[webkit-reviews] review granted: [Bug 223642] [UBSan] dom/Document.cpp:2722:23: runtime error: reference binding to null pointer of type 'JSC::CallFrame' : [Attachment 424029] Patch
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Mar 23 13:10:37 PDT 2021
Darin Adler <darin at apple.com> has granted Chris Dumez <cdumez at apple.com>'s
request for review:
Bug 223642: [UBSan] dom/Document.cpp:2722:23: runtime error: reference binding
to null pointer of type 'JSC::CallFrame'
https://bugs.webkit.org/show_bug.cgi?id=223642
Attachment 424029: Patch
https://bugs.webkit.org/attachment.cgi?id=424029&action=review
--- Comment #2 from Darin Adler <darin at apple.com> ---
Comment on attachment 424029
--> https://bugs.webkit.org/attachment.cgi?id=424029
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=424029&action=review
> Source/WebCore/dom/Document.cpp:2723
> + auto* callFrame = vm.topCallFrame;
> + return callFrame && callFrame != JSC::CallFrame::noCaller() &&
!currentWorld(*callFrame->lexicalGlobalObject(vm)).isNormal();
Would be nice to fix other places where we dereference vm.topCallFrame without
checking it for nullptr; I found some others.
More information about the webkit-reviews
mailing list