Bug 236409 - null ptr deref in WebCore::HTMLModelElement::enterFullscreen()
Summary: null ptr deref in WebCore::HTMLModelElement::enterFullscreen()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Gabriel Nava Marino
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2022-02-09 14:40 PST by Gabriel Nava Marino
Modified: 2022-02-15 01:05 PST (History)
4 users (show)

See Also:

Attachments
Patch (3.88 KB, patch)
2022-02-09 14:45 PST, Gabriel Nava Marino 		graouts: review+
ews-feeder: commit-queue-
Details | Formatted Diff | Diff
Patch (5.17 KB, patch)
2022-02-10 11:03 PST, Gabriel Nava Marino 		no flags Details | Formatted Diff | Diff
Patch (3.85 KB, patch)
2022-02-11 09:55 PST, Gabriel Nava Marino 		no flags Details | Formatted Diff | Diff
Patch (3.90 KB, patch)
2022-02-14 10:53 PST, Gabriel Nava Marino 		no flags Details | Formatted Diff | Diff
Show Obsolete (3) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Gabriel Nava Marino 2022-02-09 14:40:10 PST 
m_modelPlayer is a RefPtr that can become nullptr, so it needs a check before dereferencing.

<rdar://problem/88475491>
Comment 1 Gabriel Nava Marino 2022-02-09 14:45:01 PST 
Created attachment 451445 [details]
Patch
Comment 2 Antoine Quint 2022-02-09 23:52:15 PST 
This method is only defined on Cocoa ports, so make sure to only run this test on those platforms.
Comment 3 Gabriel Nava Marino 2022-02-10 11:03:39 PST 
Created attachment 451574 [details]
Patch
Comment 4 Gabriel Nava Marino 2022-02-10 11:08:15 PST 
(In reply to Antoine Quint from comment #2)
> This method is only defined on Cocoa ports, so make sure to only run this
> test on those platforms.

Thank you, I have updated TestExpectations for those platforms.
Comment 5 Tim Nguyen (:ntim) 2022-02-10 15:48:43 PST 
Comment on attachment 451574 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=451574&action=review

> Source/WebCore/ChangeLog:14
> +        Test: fast/model-element/model-element-enter-fullscreen-crash.html

Can you move this test in the LayoutTests/model-element folder instead of creating a new subfolder under LayoutTests/fast ?

The LayoutTests/model-element folder is already correctly skipped on non-Cocoa platforms, so you can also remove your changes in the gtk/win TestExpectations files.
Comment 6 Gabriel Nava Marino 2022-02-11 09:55:50 PST 
Created attachment 451715 [details]
Patch
Comment 7 Antoine Quint 2022-02-11 12:52:33 PST 
Comment on attachment 451715 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=451715&action=review

> LayoutTests/model-element/model-element-enter-fullscreen-crash.html:3
> +  internals.settings.setModelElementEnabled(true);

You don't need that line, it's already enabled in WKTR.
Comment 8 Gabriel Nava Marino 2022-02-14 10:53:12 PST 
Created attachment 451923 [details]
Patch
Comment 9 EWS 2022-02-15 01:05:48 PST 
Committed r289794 (247259@main): <https://commits.webkit.org/247259@main>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 451923 [details].