43139 – cross_fuzz window.styleMedia.matchMedium() NULL pointer with open document

RESOLVED DUPLICATE of bug 43677 43139

cross_fuzz window.styleMedia.matchMedium() NULL pointer with open document

https://bugs.webkit.org/show_bug.cgi?id=43139

Summary cross_fuzz window.styleMedia.matchMedium() NULL pointer with open document

Berend-Jan Wever

Reported 2010-07-28 12:49:37 PDT

Created attachment 62863 [details] Repro case Found as part of cross_fuzz investigation Repro: <body onload="document.open();window.styleMedia.matchMedium();"> id: WebCore::CSSStyleSelector::styleForElement ReadAV@NULL (dc7b32067c1b2c657a6337dd1beb1998) description: Attempt to read from NULL pointer (+0x24) in WebCore::CSSStyleSelector::styleForElement stack: WebCore::CSSStyleSelector::styleForElement WebCore::StyleMedia::matchMedium WebCore::StyleMediaInternal::matchMediumCallback v8::internal::HandleApiCallHelper<...> v8::internal::Builtin_HandleApiCall v8::internal::Invoke v8::internal::Execution::Call ...

Attachments
Repro case (65 bytes, text/html) 2010-07-28 12:49 PDT, Berend-Jan Wever	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Berend-Jan Wever

Comment 1 2010-08-05 02:02:40 PDT

Another similar crash, which does not appear to affect latest Chromium: <body onload="document.write();window.media.matchMedium();">

Adam Barth

Comment 2 2010-08-07 14:50:46 PDT

*** This bug has been marked as a duplicate of bug 43677 ***

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution DUPLICATE

of bug 43677

Priority P1

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Windows Vista

Product WebKit

Component DOM

Assignee

Nobody

Reported

2010-07-28 12:49 PDT

Modified

2010-08-07 14:50 PDT History

CC List

4 users Show

URL

Keywords

Depends on

Blocks

42959

Dependencies

tree graph