263100 – Nullptr crash in elementCannotHaveEndTag

RESOLVED FIXED 263100

Nullptr crash in elementCannotHaveEndTag

https://bugs.webkit.org/show_bug.cgi?id=263100

Summary Nullptr crash in elementCannotHaveEndTag

Ryosuke Niwa

Reported 2023-10-12 18:13:23 PDT

e.g. 0 WebCore 0x1a63261b0 WebCore::elementCannotHaveEndTag(WebCore::Node const&) + 25534896 1 WebCore 0x1a6325c68 WebCore::MarkupAccumulator::serializeNodesWithNamespaces(WebCore::Node&, WebCore::SerializedNodes, WTF::HashMap<WTF::AtomString, WTF::AtomStringImpl*, WTF::DefaultHash<WTF::AtomString>, WTF::HashTraits<WTF::AtomString>, WTF::HashTraits<WTF::AtomStringImpl*>, WTF::HashTableTraits> const*, WTF::Vector<WebCore::QualifiedName, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*) + 25533544 2 WebCore 0x1a63942e8 WebCore::MarkupAccumulator::serializeNodes(WebCore::Node&, WebCore::SerializedNodes, WTF::Vector<WebCore::QualifiedName, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*) + 25985768 [inlined] 3 WebCore 0x1a63942e8 WebCore::serializeFragment(WebCore::Node const&, WebCore::SerializedNodes, WTF::Vector<WebCore::Node*, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, WebCore::ResolveURLs, WTF::Vector<WebCore::QualifiedName, 0ul, WTF::CrashOnOverflow, 16ul, WTF::FastMalloc>*, std::__1::optional<WebCore::SerializationSyntax>) + 25985768 4 WebCore 0x1a5133f48 WebCore::Element::innerHTML() const + 6717256 [inlined] 5 WebCore 0x1a5133f48 WebCore::jsElement_innerHTMLGetter(JSC::JSGlobalObject&, WebCore::JSElement&) + 6717256 [inlined] 6 WebCore 0x1a5133f48 long long WebCore::IDLAttribute<WebCore::JSElement>::get<&(WebCore::jsElement_innerHTMLGetter(JSC::JSGlobalObject&, WebCore::JSElement&)), (WebCore::CastedThisErrorBehavior)3>(JSC::JSGlobalObject&, long long, JSC::PropertyName) + 6717256 [inlined] 7 WebCore 0x1a5133f48 WebCore::jsElement_innerHTML(JSC::JSGlobalObject*, long long, JSC::PropertyName) + 6717256 8 JavaScriptCore 0x1a19dc5fc WTF::FunctionPtr<(WTF::PtrTag)28802, long long (JSC::JSGlobalObject*, long long, JSC::PropertyName), <rdar://116331745>

Attachments
Add attachment proposed patch, testcase, etc.

Ryosuke Niwa

Comment 1 2023-10-12 18:17:48 PDT

Pull request: https://github.com/WebKit/WebKit/pull/19035

EWS

Comment 2 2023-10-13 14:57:28 PDT

Committed 269320@main (a32bbf9a6209): <https://commits.webkit.org/269320@main> Reviewed commits have been landed. Closing PR #19035 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component HTML Editing

Assignee

Ryosuke Niwa

Reported

2023-10-12 18:13 PDT

Modified

2023-10-13 14:57 PDT History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks