Bug 149782 - ShadowRoot with leading or trailing white space cause a crash
Summary: ShadowRoot with leading or trailing white space cause a crash
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Ryosuke Niwa
URL:
Keywords:
Depends on:
Blocks: 148695
  Show dependency treegraph
 
Reported: 2015-10-02 18:46 PDT by Ryosuke Niwa
Modified: 2015-10-05 15:50 PDT (History)
4 users (show)

See Also:


Attachments
Fixes the crash (3.58 KB, patch)
2015-10-02 18:48 PDT, Ryosuke Niwa
cdumez: review+
cdumez: commit-queue-
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Ryosuke Niwa 2015-10-02 18:46:26 PDT
We're missing a null pointer check.
Comment 1 Ryosuke Niwa 2015-10-02 18:48:39 PDT
Created attachment 262375 [details]
Fixes the crash
Comment 2 Ryosuke Niwa 2015-10-05 14:29:49 PDT
ping?
Comment 3 Chris Dumez 2015-10-05 14:33:50 PDT
Comment on attachment 262375 [details]
Fixes the crash

View in context: https://bugs.webkit.org/attachment.cgi?id=262375&action=review

r=me with comments.

> Source/WebCore/style/RenderTreePosition.cpp:66
> +        if (PseudoElement* before = parent->beforePseudoElement())

auto*

> LayoutTests/fast/shadow-dom/shadow-root-with-child-whitespace-text-crash.html:14
> +host.attachShadow({mode: 'closed'}).innerHTML = ` <slot></slot> `;

Why are the quotes around the value so weird?
Comment 4 Ryosuke Niwa 2015-10-05 15:50:02 PDT
Committed r190585: <http://trac.webkit.org/changeset/190585>