161899 – Null-pointer dereference in WebCore::MediaPlayer::getStartDate

Bug 161899 - Null-pointer dereference in WebCore::MediaPlayer::getStartDate

Summary: Null-pointer dereference in WebCore::MediaPlayer::getStartDate

Status:	RESOLVED DUPLICATE of bug 16898

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Media (show other bugs)
Version:	Safari Technology Preview
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-09-13 02:29 PDT by codecolorist
Modified:	2016-09-13 02:51 PDT (History)
CC List:	0 users

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description codecolorist 2016-09-13 02:29:23 PDT

In webkit/Source/WebCore/html/HTMLMediaElement.cpp, the method HTMLMediaElement::getStartDate doesn't check if m_player is null:

double HTMLMediaElement::getStartDate() const
{
    return m_player->getStartDate().toDouble();
}

So this simple one line javascript can crash the browser:

document.createElement('video').getStartDate()

Comment 1 codecolorist 2016-09-13 02:51:56 PDT


*** This bug has been marked as a duplicate of bug 16898 ***