RESOLVED FIXED 177905
Nullptr deref in WebCore::Node::computeEditability 
https://bugs.webkit.org/show_bug.cgi?id=177905
Summary Nullptr deref in WebCore::Node::computeEditability
Brent Fulgham
Reported 2017-10-04 17:13:58 PDT
Focus events can cause the current focused node to be cleared, resulting in a nullptr deref. Let's fix this!
Attachments
Patch (1.47 KB, patch)
2017-10-04 17:34 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews114 for mac-elcapitan (1.96 MB, application/zip)
2017-10-04 21:54 PDT, Build Bot 		no flags
Details
Patch (3.73 KB, patch)
2017-10-05 12:19 PDT, Brent Fulgham 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Brent Fulgham
Comment 1 2017-10-04 17:33:06 PDT
<rdar://problem/34138402>
Brent Fulgham
Comment 2 2017-10-04 17:34:20 PDT
Created attachment 322748 [details] Patch
Daniel Bates
Comment 3 2017-10-04 18:16:12 PDT
Comment on attachment 322748 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=322748&action=review Can we write a test for this change? > Source/WebCore/dom/Document.cpp:3864 > + // Focus change can run script, changing the node. Can you please elaborate on what script/DOM event is dispatched by calling setFocus()? > Source/WebCore/dom/Document.cpp:3865 > + if (!m_focusedElement || m_focusedElement != newFocusedElement) { Is the first disjunct necessary?
Build Bot
Comment 4 2017-10-04 21:54:27 PDT
Comment on attachment 322748 [details] Patch Attachment 322748 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/4762529 New failing tests: workers/wasm-long-compile.html
Build Bot
Comment 5 2017-10-04 21:54:28 PDT
Created attachment 322779 [details] Archive of layout-test-results from ews114 for mac-elcapitan The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews114 Port: mac-elcapitan Platform: Mac OS X 10.11.6
Brent Fulgham
Comment 6 2017-10-05 10:57:09 PDT
Comment on attachment 322748 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=322748&action=review >> Source/WebCore/dom/Document.cpp:3864 >> + // Focus change can run script, changing the node. > > Can you please elaborate on what script/DOM event is dispatched by calling setFocus()? Yes. I've got a reduced test case now, and I'll add some comments. >> Source/WebCore/dom/Document.cpp:3865 >> + if (!m_focusedElement || m_focusedElement != newFocusedElement) { > > Is the first disjunct necessary? Probably not. I'll remove it.
Brent Fulgham
Comment 7 2017-10-05 12:19:37 PDT
Created attachment 322880 [details] Patch
WebKit Commit Bot
Comment 8 2017-10-08 00:47:46 PDT
Comment on attachment 322880 [details] Patch Clearing flags on attachment: 322880 Committed r223028: <http://trac.webkit.org/changeset/223028>
WebKit Commit Bot
Comment 9 2017-10-08 00:47:48 PDT
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 10 2017-10-08 00:48:16 PDT
<rdar://problem/34874846>
Note You need to log in before you can comment on or make changes to this bug.