Bug 211846

Summary:

Null pointer access in DOMGuarded::guarded on 64b build

Product:

WebKit

Reporter:

xc.o.c.1180 <xc.o.c.1180>

Component:

Bindings

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED INVALID

Severity:

Normal

CC:

cdumez, mark.lam, youennf, ysuzuki

Priority:

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
patch	none

Description xc.o.c.1180@gmail.com 2020-05-13 09:17:00 PDT

Created attachment 399271 [details]
patch

Should check null before jsDynamicCast.

Also, guardedObject() should just return JSCell*, this saves a branch in jsDynamicCast.

Comment 1 Yusuke Suzuki 2020-05-30 23:19:04 PDT

(In reply to xc.o.c.1180@gmail.com from comment #0)
> Created attachment 399271 [details]
> patch
> 
> Should check null before jsDynamicCast.
> 
> Also, guardedObject() should just return JSCell*, this saves a branch in
> jsDynamicCast.

Could you add a test case showing the crash?

Comment 2 xc.o.c.1180@gmail.com 2020-06-01 07:42:19 PDT

Sorry, this is a mistake, please discard it.

Comment 3 Yusuke Suzuki 2020-06-01 08:28:56 PDT

(In reply to xc.o.c.1180@gmail.com from comment #2)
> Sorry, this is a mistake, please discard it.

OK, no problem! Thanks for filing an issue :D