Bug 33913

Summary: Crash under Media::matchMedium in detached frame
Product: WebKit Reporter: Alexey Proskuryakov <ap>
Component: WebCore JavaScriptAssignee: Alexey Proskuryakov <ap>
Status: RESOLVED FIXED    
Severity: Normal CC: skylined
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Bug Depends on:    
Bug Blocks: 29692    
Attachments:
Description Flags
proposed fix simon.fraser: review+

Alexey Proskuryakov
Reported 2010-01-20 10:41:10 PST
Caught this with DOM Fuzzer. I have a reduction that crashes in a slightly different manner, but in both cases, it's a null dereference due to null m_window->document().
Attachments
proposed fix (8.57 KB, patch)
2010-01-20 10:56 PST, Alexey Proskuryakov
simon.fraser: review+
Alexey Proskuryakov
Comment 1 2010-01-20 10:56:04 PST
Created attachment 47048 [details] proposed fix
Alexey Proskuryakov
Comment 2 2010-01-20 11:01:27 PST
Committed revision 53555.
Alexey Proskuryakov
Comment 3 2010-08-09 06:34:07 PDT
> Removed null check for document element - every document has one. Untrue, see bug 31353.
Alexey Proskuryakov
Comment 4 2010-09-29 08:26:03 PDT
I guess I meant bug 43677.
Alexey Proskuryakov
Comment 5 2010-09-29 08:26:50 PDT
*** Bug 31353 has been marked as a duplicate of this bug. ***
Note You need to log in before you can comment on or make changes to this bug.