WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
19517
DOM modification of textArea causes Access Violation (NULL pointer?)
https://bugs.webkit.org/show_bug.cgi?id=19517
Summary
DOM modification of textArea causes Access Violation (NULL pointer?)
Berend-Jan Wever
Reported
2008-06-12 04:24:58 PDT
I found that the following javascript causes an Access Violation. This appears to be a NULL pointer: <BODY onload="go()"><SCRIPT> function go() { document.body.parentElement.removeChild(document.body); o = document.createElement("textArea"); o.innerHTML='<b><menu><link></b><head></head>x'; } </SCRIPT></BODY> Tested with Safari 3.1.1. Marked as security, I'm not sure if you treat DoS as a security issue, so erring on the safe side.
Attachments
proposed patch
(2.26 KB, patch)
2009-05-20 03:32 PDT
,
Alexey Proskuryakov
darin
: review+
Details
Formatted Diff
Diff
View All
Add attachment
proposed patch, testcase, etc.
Berend-Jan Wever
Comment 1
2008-06-13 06:29:21 PDT
Changing priority and security flag
Mark Rowe (bdash)
Comment 2
2008-06-13 14:52:41 PDT
<
rdar://problem/6007112
>
Arvind
Comment 3
2009-05-19 23:13:13 PDT
Hi, I am trying to analyse this bug.But when I open the safari window in debug mode I am not able to reproduce this scenario.Is there a solution to reproduce this scenario in debug mode as well ?
Alexey Proskuryakov
Comment 4
2009-05-20 03:25:37 PDT
I cannot reproduce this with nightlies either (but I can reproduce with Safari 3.2.3).
Alexey Proskuryakov
Comment 5
2009-05-20 03:32:14 PDT
Created
attachment 30503
[details]
proposed patch So, let's just add a test.
Alexey Proskuryakov
Comment 6
2009-05-21 05:35:18 PDT
Test committed
r43966
.
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug