Bug 31545

Summary: WebCore::SelectionController::setSelection NULL pointer
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: SVGAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, commit-queue, eric, morrita
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
URL: http://skypher.com/SkyLined/Repro/WebKit/Bug%2031545%20-%20WebCore..SelectionController..setSelection%20NULL%20pointer/repro.html
Attachments:
Description Flags
Repro case
none
patch v0; add NULL check none

Description Berend-Jan Wever 2009-11-16 04:34:45 PST 
Created attachment 43293 [details]
Repro case

The below code causes a NULL pointer:

<SCRIPT>
html_document=document.implementation.createHTMLDocument();
svg_element=html_document.createElementNS("http://www.w3.org/2000/svg","svg");
svg_element.deselectAll();
</SCRIPT>

Relevant functions on stack:
WebCore::SelectionController::setSelection(class WebCore::VisibleSelection * s = 0x0012ef0c, bool closeTyping = true, bool clearTypingStyle = true, bool userTriggered = false)+0x9
WebCore::SelectionController::clear(void)+0x1f
WebCore::SVGSVGElementInternal::deselectAllCallback(class v8::Arguments * args = 0x0012efac)+0x4c
Comment 1 Berend-Jan Wever 2009-11-16 04:37:42 PST 
Added link to online repro
Comment 2 Hajime Morrita 2010-03-23 03:23:06 PDT 
Created attachment 51405 [details]
patch v0; add NULL check
Comment 3 Berend-Jan Wever 2010-03-23 04:02:19 PDT 
LGTM
Comment 4 Hajime Morrita 2010-03-23 04:15:35 PDT 
Comment on attachment 51405 [details]
patch v0; add NULL check

Thank you for reviewing!

I cannot figure out what style-cheker claims.
It is OK for my local working copy...
Comment 5 Dimitri Glazkov (Google) 2010-03-23 08:50:53 PDT 
Comment on attachment 51405 [details]
patch v0; add NULL check

Please don't r+ the patch unless you're a reviewer.
Comment 6 Alexey Proskuryakov 2010-03-23 09:01:24 PDT 
Comment on attachment 51405 [details]
patch v0; add NULL check

> +++ b/LayoutTests/svg/dom/frame-related-api-during-load-expected.txt
> @@ -0,0 +1 @@
> +OK unless it got crashed.

A test should ideally say a few words about what is being tested, and maybe provide a link to the bug.

r=me as is though.
Comment 7 WebKit Commit Bot 2010-03-23 10:10:48 PDT 
Comment on attachment 51405 [details]
patch v0; add NULL check

Clearing flags on attachment: 51405

Committed r56401: <http://trac.webkit.org/changeset/56401>
Comment 8 WebKit Commit Bot 2010-03-23 10:10:52 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 9 Hajime Morrita 2010-03-23 22:40:16 PDT 
ap: Thank you for reviewing.
> A test should ideally say a few words about what is being tested, and maybe
> provide a link to the bug.
Agreed. So I filed this fix on Bug 36517 with a patch.