Bug 61511

Summary: WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: DOMAssignee: Hajime Morrita <morrita>
Status: RESOLVED FIXED    
Severity: Normal CC: ademar, dglazkov, eric, morrita
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
Attachments:
Description Flags
Patch tkent: review+

Description Berend-Jan Wever 2011-05-26 01:09:11 PDT 
Chromium: https://code.google.com/p/chromium/issues/detail?id=84018

Repro:
<body onload="f()"></body>
<script>
  function f() {
    var oImg = new Image();
    document.open();
    oImg.innerHTML = "<summary>";
    document.insertBefore(oImg.lastChild, null);
  }
</script>

id:             chrome.dll!WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL (2d237efc21d08331051148bfdb203706)
description:    Attempt to read from unallocated NULL pointer+0x8 in chrome.dll!WebCore::HTMLSummaryElement::isMainSummary
application:    Chromium 13.0.777.0
stack:          chrome.dll!WebCore::HTMLSummaryElement::isMainSummary
                chrome.dll!WebCore::DetailsMarkerControl::rendererIsNeeded
                chrome.dll!WebCore::NodeRendererFactory::createRendererAndStyle
                chrome.dll!WebCore::NodeRendererFactory::createRendererIfNeeded
                chrome.dll!WebCore::Node::createRendererIfNeeded
                chrome.dll!WebCore::Element::attach
                chrome.dll!WebCore::ContainerNode::attach
                chrome.dll!WebCore::ShadowRoot::attach
                chrome.dll!WebCore::Element::attach
                chrome.dll!WebCore::Element::recalcStyle
                chrome.dll!WebCore::Document::recalcStyle
                chrome.dll!WebCore::Document::updateStyleIfNeeded
                chrome.dll!WebCore::Document::implicitClose
                chrome.dll!WebCore::FrameLoader::checkCompleted
                chrome.dll!WebCore::FrameLoader::finishedParsing
                chrome.dll!WebCore::Document::finishedParsing
                chrome.dll!WebCore::HTMLDocumentParser::prepareToStopParsing
                chrome.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource
                chrome.dll!WebCore::FrameLoader::finishedLoading
                chrome.dll!WebCore::MainResourceLoader::didFinishLoading
                chrome.dll!WebCore::ResourceLoader::didFinishLoading
                chrome.dll!WebCore::ResourceHandleInternal::didFinishLoading
                chrome.dll!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest
                chrome.dll!ResourceDispatcher::OnRequestComplete
                chrome.dll!IPC::MessageWithTuple<...>::Dispatch<ResourceDispatcher,ResourceDispatcher,void
                chrome.dll!ResourceDispatcher::DispatchMessageW
                chrome.dll!ResourceDispatcher::OnMessageReceived
                chrome.dll!ChildThread::OnMessageReceived
                chrome.dll!RunnableMethod<DetectTabLanguageFunction,void
                chrome.dll!`anonymous namespace'::TaskClosureAdapter::Run
                ...
Comment 1 Hajime Morrita 2011-05-26 22:21:38 PDT 
Created attachment 95114 [details]
Patch
Comment 2 Kent Tamura 2011-05-27 00:02:18 PDT 
Comment on attachment 95114 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=95114&action=review

> LayoutTests/ChangeLog:5
> +        WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL

nit: ReadAV@NULL is not normal English.
Comment 3 Hajime Morrita 2011-05-27 00:27:09 PDT 
Committed r87480: <http://trac.webkit.org/changeset/87480>
Comment 4 Ademar Reis 2011-05-27 11:18:21 PDT 
Revision r87480 cherry-picked into qtwebkit-2.2 with commit 27ca4d8 <http://gitorious.org/webkit/qtwebkit/commit/27ca4d8>