WebKit Bugzilla
New
Browse
Log In
×
Sign in with GitHub
or
Remember my login
Create Account
·
Forgot Password
Forgotten password account recovery
RESOLVED FIXED
261421
REGRESSION(
267280@main
): costco.com crash in WebCore::ShorthandSerializer::serializeGridTemplate const
https://bugs.webkit.org/show_bug.cgi?id=261421
Summary
REGRESSION(267280@main): costco.com crash in WebCore::ShorthandSerializer::se...
Sammy Gill
Reported
2023-09-11 11:41:25 PDT
Created
attachment 467643
[details]
Testcase Costco's checkout page uses element.TextContent = "" and this ends up disconnecting some nodes from the tree. When the ShorthandSerializer tries to get the value for each of the longhands of grid-template, the ComputedStyleExtractor is unable to resolve the RenderStyle to use via computeRenderStyleForProperty and returns nullptr for the longhand value. This results in a hard nullptr deref ShorthandSerializer::longhandValue
Attachments
Testcase
(453 bytes, text/html)
2023-09-11 11:41 PDT
,
Sammy Gill
no flags
Details
View All
Add attachment
proposed patch, testcase, etc.
Sammy Gill
Comment 1
2023-09-11 11:42:15 PDT
rdar://115046351
Sammy Gill
Comment 2
2023-09-11 11:54:04 PDT
Pull request:
https://github.com/WebKit/WebKit/pull/17661
Sammy Gill
Comment 3
2023-09-12 14:10:09 PDT
Submitted web-platform-tests pull request:
https://github.com/web-platform-tests/wpt/pull/41946
EWS
Comment 4
2023-09-14 09:19:48 PDT
Committed
267989@main
(7d7be769ce2d): <
https://commits.webkit.org/267989@main
> Reviewed commits have been landed. Closing PR #17661 and removing active labels.
Sammy Gill
Comment 5
2023-09-25 11:45:40 PDT
***
Bug 261760
has been marked as a duplicate of this bug. ***
Note
You need to
log in
before you can comment on or make changes to this bug.
Top of Page
Format For Printing
XML
Clone This Bug