165926 – Possible nullptr dereference when applying pagination to viewport

RESOLVED FIXED 165926

Possible nullptr dereference when applying pagination to viewport

https://bugs.webkit.org/show_bug.cgi?id=165926

Summary Possible nullptr dereference when applying pagination to viewport

Brent Fulgham

Reported 2016-12-15 15:32:51 PST

In FrameView::applyPaginationToViewport we check if documentElement is nullptr before accessing its renderer. Later, we dereference documentElement without checking for null.

Attachments
Patch (1.50 KB, patch) 2016-12-16 11:10 PST, Brent Fulgham	no flags	Details Formatted Diff Diff
Patch (2.77 KB, patch) 2016-12-16 15:54 PST, zalan	no flags	Details Formatted Diff Diff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2016-12-16 11:10:22 PST

Created attachment 297331 [details] Patch

Brent Fulgham

Comment 2 2016-12-16 11:11:00 PST

Note: If documentElement is nullptr, documentRenderer will also be nullptr. We dereference both documentElement and documentRenderer without checking for null.

zalan

Comment 3 2016-12-16 15:54:42 PST

Created attachment 297366 [details] Patch

WebKit Commit Bot

Comment 4 2016-12-16 16:49:09 PST

Comment on attachment 297366 [details] Patch Clearing flags on attachment: 297366 Committed r209951: <http://trac.webkit.org/changeset/209951>

WebKit Commit Bot

Comment 5 2016-12-16 16:49:13 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component WebCore Misc.

Assignee

Brent Fulgham

Reported

2016-12-15 15:32 PST

Modified

2016-12-16 16:49 PST History

CC List

6 users Show

URL

Keywords

Depends on

Blocks