[Webkit-unassigned] [Bug 113837] DOM Range null dereference when detached in a mutation observer

Tue Apr 2 17:30:13 PDT 2013

https://bugs.webkit.org/show_bug.cgi?id=113837


--- Comment #6 from Cyril CATTIAUX <cyril.cattiaux at gmail.com>  2013-04-02 17:28:25 PST ---
Test case 2 will produce another kind of null deref :

Exception (Safari 6.0.2 on OS X 10.8.2) :

Exception Type:  EXC_BAD_ACCESS (SIGSEGV)
Exception Codes: KERN_INVALID_ADDRESS at 0x0000000000000025
...
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.WebCore                   0x000000010ecd1a0a WebCore::Range::insertNode(WTF::PassRefPtr<WebCore::Node>, int&) + 714
1   com.apple.WebCore                   0x000000010ecd16f2 WebCore::jsRangePrototypeFunctionInsertNode(JSC::ExecState*) + 162
2   ???                                 0x000022d2c7201265 0 + 38288679244389
...

-- 
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.