Bug 236409

Summary: null ptr deref in WebCore::HTMLModelElement::enterFullscreen()
Product: WebKit Reporter: Gabriel Nava Marino <gnavamarino>
Component: New BugsAssignee: Gabriel Nava Marino <gnavamarino>
Status: RESOLVED FIXED    
Severity: Normal CC: darin, graouts, ntim, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
graouts: review+, ews-feeder: commit-queue-
Patch
none
Patch
none
Patch none

Description Gabriel Nava Marino 2022-02-09 14:40:10 PST 
m_modelPlayer is a RefPtr that can become nullptr, so it needs a check before dereferencing.

<rdar://problem/88475491>
Comment 1 Gabriel Nava Marino 2022-02-09 14:45:01 PST 
Created attachment 451445 [details]
Patch
Comment 2 Antoine Quint 2022-02-09 23:52:15 PST 
This method is only defined on Cocoa ports, so make sure to only run this test on those platforms.
Comment 3 Gabriel Nava Marino 2022-02-10 11:03:39 PST 
Created attachment 451574 [details]
Patch
Comment 4 Gabriel Nava Marino 2022-02-10 11:08:15 PST 
(In reply to Antoine Quint from comment #2)
> This method is only defined on Cocoa ports, so make sure to only run this
> test on those platforms.

Thank you, I have updated TestExpectations for those platforms.
Comment 5 Tim Nguyen (:ntim) 2022-02-10 15:48:43 PST 
Comment on attachment 451574 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=451574&action=review

> Source/WebCore/ChangeLog:14
> +        Test: fast/model-element/model-element-enter-fullscreen-crash.html

Can you move this test in the LayoutTests/model-element folder instead of creating a new subfolder under LayoutTests/fast ?

The LayoutTests/model-element folder is already correctly skipped on non-Cocoa platforms, so you can also remove your changes in the gtk/win TestExpectations files.
Comment 6 Gabriel Nava Marino 2022-02-11 09:55:50 PST 
Created attachment 451715 [details]
Patch
Comment 7 Antoine Quint 2022-02-11 12:52:33 PST 
Comment on attachment 451715 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=451715&action=review

> LayoutTests/model-element/model-element-enter-fullscreen-crash.html:3
> +  internals.settings.setModelElementEnabled(true);

You don't need that line, it's already enabled in WKTR.
Comment 8 Gabriel Nava Marino 2022-02-14 10:53:12 PST 
Created attachment 451923 [details]
Patch
Comment 9 EWS 2022-02-15 01:05:48 PST 
Committed r289794 (247259@main): <https://commits.webkit.org/247259@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 451923 [details].