[Webkit-unassigned] [Bug 55307] fast/frames/iframe-plugin-load-remove-document-crash.html crashing in PluginView::didFail since it was added
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Mar 2 17:20:28 PST 2011
https://bugs.webkit.org/show_bug.cgi?id=55307
--- Comment #13 from Abhishek Arya <inferno at chromium.org> 2011-03-02 17:20:28 PST ---
(In reply to comment #12)
> Is this suspected to be potentially exploitable, or just a null deref?
Drew, this always crashed on null and no longer crashing on the bots after the fix. The exploitable part is already fixed in https://trac.webkit.org/changeset/79808. I don't have a qt env to debug this, so cant say 100% sure.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list