31545 – WebCore::SelectionController::setSelection NULL pointer

Bug 31545 - WebCore::SelectionController::setSelection NULL pointer

Summary: WebCore::SelectionController::setSelection NULL pointer

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	SVG (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Windows Vista

Importance:	P1 Normal
Assignee:	Nobody

URL:	http://skypher.com/SkyLined/Repro/Web...
Keywords:

Depends on:
Blocks:

Reported:	2009-11-16 04:34 PST by Berend-Jan Wever
Modified:	2010-03-23 22:40 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Repro case (188 bytes, text/html) 2009-11-16 04:34 PST, Berend-Jan Wever	no flags	Details
patch v0; add NULL check (2.94 KB, patch) 2010-03-23 03:23 PDT, Hajime Morrita	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Berend-Jan Wever 2009-11-16 04:34:45 PST

Created attachment 43293 [details]
Repro case

The below code causes a NULL pointer:

<SCRIPT>
html_document=document.implementation.createHTMLDocument();
svg_element=html_document.createElementNS("http://www.w3.org/2000/svg","svg");
svg_element.deselectAll();
</SCRIPT>

Relevant functions on stack:
WebCore::SelectionController::setSelection(class WebCore::VisibleSelection * s = 0x0012ef0c, bool closeTyping = true, bool clearTypingStyle = true, bool userTriggered = false)+0x9
WebCore::SelectionController::clear(void)+0x1f
WebCore::SVGSVGElementInternal::deselectAllCallback(class v8::Arguments * args = 0x0012efac)+0x4c

Comment 1 Berend-Jan Wever 2009-11-16 04:37:42 PST

Added link to online repro

Comment 2 Hajime Morrita 2010-03-23 03:23:06 PDT

Created attachment 51405 [details]
patch v0; add NULL check

Comment 3 Berend-Jan Wever 2010-03-23 04:02:19 PDT

LGTM

Comment 4 Hajime Morrita 2010-03-23 04:15:35 PDT

Comment on attachment 51405 [details]
patch v0; add NULL check

Thank you for reviewing!

I cannot figure out what style-cheker claims.
It is OK for my local working copy...

Comment 5 Dimitri Glazkov (Google) 2010-03-23 08:50:53 PDT

Comment on attachment 51405 [details]
patch v0; add NULL check

Please don't r+ the patch unless you're a reviewer.

Comment 6 Alexey Proskuryakov 2010-03-23 09:01:24 PDT

Comment on attachment 51405 [details]
patch v0; add NULL check

> +++ b/LayoutTests/svg/dom/frame-related-api-during-load-expected.txt
> @@ -0,0 +1 @@
> +OK unless it got crashed.

A test should ideally say a few words about what is being tested, and maybe provide a link to the bug.

r=me as is though.

Comment 7 WebKit Commit Bot 2010-03-23 10:10:48 PDT

Comment on attachment 51405 [details]
patch v0; add NULL check

Clearing flags on attachment: 51405

Committed r56401: <http://trac.webkit.org/changeset/56401>

Comment 8 WebKit Commit Bot 2010-03-23 10:10:52 PDT

All reviewed patches have been landed.  Closing bug.

Comment 9 Hajime Morrita 2010-03-23 22:40:16 PDT

ap: Thank you for reviewing.
> A test should ideally say a few words about what is being tested, and maybe
> provide a link to the bug.
Agreed. So I filed this fix on Bug 36517 with a patch.