[Webkit-unassigned] [Bug 49331] New: chrome.dll!WebCore::SVGLengthInternal::valueInSpecifiedUnitsAttrGetter ReadAV at NULL (4cf97a4f3ebe8006a2f5ffcc5bc10aeb)
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Nov 10 11:12:31 PST 2010
https://bugs.webkit.org/show_bug.cgi?id=49331
Summary: chrome.dll!WebCore::SVGLengthInternal::valueInSpecifie
dUnitsAttrGetter ReadAV at NULL
(4cf97a4f3ebe8006a2f5ffcc5bc10aeb)
Product: WebKit
Version: 528+ (Nightly build)
Platform: PC
URL: http://code.google.com/p/chromium/issues/detail?id=627
13
OS/Version: Windows Vista
Status: NEW
Severity: Normal
Priority: P1
Component: SVG
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: skylined at chromium.org
CC: eric at webkit.org, zimmermann at kde.org,
mdelaney at apple.com
Created an attachment (id=73514)
--> (https://bugs.webkit.org/attachment.cgi?id=73514&action=review)
Repro
Repro:
<script>
var oSVGPolygon = document.createElementNS("http://www.w3.org/2000/svg", "polygon");
var oSVGPath = document.createElementNS("http://www.w3.org/2000/svg", "path");
var oSVGPoint1 = oSVGPath.getPointAtLength();
oSVGPolygon.points.initialize(oSVGPoint1);
oSVGPolygon.points.removeItem(-9223372036854775802);
console.log(oSVGPoint1.x);
location.reload();
</script>
This is a reduced repro for a case in which I've seen various NULL pointers and it looks similar to issue 61576, so marking as security..
This does not repro in stable Chrome, so it was probably recently introduced.
id: chrome.dll!WebCore::SVGLengthInternal::valueInSpecifiedUnitsAttrGetter ReadAV at NULL (4cf97a4f3ebe8006a2f5ffcc5bc10aeb)
description: Attempt to read from unallocated NULL pointer in chrome.dll!WebCore::SVGLengthInternal::valueInSpecifiedUnitsAttrGetter
application: Chromium 9.0.579.0
stack: chrome.dll!WebCore::SVGLengthInternal::valueInSpecifiedUnitsAttrGetter
chrome.dll!v8::internal::Object::GetPropertyWithCallback
chrome.dll!v8::internal::Object::GetProperty
chrome.dll!v8::internal::LoadIC::Load
chrome.dll!v8::internal::LoadIC_Miss
chrome.dll!v8::internal::Invoke
chrome.dll!v8::internal::Execution::Call
...
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list