Bug 211846

Summary: Null pointer access in DOMGuarded::guarded on 64b build
Product: WebKit Reporter: xc.o.c.1180 <xc.o.c.1180>
Component: BindingsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED INVALID    
Severity: Normal CC: cdumez, mark.lam, youennf, ysuzuki
Priority: P2    
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
patch none

xc.o.c.1180@gmail.com
Reported 2020-05-13 09:17:00 PDT
Created attachment 399271 [details] patch Should check null before jsDynamicCast. Also, guardedObject() should just return JSCell*, this saves a branch in jsDynamicCast.
Attachments
patch (1.02 KB, text/plain)
2020-05-13 09:17 PDT, xc.o.c.1180@gmail.com 		no flags
Details
View All Add attachment proposed patch, testcase, etc.
Yusuke Suzuki
Comment 1 2020-05-30 23:19:04 PDT
(In reply to xc.o.c.1180@gmail.com from comment #0) > Created attachment 399271 [details] > patch > > Should check null before jsDynamicCast. > > Also, guardedObject() should just return JSCell*, this saves a branch in > jsDynamicCast. Could you add a test case showing the crash?
xc.o.c.1180@gmail.com
Comment 2 2020-06-01 07:42:19 PDT
Sorry, this is a mistake, please discard it.
Yusuke Suzuki
Comment 3 2020-06-01 08:28:56 PDT
(In reply to xc.o.c.1180@gmail.com from comment #2) > Sorry, this is a mistake, please discard it. OK, no problem! Thanks for filing an issue :D
Note You need to log in before you can comment on or make changes to this bug.