RESOLVED FIXED 209909
Avoid null deref after inserting a text field with a list attribute 
https://bugs.webkit.org/show_bug.cgi?id=209909
Summary Avoid null deref after inserting a text field with a list attribute
Wenson Hsieh
Reported 2020-04-02 09:02:19 PDT
<rdar://problem/60742229>
Attachments
Fixes the crash (11.70 KB, patch)
2020-04-02 09:57 PDT, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
Add description to test case (12.07 KB, patch)
2020-04-02 10:04 PDT, Wenson Hsieh 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Wenson Hsieh
Comment 1 2020-04-02 09:57:17 PDT Comment hidden (obsolete)
Wenson Hsieh
Comment 2 2020-04-02 10:04:53 PDT
Created attachment 395276 [details] Add description to test case
Ryosuke Niwa
Comment 3 2020-04-02 10:32:38 PDT
Comment on attachment 395276 [details] Add description to test case View in context: https://bugs.webkit.org/attachment.cgi?id=395276&action=review > Source/WebCore/html/HTMLInputElement.cpp:1558 > +#if ENABLE(DATALIST_ELEMENT) > + if (isConnected() && m_hasNonEmptyList) > + dataListMayHaveChanged(); > +#endif By this time, author scripts may have ran so it's possible that some code that would have accessed things like computed style and bounding rect that rely on the updated style. I guess that's okay because this only affects painting?
Wenson Hsieh
Comment 4 2020-04-02 10:38:16 PDT
Comment on attachment 395276 [details] Add description to test case View in context: https://bugs.webkit.org/attachment.cgi?id=395276&action=review >> Source/WebCore/html/HTMLInputElement.cpp:1558 >> +#endif > > By this time, author scripts may have ran so it's possible that some code that > would have accessed things like computed style and bounding rect that rely on the updated style. > I guess that's okay because this only affects painting? Yes — I /believe/ this is okay, since only content inside the input’s UA shadow root will be affected (which isn’t visible to author script at all), so this should only have an impact on painting.
Ryosuke Niwa
Comment 5 2020-04-02 11:01:10 PDT
(In reply to Wenson Hsieh from comment #4) > Comment on attachment 395276 [details] > Add description to test case > > View in context: > https://bugs.webkit.org/attachment.cgi?id=395276&action=review > > >> Source/WebCore/html/HTMLInputElement.cpp:1558 > >> +#endif > > > > By this time, author scripts may have ran so it's possible that some code that > > would have accessed things like computed style and bounding rect that rely on the updated style. > > I guess that's okay because this only affects painting? > > Yes — I /believe/ this is okay, since only content inside the input’s UA > shadow root will be affected (which isn’t visible to author script at all), > so this should only have an impact on painting. Sounds good.
EWS
Comment 6 2020-04-02 12:06:52 PDT
Committed r259402: <https://trac.webkit.org/changeset/259402> All reviewed patches have been landed. Closing bug and clearing flags on attachment 395276 [details].
Note You need to log in before you can comment on or make changes to this bug.