33913 – Crash under Media::matchMedium in detached frame

RESOLVED FIXED Bug 33913

Crash under Media::matchMedium in detached frame

https://bugs.webkit.org/show_bug.cgi?id=33913

Summary Crash under Media::matchMedium in detached frame

Alexey Proskuryakov

Reported 2010-01-20 10:41:10 PST

Caught this with DOM Fuzzer. I have a reduction that crashes in a slightly different manner, but in both cases, it's a null dereference due to null m_window->document().

Attachments
proposed fix (8.57 KB, patch) 2010-01-20 10:56 PST, Alexey Proskuryakov	simon.fraser: review+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Alexey Proskuryakov

Comment 1 2010-01-20 10:56:04 PST

Created attachment 47048 [details] proposed fix

Alexey Proskuryakov

Comment 2 2010-01-20 11:01:27 PST

Committed revision 53555.

Alexey Proskuryakov

Comment 3 2010-08-09 06:34:07 PDT

> Removed null check for document element - every document has one. Untrue, see bug 31353.

Alexey Proskuryakov

Comment 4 2010-09-29 08:26:03 PDT

I guess I meant bug 43677.

Alexey Proskuryakov

Comment 5 2010-09-29 08:26:50 PDT

*** Bug 31353 has been marked as a duplicate of this bug. ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware All

OS All

Product WebKit

Component WebCore JavaScript

Assignee

Alexey Proskuryakov

Reported

2010-01-20 10:41 PST

Modified

2010-09-29 08:26 PDT History

CC List

1 user Show

URL

Keywords

Duplicates (1)

31353 View as bug list

Depends on

Blocks

29692

Dependancies

tree graph