Bug 61511

Summary: WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL
Product: WebKit Reporter: Berend-Jan Wever <skylined>
Component: DOMAssignee: Hajime Morrita <morrita>
Status: RESOLVED FIXED    
Severity: Normal CC: ademar, dglazkov, eric, morrita
Priority: P1    
Version: 528+ (Nightly build)   
Hardware: PC   
OS: Windows Vista   
Attachments:
Description Flags
Patch tkent: review+

Berend-Jan Wever
Reported 2011-05-26 01:09:11 PDT
Chromium: https://code.google.com/p/chromium/issues/detail?id=84018 Repro: <body onload="f()"></body> <script> function f() { var oImg = new Image(); document.open(); oImg.innerHTML = "<summary>"; document.insertBefore(oImg.lastChild, null); } </script> id: chrome.dll!WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL (2d237efc21d08331051148bfdb203706) description: Attempt to read from unallocated NULL pointer+0x8 in chrome.dll!WebCore::HTMLSummaryElement::isMainSummary application: Chromium 13.0.777.0 stack: chrome.dll!WebCore::HTMLSummaryElement::isMainSummary chrome.dll!WebCore::DetailsMarkerControl::rendererIsNeeded chrome.dll!WebCore::NodeRendererFactory::createRendererAndStyle chrome.dll!WebCore::NodeRendererFactory::createRendererIfNeeded chrome.dll!WebCore::Node::createRendererIfNeeded chrome.dll!WebCore::Element::attach chrome.dll!WebCore::ContainerNode::attach chrome.dll!WebCore::ShadowRoot::attach chrome.dll!WebCore::Element::attach chrome.dll!WebCore::Element::recalcStyle chrome.dll!WebCore::Document::recalcStyle chrome.dll!WebCore::Document::updateStyleIfNeeded chrome.dll!WebCore::Document::implicitClose chrome.dll!WebCore::FrameLoader::checkCompleted chrome.dll!WebCore::FrameLoader::finishedParsing chrome.dll!WebCore::Document::finishedParsing chrome.dll!WebCore::HTMLDocumentParser::prepareToStopParsing chrome.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource chrome.dll!WebCore::FrameLoader::finishedLoading chrome.dll!WebCore::MainResourceLoader::didFinishLoading chrome.dll!WebCore::ResourceLoader::didFinishLoading chrome.dll!WebCore::ResourceHandleInternal::didFinishLoading chrome.dll!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest chrome.dll!ResourceDispatcher::OnRequestComplete chrome.dll!IPC::MessageWithTuple<...>::Dispatch<ResourceDispatcher,ResourceDispatcher,void chrome.dll!ResourceDispatcher::DispatchMessageW chrome.dll!ResourceDispatcher::OnMessageReceived chrome.dll!ChildThread::OnMessageReceived chrome.dll!RunnableMethod<DetectTabLanguageFunction,void chrome.dll!`anonymous namespace'::TaskClosureAdapter::Run ...
Attachments
Patch (3.33 KB, patch)
2011-05-26 22:21 PDT, Hajime Morrita 		tkent: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Hajime Morrita
Comment 1 2011-05-26 22:21:38 PDT
Created attachment 95114 [details] Patch
Kent Tamura
Comment 2 2011-05-27 00:02:18 PDT
Comment on attachment 95114 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=95114&action=review > LayoutTests/ChangeLog:5 > + WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL nit: ReadAV@NULL is not normal English.
Hajime Morrita
Comment 3 2011-05-27 00:27:09 PDT
Committed r87480: <http://trac.webkit.org/changeset/87480>
Ademar Reis
Comment 4 2011-05-27 11:18:21 PDT
Revision r87480 cherry-picked into qtwebkit-2.2 with commit 27ca4d8 <http://gitorious.org/webkit/qtwebkit/commit/27ca4d8>
Note You need to log in before you can comment on or make changes to this bug.