Bug 44172

Summary: [chromium] WebKit::WebFormElement::getFormControlElements ReadAV@NULL
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: RESOLVED WORKSFORME    
Severity: Normal CC: eric, tony, tonyg
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
Bug Depends on: 43055    
Bug Blocks:    
Attachments:
Description Flags
Repro none

Berend-Jan Wever
Reported 2010-08-18 06:47:31 PDT
Created attachment 64700 [details] Repro The following repro causes a NULL pointer in Chromium latest: <body onload=" document.write('<svg><form><strike><form>'); document.close(); "> id: WebKit::WebFormElement::getFormControlElements ReadAV@NULL (c289b174a22e30d5c270e0327fe517e9) description: Attempt to read from NULL pointer (+0x60) in WebKit::WebFormElement::getFormControlElements stack: WebKit::WebFormElement::getFormControlElements FormManager::ExtractForms AutoFillHelper::FrameContentsAvailable RenderView::didFinishDocumentLoad WebKit::FrameLoaderClientImpl::dispatchDidFinishDocumentLoad WebCore::FrameLoader::finishedParsing WebCore::Document::finishedParsing WebCore::DocumentWriter::endIfNotLoadingMainResource WebCore::Document::close WebCore::HTMLDocumentInternal::closeCallback v8::internal::HandleApiCallHelper<...> v8::internal::Builtin_HandleApiCall v8::internal::Invoke v8::internal::Execution::Call ...
Attachments
Repro (84 bytes, text/html)
2010-08-18 06:47 PDT, Berend-Jan Wever 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Eric Seidel (no email)
Comment 1 2010-08-18 08:43:16 PDT
Probably related to bug 43055 as well, not sure.
Eric Seidel (no email)
Comment 2 2010-08-18 09:54:35 PDT
This looks chromium-only.
Berend-Jan Wever
Comment 3 2011-07-28 01:03:13 PDT
This seems to have been fixed by now.
Note You need to log in before you can comment on or make changes to this bug.