[Webkit-unassigned] [Bug 74938] New: Web Inspector: CSSStyleSheet::cssRules can return 0 and InspectorStyleSheet dosen't check

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 20 09:58:39 PST 2011 

https://bugs.webkit.org/show_bug.cgi?id=74938

           Summary: Web Inspector: CSSStyleSheet::cssRules can return 0
                    and InspectorStyleSheet dosen't check
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: All
            Status: UNCONFIRMED
          Keywords: InRadar
          Severity: Normal
          Priority: P2
         Component: Web Inspector
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: timothy at apple.com
                CC: timothy at apple.com, rik at webkit.org, keishi at webkit.org,
                    pmuellr at yahoo.com, joepeck at webkit.org,
                    pfeldman at chromium.org, yurys at chromium.org,
                    bweinstein at apple.com, apavlov at chromium.org,
                    loislo at chromium.org


InspectorStyleSheet looks like it can run into security origin checks in CSSStyleSheet::cssRules. There should be a way to prevent the security origin checks or at the very least catch the null and bail from InspectorStyleSheet.

Steps:
1) Navigate to http://www.theonion.com/articles/circus-train-wreck-not-funny-investigators-emphasi,21252/
2) Select paywall pop-up element and inspect it
3) Add new style rule
4) Press enter to type in new style rule such as "display: none"

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                 0x00007fff932d4b50 WebCore::CSSRuleList::length() const + 4
1   com.apple.WebCore                 0x00007fff9374c341 WebCore::InspectorStyleSheet::addRule(WTF::String const&) + 181
2   com.apple.WebCore                 0x00007fff9374c0dc WebCore::InspectorCSSAgent::addRule(WTF::String*, int, WTF::String const&, WTF::RefPtr<WebCore::InspectorObject>*) + 82
3   com.apple.WebCore                 0x00007fff9374bba0 WebCore::InspectorBackendDispatcher::CSS_addRule(long, WebCore::InspectorObject*) + 668
4   com.apple.WebCore                 0x00007fff936ef928 WebCore::InspectorBackendDispatcher::dispatch(WTF::String const&) + 14266
5   com.apple.WebCore                 0x00007fff936ec0f6 WebCore::jsInspectorFrontendHostPrototypeFunctionSendMessageToBackend(JSC::ExecState*) + 246
6   ???                               0x00003e42116011e8 0 + 68453480272360
7   com.apple.JavaScriptCore          0x00007fff8ffdcf96 JSC::Interpreter::executeCall(JSC::ExecState*, JSC::JSObject*, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 1046
8   com.apple.JavaScriptCore          0x00007fff8ffdcb6d JSC::call(JSC::ExecState*, JSC::JSValue, JSC::CallType, JSC::CallData const&, JSC::JSValue, JSC::ArgList const&) + 45
9   com.apple.WebCore                 0x00007fff931a349d WebCore::JSEventListener::handleEvent(WebCore::ScriptExecutionContext*, WebCore::Event*) + 1195
10  com.apple.WebCore                 0x00007fff931a2f74 WebCore::EventTarget::fireEventListeners(WebCore::Event*, WebCore::EventTargetData*, WTF::Vector<WebCore::RegisteredEventListener, 1ul>&) + 494
11  com.apple.WebCore                 0x00007fff930c2393 WebCore::EventTarget::fireEventListeners(WebCore::Event*) + 85
12  com.apple.WebCore                 0x00007fff930c2480 WebCore::Node::handleLocalEvents(WebCore::Event*) + 180
13  com.apple.WebCore                 0x00007fff930c1b04 WebCore::EventDispatcher::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 832
14  com.apple.WebCore                 0x00007fff930c1788 WebCore::EventDispatchMediator::dispatchEvent(WebCore::EventDispatcher*) const + 40
15  com.apple.WebCore                 0x00007fff930c1689 WebCore::EventDispatcher::dispatchEvent(WebCore::Node*, WebCore::EventDispatchMediator const&) + 41
16  com.apple.WebCore                 0x00007fff930c15f7 WebCore::Node::dispatchEvent(WTF::PassRefPtr<WebCore::Event>) + 55
17  com.apple.WebCore                 0x00007fff931d7d28 WebCore::Node::dispatchBlurEvent() + 82
18  com.apple.WebCore                 0x00007fff93119a83 WebCore::Document::setFocusedNode(WTF::PassRefPtr<WebCore::Node>) + 251
19  com.apple.WebCore                 0x00007fff931adb4b WebCore::FocusController::setFocusedNode(WebCore::Node*, WTF::PassRefPtr<WebCore::Frame>) + 645
20  com.apple.WebCore                 0x00007fff9326c0ba WebCore::EventHandler::dispatchMouseEvent(WTF::AtomicString const&, WebCore::Node*, bool, int, WebCore::PlatformMouseEvent const&, bool) + 618
21  com.apple.WebCore                 0x00007fff9326f6a5 WebCore::EventHandler::handleMousePressEvent(WebCore::PlatformMouseEvent const&) + 1557
22  com.apple.WebKit2                 0x00007fff902d33fd WebKit::WebPage::mouseEvent(WebKit::WebMouseEvent const&) + 267
23  com.apple.WebKit2                 0x00007fff902f9882 void CoreIPC::handleMessage<Messages::WebPage::MouseEvent, WebKit::WebPage, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)>(CoreIPC::ArgumentDecoder*, WebKit::WebPage*, void (WebKit::WebPage::*)(WebKit::WebMouseEvent const&)) + 74
24  com.apple.WebKit2                 0x00007fff90260f26 CoreIPC::Connection::dispatchMessage(CoreIPC::Connection::Message<CoreIPC::ArgumentDecoder>&) + 172
25  com.apple.WebKit2                 0x00007fff90260e3f CoreIPC::Connection::dispatchMessages() + 145
26  com.apple.WebKit2                 0x00007fff9025d77f RunLoop::performWork() + 111

<rdar://problem/10066239>

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list