[webkit-dev] Eliminate potential null pointer dereference?

Maciej Stachowiak mjs at apple.com
Sat Apr 21 13:05:49 PDT 2012

On Apr 21, 2012, at 9:45 AM, Antti Koivisto wrote:

> Sat, Apr 21, 2012 at 8:13 AM, John Yani <vanuan at gmail.com> wrote:
> 2316            if (selector->relation() != CSSSelector::SubSelector)
> 2317                break;
> 2318            selector = selector->tagHistory();
> 2319        };
> Now selector is null and we are trying to call tagHistory():
> This is not possible. If selector->relation() == CSSSelector::SubSelector then there will always be a subselector in tagHistory. 
> 2321        for (selector = selector->tagHistory(); selector; selector =
> Which will result in segfault.
> That would indicate a serious bug in CSS parser. The crash would allow us to catch and fix the bug. Now the bug is hidden. We have also lost some documentation (in form of code) on how our data structures look like. The only sensible change here would have been ASSERT(selector) for documentation purposes.

Or change the first loop to while(true) instead of while(selector) to make clear that it can't actually exit with selector being null.

 - Maciej

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20120421/76ba809d/attachment.html>

More information about the webkit-dev mailing list