74938 – Web Inspector: CSSStyleSheet::cssRules can return 0 and InspectorStyleSheet dosen't check

Bug 74938 - Web Inspector: CSSStyleSheet::cssRules can return 0 and InspectorStyleSheet dosen't check

Summary: Web Inspector: CSSStyleSheet::cssRules can return 0 and InspectorStyleSheet d...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Web Inspector (Deprecated) (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Alexander Pavlov (apavlov)

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2011-12-20 09:58 PST by Timothy Hatcher
Modified:	2011-12-21 05:45 PST (History)
CC List:	11 users (show)

See Also:

Attachments
Patch (1.58 KB, patch) 2011-12-21 02:16 PST, Alexander Pavlov (apavlov)	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Timothy Hatcher 2011-12-20 09:58:39 PST

InspectorStyleSheet looks like it can run into security origin checks in CSSStyleSheet::cssRules. There should be a way to prevent the security origin checks or at the very least catch the null and bail from InspectorStyleSheet.

Steps:
1) Navigate to http://www.theonion.com/articles/circus-train-wreck-not-funny-investigators-emphasi,21252/
2) Select paywall pop-up element and inspect it
3) Add new style rule
4) Press enter to type in new style rule such as "display: none"

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore             	0x00007fff932d4b50 WebCore::CSSRuleList::length() const + 4
1   com.apple.WebCore             	0x00007fff9374c341 WebCore::InspectorStyleSheet::addRule(WTF::String const&) + 181
2   com.apple.WebCore             	0x00007fff9374c0dc WebCore::InspectorCSSAgent::addRule(WTF::String*, int, WTF::String const&, WTF::RefPtr<WebCore::InspectorObject>*) + 82
3   com.apple.WebCore             	0x00007fff9374bba0 WebCore::InspectorBackendDispatcher::CSS_addRule(long, WebCore::InspectorObject*) + 668
4   com.apple.WebCore             	0x00007fff936ef928 WebCore::InspectorBackendDispatcher::dispatch(WTF::String const&) + 14266
5   com.apple.WebCore             	0x00007fff936ec0f6 WebCore::jsInspectorFrontendHostPrototypeFunctionSendMessageToBackend(JSC::ExecState*) + 246
6   ???                           	0x00003e42116011e8 0 + 68453480272360
7   com.apple.JavaScriptCore      	0x00007fff8ffdcf96 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1046
8   com.apple.JavaScriptCore      	0x00007fff8ffdcb6d JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 45
9   com.apple.WebCore             	0x00007fff931a349d WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1195
10  com.apple.WebCore             	0x00007fff931a2f74 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 494
11  com.apple.WebCore             	0x00007fff930c2393 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 85
12  com.apple.WebCore             	0x00007fff930c2480 WebCore::Node::handleLocalEvents(WebCore::Event*) + 180
13  com.apple.WebCore             	0x00007fff930c1b04 WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 832
14  com.apple.WebCore             	0x00007fff930c1788 WebCore::EventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 40
15  com.apple.WebCore             	0x00007fff930c1689 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WebCore::EventDispatchMediator const&) + 41
16  com.apple.WebCore             	0x00007fff930c15f7 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 55
17  com.apple.WebCore             	0x00007fff931d7d28 WebCore::Node::dispatchBlurEvent() + 82
18  com.apple.WebCore             	0x00007fff93119a83 WebCore::Document::setFocusedNode(WTF::PassRefPtr<WebCore::Node>) + 251
19  com.apple.WebCore             	0x00007fff931adb4b WebCore::FocusController::setFocusedNode(WebCore::Node*, WTF::PassRefPtr<WebCore::Frame>) + 645
20  com.apple.WebCore             	0x00007fff9326c0ba WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 618
21  com.apple.WebCore             	0x00007fff9326f6a5 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 1557
22  com.apple.WebKit2             	0x00007fff902d33fd WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) + 267
23  com.apple.WebKit2             	0x00007fff902f9882 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) + 74
24  com.apple.WebKit2             	0x00007fff90260f26 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 172
25  com.apple.WebKit2             	0x00007fff90260e3f CoreIPC::Connection::dispatchMessages() + 145
26  com.apple.WebKit2             	0x00007fff9025d77f RunLoop::performWork() + 111

<rdar://problem/10066239>

Comment 1 Alexander Pavlov (apavlov) 2011-12-21 02:16:58 PST

Created attachment 120162 [details]
Patch

Comment 2 WebKit Review Bot 2011-12-21 05:45:27 PST

Comment on attachment 120162 [details]
Patch

Clearing flags on attachment: 120162

Committed r103403: <http://trac.webkit.org/changeset/103403>

Comment 3 WebKit Review Bot 2011-12-21 05:45:31 PST

All reviewed patches have been landed.  Closing bug.