RESOLVED FIXED Bug 94628
DOM manipulation crashes the browser 
https://bugs.webkit.org/show_bug.cgi?id=94628
Summary DOM manipulation crashes the browser
Victor Carbune
Reported 2012-08-21 13:09:30 PDT
Creating a DOM track element by script and changing the mode crashes results in a browser crash.
Attachments
Fix and test (4.50 KB, patch)
2012-08-21 13:18 PDT, Victor Carbune 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Victor Carbune
Comment 1 2012-08-21 13:18:29 PDT
Created attachment 159750 [details] Fix and test
Victor Carbune
Comment 2 2012-08-21 13:21:10 PDT
Not sure if this is the best fix, but the spec doesn't have anything to say about combinations of DOM mutation and JS changes; Either way, we shouldn't crash, I'm open to suggestions.
Abhishek Arya
Comment 3 2012-08-21 18:16:32 PDT
isnt this a null pointer crash, if it yes, it is not a security bug
Radar WebKit Bug Importer
Comment 4 2012-08-21 18:16:55 PDT
<rdar://problem/12147515>
Victor Carbune
Comment 5 2012-08-21 18:19:10 PDT
(In reply to comment #3) > isnt this a null pointer crash, if it yes, it is not a security bug Indeed, it's just a null pointer crash; thought it might be more, initially.
WebKit Review Bot
Comment 6 2012-08-22 00:48:15 PDT
Comment on attachment 159750 [details] Fix and test Rejecting attachment 159750 [details] from commit-queue. victor@rosedu.org does not have committer permissions according to http://trac.webkit.org/browser/trunk/Tools/Scripts/webkitpy/common/config/committers.py. - If you do not have committer rights please read http://webkit.org/coding/contributing.html for instructions on how to use bugzilla flags. - If you have committer rights please correct the error in Tools/Scripts/webkitpy/common/config/committers.py by adding yourself to the file (no review needed). The commit-queue restarts itself every 2 hours. After restart the commit-queue will correctly respect your committer rights.
WebKit Review Bot
Comment 7 2012-08-22 12:27:19 PDT
Comment on attachment 159750 [details] Fix and test Clearing flags on attachment: 159750 Committed r126331: <http://trac.webkit.org/changeset/126331>
WebKit Review Bot
Comment 8 2012-08-22 12:27:22 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.