[Webkit-unassigned] [Bug 105643] New: Dubious cast from DateTimeFieldElement to HTMLSpanElement

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Fri Dec 21 10:51:12 PST 2012 

https://bugs.webkit.org/show_bug.cgi?id=105643

           Summary: Dubious cast from DateTimeFieldElement to
                    HTMLSpanElement
           Product: WebKit
           Version: 528+ (Nightly build)
          Platform: All
        OS/Version: Unspecified
            Status: NEW
          Severity: Trivial
          Priority: P2
         Component: WebCore Misc.
        AssignedTo: webkit-unassigned at lists.webkit.org
        ReportedBy: tsepez at chromium.org
                CC: japhet at chromium.org


In DateTimeFieldElement::DateTimeFieldElement() there is an initialization of the form : HTMLElement(spanTag, document).
Under V8, initializing an element with spanTag gives V8HTMLElementWrapperFactory.cpp the right to invoke  createHTMLSpanElementWrapper() on it.
createHTMLSpanElementWrapper() performs the static_cast<HTMLSpanElement*>(element).

But DateTimeFieldElement inherits from HTMLElement, not HTMLSpanElement, so the cast is wrong. Presently, this does no harm since at the machine code level, HTMLSpanElement does not change the memory layout of HTMLElement.  But something could change, and then this won't be OK.

The fix would be to make DateTimeFieldElement inherit from HTMLSpanElement in DateTimeFieldElement.h

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

More information about the webkit-unassigned mailing list