Bug 92461

Summary: Fix null pointer dereference when CSSParser::sinkFloatingValueList() returns null and is passed to storeVariableDeclaration().
Product: WebKit Reporter: Luke Macpherson <macpherson>
Component: CSSAssignee: Luke Macpherson <macpherson>
Status: RESOLVED FIXED    
Severity: Normal CC: cmarcelo, eric, kling, macpherson, menard, webkit.review.bot
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch for landing none

Luke Macpherson
Reported 2012-07-26 22:58:13 PDT
Fix null pointer dereference when CSSParser::sinkFloatingValueList() returns null and is passed to storeVariableDeclaration().
Attachments
Patch (3.42 KB, patch)
2012-07-26 23:01 PDT, Luke Macpherson 		no flags
DetailsFormatted DiffDiff
Patch for landing (3.48 KB, patch)
2012-08-05 16:54 PDT, Luke Macpherson 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Luke Macpherson
Comment 1 2012-07-26 23:01:32 PDT
Created attachment 154849 [details] Patch
Luke Macpherson
Comment 2 2012-07-31 17:15:43 PDT
Ping. Could someone please review?
Eric Seidel (no email)
Comment 3 2012-08-03 00:06:15 PDT
Comment on attachment 154849 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=154849&action=review > Source/WebCore/css/CSSParser.cpp:3019 > + if (!value) > + return; A comment here to explain the "why" might be helpful.
Eric Seidel (no email)
Comment 4 2012-08-03 00:08:00 PDT
Comment on attachment 154849 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=154849&action=review >> Source/WebCore/css/CSSParser.cpp:3019 >> + return; > > A comment here to explain the "why" might be helpful. Something like: // When CSSGrammar.y encounters an invalid/un-parseable declaration it passes null for the CSSParserValueList, just bail.
Eric Seidel (no email)
Comment 5 2012-08-03 00:08:55 PDT
You don't have to make the comment, but if I were writing the code, I'd be tempted to explain the "why" as null checks are often mysterious as to their necessity or not. This one you're claiming to be necessary based on how BISON behaves.
Luke Macpherson
Comment 6 2012-08-05 16:54:22 PDT
Created attachment 156573 [details] Patch for landing
WebKit Review Bot
Comment 7 2012-08-05 18:22:57 PDT
Comment on attachment 156573 [details] Patch for landing Clearing flags on attachment: 156573 Committed r124723: <http://trac.webkit.org/changeset/124723>
WebKit Review Bot
Comment 8 2012-08-05 18:23:20 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.