47353 – WebCore::DragController::concludeEditDrag ReadAV@NULL (37f719744f0b84bd607e9d16c87f2399)

NEW 47353

WebCore::DragController::concludeEditDrag ReadAV@NULL (37f719744f0b84bd607e9d16c87f2399)

https://bugs.webkit.org/show_bug.cgi?id=47353

Summary WebCore::DragController::concludeEditDrag ReadAV@NULL (37f719744f0b84bd607e9d...

Berend-Jan Wever

Reported 2010-10-07 09:04:18 PDT

Created attachment 70094 [details] Repro What steps will reproduce the problem? 1. Execute javascript "document.open()" in a page. 2. Drag an HTML file into the window of that page. 3. Crash Repro: <body onload="document.open()"></body> Drag that into the same window twice and you get a NULL pointer crash. Fund in latest Chrome/Chromium, this does not affect stable Safari. stack: WebCore::DragController::concludeEditDrag WebCore::DragController::performDrag WebKit::WebViewImpl::dragTargetDrop RenderView::OnDragTargetDrop IPC::MessageWithTuple<...>::Dispatch<RenderView,void RenderView::OnMessageReceived MessageRouter::RouteMessage MessageRouter::OnMessageReceived ChildThread::OnMessageReceived RunnableMethod<ExtensionsService,void MessageLoop::RunTask MessageLoop::DoWork base::MessagePumpDefault::Run MessageLoop::RunInternal MessageLoop::Run RendererMain ChromeMain

Attachments
Repro (206 bytes, text/html) 2010-10-07 09:04 PDT, Berend-Jan Wever	no flags	Details
View All Add attachment proposed patch, testcase, etc.

Note You need to log in before you can comment on or make changes to this bug.

Status NEW

Resolution

Priority P1

Severity Normal

Classification Unclassified

Version 528+ (Nightly build)

Hardware PC

OS Windows Vista

Product WebKit

Component DOM

Assignee

Nobody

Reported

2010-10-07 09:04 PDT

Modified

2010-10-07 09:04 PDT History

CC List

1 user Show

URL

Keywords

Depends on

Blocks