fast ? The LayoutTests/model-element folder is already correctly skipped on non-Cocoa platforms, so you can also remove your changes in the gtk/win TestExpectations files.
Gabriel Nava Marino
Comment 6 2022-02-11 09:55:50 PST
Created attachment 451715 [details] Patch
Antoine Quint
Comment 7 2022-02-11 12:52:33 PST
Comment on attachment 451715 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=451715&action=review > LayoutTests/model-element/model-element-enter-fullscreen-crash.html:3 > + internals.settings.setModelElementEnabled(true); You don't need that line, it's already enabled in WKTR.
Gabriel Nava Marino
Comment 8 2022-02-14 10:53:12 PST
Created attachment 451923 [details] Patch
EWS
Comment 9 2022-02-15 01:05:48 PST
Committed r289794 (247259@main): <https://commits.webkit.org/247259@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 451923 [details].
Note You need to log in before you can comment on or make changes to this bug.