273735 – REGRESSION (277924@main): nullptr deref crash calling XSLTProcessor.transformToFragment() before parsing XML

NEW273735

REGRESSION (277924@main): nullptr deref crash calling XSLTProcessor.transformToFragment() before parsing XML

https://bugs.webkit.org/show_bug.cgi?id=273735

Summary REGRESSION (277924@main): nullptr deref crash calling XSLTProcessor.transform...

David Kilzer (:ddkilzer)

Reported 2024-05-04 10:08:44 PDT

A nullptr deref crash occurs when calling XSLTProcessor.transformToFragment() before any XML document is parsed because WebCore::defaultEntityLoader was not initialized. Regressed with: REGRESSION (269108@main): Same-origin XSLT document() loads fail <https://bugs.webkit.org/show_bug.cgi?id=273106> <rdar://126897034> <https://commits.webkit.org/277924@main> <rdar://127496002>

Attachments
Add attachment proposed patch, testcase, etc.

David Kilzer (:ddkilzer)

Comment 1 2024-05-04 11:07:16 PDT

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P2

Severity Normal

Classification Unclassified

Version Other

Hardware Unspecified

OS Unspecified

Product WebKit

Component XML

Assignee

David Kilzer (:ddkilzer)

Reported

2024-05-04 10:08 PDT

Modified

2024-05-04 11:07 PDT History

CC List

1 user Show

URL

Keywords InRadar

Depends on

273106

Blocks

Dependencies

tree graph