Bug 47353

Summary: WebCore::DragController::concludeEditDrag ReadAV@NULL (37f719744f0b84bd607e9d16c87f2399)
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: DOMAssignee: Nobody <webkit-unassigned>
Status: NEW    
Severity: Normal CC: eric
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
Attachments:
Description Flags
Repro none

Berend-Jan Wever
Reported 2010-10-07 09:04:18 PDT
Created attachment 70094 [details] Repro What steps will reproduce the problem? 1. Execute javascript "document.open()" in a page. 2. Drag an HTML file into the window of that page. 3. Crash Repro: <body onload="document.open()"></body> Drag that into the same window twice and you get a NULL pointer crash. Fund in latest Chrome/Chromium, this does not affect stable Safari. stack: WebCore::DragController::concludeEditDrag WebCore::DragController::performDrag WebKit::WebViewImpl::dragTargetDrop RenderView::OnDragTargetDrop IPC::MessageWithTuple&lt;...&gt;::Dispatch&lt;RenderView,void RenderView::OnMessageReceived MessageRouter::RouteMessage MessageRouter::OnMessageReceived ChildThread::OnMessageReceived RunnableMethod&lt;ExtensionsService,void MessageLoop::RunTask MessageLoop::DoWork base::MessagePumpDefault::Run MessageLoop::RunInternal MessageLoop::Run RendererMain ChromeMain
Attachments
Repro (206 bytes, text/html)
2010-10-07 09:04 PDT, Berend-Jan Wever 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Note You need to log in before you can comment on or make changes to this bug.