Bug 11505 - REGRESSION: Null pointer deref in HitTestResult::spellingToolTip() (assertion failure in Node::document)
Summary: REGRESSION: Null pointer deref in HitTestResult::spellingToolTip() (assertion...
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 420+
Hardware: Mac OS X 10.4
: P1 Normal
Assignee: Nobody
Keywords: Regression
Depends on:
Reported: 2006-11-03 08:01 PST by mitz
Modified: 2006-11-07 10:47 PST (History)
2 users (show)

See Also:

manual test case (101 bytes, text/html)
2006-11-04 02:48 PST, Alexey Proskuryakov
no flags Details
Automatic test (907 bytes, text/html)
2006-11-04 06:29 PST, mitz
no flags Details
Patch with the automated test (31.83 KB, patch)
2006-11-07 07:03 PST, mitz
bdakin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description mitz 2006-11-03 08:01:06 PST
HitTestResult::spellingToolTip() dereferences m_innerNonSharedNode which may be null. This causes the first assert in Node::document() to fail.
Comment 1 Alexey Proskuryakov 2006-11-04 02:48:44 PST
Created attachment 11377 [details]
manual test case
Comment 2 mitz 2006-11-04 06:29:49 PST
Created attachment 11379 [details]
Automatic test
Comment 3 Beth Dakin 2006-11-06 23:30:01 PST
Fixed with r17640.
Comment 4 mitz 2006-11-07 07:03:51 PST
Created attachment 11414 [details]
Patch with the automated test

Alexey suggested adding this test which is specific to the missing null check. The test that was included with the fix doesn't cover it, since the fix prevents a null m_innerNonSharedNode in that case.
Comment 5 Alexey Proskuryakov 2006-11-07 10:11:25 PST
Reopening for review.
Comment 6 Beth Dakin 2006-11-07 10:31:19 PST
Comment on attachment 11414 [details]
Patch with the automated test

good call!
Comment 7 Alexey Proskuryakov 2006-11-07 10:47:52 PST
Test committed revision 17642.