165926 – Possible nullptr dereference when applying pagination to viewport

Bug 165926 - Possible nullptr dereference when applying pagination to viewport

Summary: Possible nullptr dereference when applying pagination to viewport

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Brent Fulgham

URL:
Keywords:

Depends on:
Blocks:

Reported:	2016-12-15 15:32 PST by Brent Fulgham
Modified:	2016-12-16 16:49 PST (History)
CC List:	6 users (show)

See Also:

Attachments
Patch (1.50 KB, patch) 2016-12-16 11:10 PST, Brent Fulgham	no flags	Details \| Formatted Diff \| Diff
Patch (2.77 KB, patch) 2016-12-16 15:54 PST, zalan	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2016-12-15 15:32:51 PST

In FrameView::applyPaginationToViewport we check if documentElement is nullptr before accessing its renderer.

Later, we dereference documentElement without checking for null.

Comment 1 Brent Fulgham 2016-12-16 11:10:22 PST

Created attachment 297331 [details]
Patch

Comment 2 Brent Fulgham 2016-12-16 11:11:00 PST

Note: If documentElement is nullptr, documentRenderer will also be nullptr. We dereference both documentElement and documentRenderer without checking for null.

Comment 3 zalan 2016-12-16 15:54:42 PST

Created attachment 297366 [details]
Patch

Comment 4 WebKit Commit Bot 2016-12-16 16:49:09 PST

Comment on attachment 297366 [details]
Patch

Clearing flags on attachment: 297366

Committed r209951: <http://trac.webkit.org/changeset/209951>

Comment 5 WebKit Commit Bot 2016-12-16 16:49:13 PST

All reviewed patches have been landed.  Closing bug.