RESOLVED FIXED 39448
Crash when XHTMLMP is enabled 
https://bugs.webkit.org/show_bug.cgi?id=39448
Summary Crash when XHTMLMP is enabled
Yong Li
Reported 2010-05-20 14:24:55 PDT
In Document's ctor: #if ENABLE(XHTMLMP) m_shouldProcessNoScriptElement = m_frame->script()->canExecuteScripts(NotAboutToExecuteScript); #endif But m_frame can be null. DOMImplementation::createDocument() has a path to call Document::create(0), where 0 is the frame pointer. Patch is coming. it will be simply like this - m_shouldProcessNoScriptElement = m_frame->script()->canExecuteScripts(NotAboutToExecuteScript); + m_shouldProcessNoScriptElement = m_frame && m_frame->script()->canExecuteScripts(NotAboutToExecuteScript);
Attachments
The patch (1.16 KB, patch)
2010-05-20 14:50 PDT, Yong Li 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Yong Li
Comment 1 2010-05-20 14:50:58 PDT
Created attachment 56635 [details] The patch
Alexey Proskuryakov
Comment 2 2010-05-20 17:02:58 PDT
+ No new tests because it is obvious and it must be reproduced with + XHTMLMP enabled. I'm not convinced by this explanation. Documents with XHTML Mobile doctype are treated as XHTML when XHTMLMP is not enabled, so such a test would work in Safari - even if it would pass regardless of this fix.
Yong Li
Comment 3 2010-05-20 18:44:08 PDT
(In reply to comment #2) > + No new tests because it is obvious and it must be reproduced with > + XHTMLMP enabled. > > I'm not convinced by this explanation. Documents with XHTML Mobile doctype are treated as XHTML when XHTMLMP is not enabled, so such a test would work in Safari - even if it would pass regardless of this fix. It doesn't need a XHMTL doc to happen. I believe there must be a current layout test that can trigger this. I'll try to find one.
Yong Li
Comment 4 2010-05-20 19:09:19 PDT
XMLHttpReqeust can call Document::create(0). I've seen the problem can be reproduced with this test case. LayoutTests\http\tests\xmlhttprequest\docLoaderFrame.html
WebKit Commit Bot
Comment 5 2010-05-22 15:04:53 PDT
Comment on attachment 56635 [details] The patch Clearing flags on attachment: 56635 Committed r60016: <http://trac.webkit.org/changeset/60016>
WebKit Commit Bot
Comment 6 2010-05-22 15:04:59 PDT
All reviewed patches have been landed. Closing bug.
WebKit Review Bot
Comment 7 2010-05-22 15:12:49 PDT
http://trac.webkit.org/changeset/60017 might have broken Qt Linux ARMv5 Release
Lucas Forschler
Comment 8 2019-02-06 09:04:06 PST
Mass moving XML DOM bugs to the "DOM" Component.
Note You need to log in before you can comment on or make changes to this bug.