[webkit-dev] Eliminate potential null pointer dereference?

Antti Koivisto koivisto at iki.fi
Sat Apr 21 09:45:14 PDT 2012

Sat, Apr 21, 2012 at 8:13 AM, John Yani <vanuan at gmail.com> wrote:

> 2316            if (selector->relation() != CSSSelector::SubSelector)
> 2317                break;
> 2318            selector = selector->tagHistory();
> 2319        };
> Now selector is null and we are trying to call tagHistory():

This is not possible. If selector->relation() == CSSSelector::SubSelector
then there will always be a subselector in tagHistory.

> 2321        for (selector = selector->tagHistory(); selector; selector =
> Which will result in segfault.

That would indicate a serious bug in CSS parser. The crash would allow us
to catch and fix the bug. Now the bug is hidden. We have also lost some
documentation (in form of code) on how our data structures look like. The
only sensible change here would have been ASSERT(selector) for
documentation purposes.

There is generally too much pointless drive-by refactoring going on in the
project. I think we should take harder line against these "No new test /
code cleanup only" type patches to reduce noise level.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20120421/d4e90829/attachment.html>

More information about the webkit-dev mailing list