94628 – DOM manipulation crashes the browser

Bug 94628 - DOM manipulation crashes the browser

Summary: DOM manipulation crashes the browser

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Media (show other bugs)
Version:	528+ (Nightly build)
Hardware:	All All

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2012-08-21 13:09 PDT by Victor Carbune
Modified:	2012-08-22 12:27 PDT (History)
CC List:	5 users (show)

See Also:

Attachments
Fix and test (4.50 KB, patch) 2012-08-21 13:18 PDT, Victor Carbune	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Carbune 2012-08-21 13:09:30 PDT

Creating a DOM track element by script and changing the mode crashes results in a browser crash.

Comment 1 Victor Carbune 2012-08-21 13:18:29 PDT

Created attachment 159750 [details]
Fix and test

Comment 2 Victor Carbune 2012-08-21 13:21:10 PDT

Not sure if this is the best fix, but the spec doesn't have anything to say about combinations of DOM mutation and JS changes;

Either way, we shouldn't crash, I'm open to suggestions.

Comment 3 Abhishek Arya 2012-08-21 18:16:32 PDT

isnt this a null pointer crash, if it yes, it is not a security bug

Comment 4 Radar WebKit Bug Importer 2012-08-21 18:16:55 PDT

<rdar://problem/12147515>

Comment 5 Victor Carbune 2012-08-21 18:19:10 PDT

(In reply to comment #3)
> isnt this a null pointer crash, if it yes, it is not a security bug
Indeed, it's just a null pointer crash; thought it might be more, initially.

Comment 6 WebKit Review Bot 2012-08-22 00:48:15 PDT

Comment on attachment 159750 [details]
Fix and test

Rejecting attachment 159750 [details] from commit-queue.

victor@rosedu.org does not have committer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/committers.py.

- If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags.

- If you have committer rights please correct the error in Tools/Scripts/webkitpy/common/config/committers.py by adding yourself to the file (no review needed).  The commit-queue restarts itself every 2 hours.  After restart the commit-queue will correctly respect your committer rights.

Comment 7 WebKit Review Bot 2012-08-22 12:27:19 PDT

Comment on attachment 159750 [details]
Fix and test

Clearing flags on attachment: 159750

Committed r126331: <http://trac.webkit.org/changeset/126331>

Comment 8 WebKit Review Bot 2012-08-22 12:27:22 PDT

All reviewed patches have been landed.  Closing bug.