Bug 31545

Summary: WebCore::SelectionController::setSelection NULL pointer
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, eric, morrita
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
URL: http://skypher.com/SkyLined/Repro/WebKit/Bug%2031545%20-%20WebCore..SelectionController..setSelection%20NULL%20pointer/repro.html
Attachments:
Description Flags
Repro case
none
patch v0; add NULL check none

Berend-Jan Wever
Reported 2009-11-16 04:34:45 PST
Created attachment 43293 [details] Repro case The below code causes a NULL pointer: <SCRIPT> html_document=document.implementation.createHTMLDocument(); svg_element=html_document.createElementNS("http://www.w3.org/2000/svg","svg"); svg_element.deselectAll(); </SCRIPT> Relevant functions on stack: WebCore::SelectionController::setSelection(class WebCore::VisibleSelection * s = 0x0012ef0c, bool closeTyping = true, bool clearTypingStyle = true, bool userTriggered = false)+0x9 WebCore::SelectionController::clear(void)+0x1f WebCore::SVGSVGElementInternal::deselectAllCallback(class v8::Arguments * args = 0x0012efac)+0x4c
Attachments
Repro case (188 bytes, text/html)
2009-11-16 04:34 PST, Berend-Jan Wever 		no flags
Details
patch v0; add NULL check (2.94 KB, patch)
2010-03-23 03:23 PDT, Hajime Morrita 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Berend-Jan Wever
Comment 1 2009-11-16 04:37:42 PST
Added link to online repro
Hajime Morrita
Comment 2 2010-03-23 03:23:06 PDT
Created attachment 51405 [details] patch v0; add NULL check
Berend-Jan Wever
Comment 3 2010-03-23 04:02:19 PDT
LGTM
Hajime Morrita
Comment 4 2010-03-23 04:15:35 PDT
Comment on attachment 51405 [details] patch v0; add NULL check Thank you for reviewing! I cannot figure out what style-cheker claims. It is OK for my local working copy...
Dimitri Glazkov (Google)
Comment 5 2010-03-23 08:50:53 PDT
Comment on attachment 51405 [details] patch v0; add NULL check Please don't r+ the patch unless you're a reviewer.
Alexey Proskuryakov
Comment 6 2010-03-23 09:01:24 PDT
Comment on attachment 51405 [details] patch v0; add NULL check > +++ b/LayoutTests/svg/dom/frame-related-api-during-load-expected.txt > @@ -0,0 +1 @@ > +OK unless it got crashed. A test should ideally say a few words about what is being tested, and maybe provide a link to the bug. r=me as is though.
WebKit Commit Bot
Comment 7 2010-03-23 10:10:48 PDT
Comment on attachment 51405 [details] patch v0; add NULL check Clearing flags on attachment: 51405 Committed r56401: <http://trac.webkit.org/changeset/56401>
WebKit Commit Bot
Comment 8 2010-03-23 10:10:52 PDT
All reviewed patches have been landed. Closing bug.
Hajime Morrita
Comment 9 2010-03-23 22:40:16 PDT
ap: Thank you for reviewing. > A test should ideally say a few words about what is being tested, and maybe > provide a link to the bug. Agreed. So I filed this fix on Bug 36517 with a patch.
Note You need to log in before you can comment on or make changes to this bug.