Bug 61511 - WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL
Summary: WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: DOM (show other bugs)
Version: 528+ (Nightly build)
Hardware: PC Windows Vista
: P1 Normal
Assignee: Hajime Morrita
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-05-26 01:09 PDT by Berend-Jan Wever
Modified: 2011-05-27 11:18 PDT (History)
4 users (show)

See Also:

Attachments
Patch (3.33 KB, patch)
2011-05-26 22:21 PDT, Hajime Morrita 		tkent: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Berend-Jan Wever 2011-05-26 01:09:11 PDT 
Chromium: https://code.google.com/p/chromium/issues/detail?id=84018

Repro:
<body onload="f()"></body>
<script>
  function f() {
    var oImg = new Image();
    document.open();
    oImg.innerHTML = "<summary>";
    document.insertBefore(oImg.lastChild, null);
  }
</script>

id:             chrome.dll!WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL (2d237efc21d08331051148bfdb203706)
description:    Attempt to read from unallocated NULL pointer+0x8 in chrome.dll!WebCore::HTMLSummaryElement::isMainSummary
application:    Chromium 13.0.777.0
stack:          chrome.dll!WebCore::HTMLSummaryElement::isMainSummary
                chrome.dll!WebCore::DetailsMarkerControl::rendererIsNeeded
                chrome.dll!WebCore::NodeRendererFactory::createRendererAndStyle
                chrome.dll!WebCore::NodeRendererFactory::createRendererIfNeeded
                chrome.dll!WebCore::Node::createRendererIfNeeded
                chrome.dll!WebCore::Element::attach
                chrome.dll!WebCore::ContainerNode::attach
                chrome.dll!WebCore::ShadowRoot::attach
                chrome.dll!WebCore::Element::attach
                chrome.dll!WebCore::Element::recalcStyle
                chrome.dll!WebCore::Document::recalcStyle
                chrome.dll!WebCore::Document::updateStyleIfNeeded
                chrome.dll!WebCore::Document::implicitClose
                chrome.dll!WebCore::FrameLoader::checkCompleted
                chrome.dll!WebCore::FrameLoader::finishedParsing
                chrome.dll!WebCore::Document::finishedParsing
                chrome.dll!WebCore::HTMLDocumentParser::prepareToStopParsing
                chrome.dll!WebCore::DocumentWriter::endIfNotLoadingMainResource
                chrome.dll!WebCore::FrameLoader::finishedLoading
                chrome.dll!WebCore::MainResourceLoader::didFinishLoading
                chrome.dll!WebCore::ResourceLoader::didFinishLoading
                chrome.dll!WebCore::ResourceHandleInternal::didFinishLoading
                chrome.dll!webkit_glue::WebURLLoaderImpl::Context::OnCompletedRequest
                chrome.dll!ResourceDispatcher::OnRequestComplete
                chrome.dll!IPC::MessageWithTuple<...>::Dispatch<ResourceDispatcher,ResourceDispatcher,void
                chrome.dll!ResourceDispatcher::DispatchMessageW
                chrome.dll!ResourceDispatcher::OnMessageReceived
                chrome.dll!ChildThread::OnMessageReceived
                chrome.dll!RunnableMethod<DetectTabLanguageFunction,void
                chrome.dll!`anonymous namespace'::TaskClosureAdapter::Run
                ...
Comment 1 Hajime Morrita 2011-05-26 22:21:38 PDT 
Created attachment 95114 [details]
Patch
Comment 2 Kent Tamura 2011-05-27 00:02:18 PDT 
Comment on attachment 95114 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=95114&action=review

> LayoutTests/ChangeLog:5
> +        WebCore::HTMLSummaryElement::isMainSummary ReadAV@NULL

nit: ReadAV@NULL is not normal English.
Comment 3 Hajime Morrita 2011-05-27 00:27:09 PDT 
Committed r87480: <http://trac.webkit.org/changeset/87480>
Comment 4 Ademar Reis 2011-05-27 11:18:21 PDT 
Revision r87480 cherry-picked into qtwebkit-2.2 with commit 27ca4d8 <http://gitorious.org/webkit/qtwebkit/commit/27ca4d8>