Bug 312304

Summary: Popover test cases trigger nullptr dereference in WebKit
Product: WebKit Reporter: Brent Fulgham <bfulgham>
Component: New BugsAssignee: Brent Fulgham <bfulgham>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Bug Depends on:    
Bug Blocks: 275048    

Brent Fulgham
Reported 2026-04-14 12:50:52 PDT
Three upstream WPT tests are causing crashes when run in WebKit: imported/w3c/web-platform-tests/html/semantics/popovers/popover-events.html [ Crash ] imported/w3c/web-platform-tests/html/semantics/popovers/popover-focus-blur-crash.html [ Crash ] imported/w3c/web-platform-tests/html/semantics/popovers/popover-remove-attribute-during-focusing-steps.html [ Crash ] These are nullptr dereferences: ``` Thread 0 Crashed:: Dispatch queue: com.apple.main-thread: 0 com.apple.WebCore 0x11ac19d58 WebCore::PopoverData::setPreviouslyFocusedElement(WebCore::Element*) 1 com.apple.WebCore 0x119be1e64 WebCore::HTMLElement::showPopoverInternal(WebCore::HTMLElement*) 2 com.apple.WebCore 0x118c45ad4 WebCore::jsHTMLElementPrototypeFunction_showPopover(JSC::JSGlobalObject*, JSC::CallFrame*) 3 0x13281003c ```
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2026-04-14 12:51:06 PDT
<rdar://problem/174767317>
Brent Fulgham
Comment 2 2026-04-14 16:42:25 PDT
Pull request: https://github.com/WebKit/WebKit/pull/62780
EWS
Comment 3 2026-04-15 20:20:35 PDT
Committed 311343@main (5d9589eb2f70): <https://commits.webkit.org/311343@main> Reviewed commits have been landed. Closing PR #62780 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.