117465 – Potential crash in FrameView::updateScrollCorner

NEW 117465

Potential crash in FrameView::updateScrollCorner

https://bugs.webkit.org/show_bug.cgi?id=117465

Summary Potential crash in FrameView::updateScrollCorner

Ryosuke Niwa

Reported 2013-06-10 18:41:38 PDT

We might want to merge https://chromium.googlesource.com/chromium/blink/+/525efd3cc851df1545133547a172ddfdb55b2645 if we can reproduce or has been getting reports for the said crash. Don't know how to reproduce but it seems the only possibility of crash: If frameView::updateScrollCorner() is called when the FrameView doesn't have the document or (body and documentElement), and the owner iframe/frame element has scrollbar corner style, then |renderer| will be NULL and it'll crash at line 2736.

Attachments
Add attachment proposed patch, testcase, etc.

Ahmad Saleem

Comment 1 2022-10-23 13:36:11 PDT

I tried this in PR below: https://github.com/WebKit/WebKit/pull/4854 But I get build failures and it is beyond my expertise to fix this. I think if there is any potential crash issue, we should fix it. Although this merge is beyond my expertise. Thanks!

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware Unspecified

OS Unspecified

Product WebKit

Component Page Loading

Assignee

Nobody

Reported

2013-06-10 18:41 PDT

Modified

2022-10-23 13:36 PDT History

CC List

3 users Show

URL

Keywords BlinkMergeCandidate

Depends on

Blocks