[Webkit-unassigned] [Bug 160362] NULL Reference Error in ElementRuleCollector
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 1 08:17:00 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=160362
--- Comment #6 from Jonathan Bedard <jbedard at apple.com> ---
(In reply to comment #5)
> > undefined behavior, although surprisingly, many of the tests which exhibit
> > this (canvas/philip/tests/2d.strokeRect.path.html, for example) still pass.
>
> Null pointer dereference always crashes. How do the tests "exhibit" this?
This bug was found through open source clang's undefined behavior sanitizer. As far as I can tell, a reference is being bound to a dereferenced NULL pointer but then this reference is never used. If the reference were used, we would see a crash.
Tests "exhibit" this (not even sure if that's the right way to describe this) when the undefined behavior sanitizer flags the reference being bound to a dereferenced NULL pointer during runtime.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160801/6219a28c/attachment.html>
More information about the webkit-unassigned
mailing list