[webkit-dev] Eliminate potential null pointer dereference?
koivisto at iki.fi
Sat Apr 21 09:45:14 PDT 2012
Sat, Apr 21, 2012 at 8:13 AM, John Yani <vanuan at gmail.com> wrote:
> 2316 if (selector->relation() != CSSSelector::SubSelector)
> 2317 break;
> 2318 selector = selector->tagHistory();
> 2319 };
> Now selector is null and we are trying to call tagHistory():
This is not possible. If selector->relation() == CSSSelector::SubSelector
then there will always be a subselector in tagHistory.
> 2321 for (selector = selector->tagHistory(); selector; selector =
> Which will result in segfault.
That would indicate a serious bug in CSS parser. The crash would allow us
to catch and fix the bug. Now the bug is hidden. We have also lost some
documentation (in form of code) on how our data structures look like. The
only sensible change here would have been ASSERT(selector) for
There is generally too much pointless drive-by refactoring going on in the
project. I think we should take harder line against these "No new test /
code cleanup only" type patches to reduce noise level.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the webkit-dev