[Webkit-unassigned] [Bug 65316] Potential NULL-pointer vulnerability in [RenderLayer::updateLayerPosition]
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Oct 19 02:18:32 PDT 2012
https://bugs.webkit.org/show_bug.cgi?id=65316
--- Comment #7 from Alexey Utkin <alexey.utkin at oracle.com> 2012-10-19 02:19:28 PST ---
(In reply to comment #6)
> (In reply to comment #5)
> > (In reply to comment #4)
> > > (From update of attachment 169084 [details] [details] [details])
> > > Can you write a test that triggers this issue?
> >
> > Seems that is possible in custom ports only (JavaFX port as an example - the scenario was described in bug synopsis). That happen in slow message queue.
>
> If the bug requires a custom port, it is possibly not a WebCore issue.
>
> > Any way that is a bug form static code analyzer - it have to be fixed.
>
> No, it doesn't *have to* (see http://lists.webkit.org/pipermail/webkit-dev/2012-April/020365.html). I am not convinced the change is right as updateLayerPosition should be called only on an attached tree, which means that |curr| cannot be NULL as we are not called on the RenderView (renderer()->parent()) and the RenderView always has a RenderLayer.
Well, I am not a code owner or contributer. Code patching is out of competition. The only thing that I see is a code inconsistency. It could be not a WebCore issue, but code structure was contradictory. To be consistence the "while" circle need to be reduced to something like
while (!curr->hasLayer())
, or insert an assertion about |curr| before
if (curr->isBox() && curr->isTableRow()) {
line, or accept the patch and report your objection in upper level function.
That is my IMHO.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list