[Webkit-unassigned] [Bug 61834] Web Inspector: CRASH if Expanding Event Listener on document
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue May 31 20:25:24 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=61834
--- Comment #1 from Joseph Pecoraro <joepeck at webkit.org> 2011-05-31 20:25:24 PST ---
InspectorBackendDispatcher::DOM_resolveNode calls InspectorDOMAgent::resolveNode.
The DOM Agent finds a "Node*" for document, but when it attempts to resolveNode(node)
the document node's ownerDocument() is NULL and it early returns null:
PassRefPtr<InspectorObject> InspectorDOMAgent::resolveNode(Node* node)
{
Document* document = node->ownerDocument();
Frame* frame = document ? document->frame() : 0;
if (!frame)
return 0;
...
}
So we then pass out a 0x0, which eventually goes inside an InspectorObject
as a value, and causes the crash.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list