[Webkit-unassigned] [Bug 160830] Binding NULL pointer to reference in WebCore::RenderObject
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Mon Aug 15 14:11:13 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=160830
--- Comment #9 from Jonathan Bedard <jbedard at apple.com> ---
(In reply to comment #8)
> Please add a test which causes the null reference to be created.
The tests actually already exist, js/dom/script-start-end-locations.html and js/dom/cross-frame-symbols.html, for example, both cause this to happen (these are by no means an exhaustive list).
This bug was caught with Clang's undefined behavior sanitizer, which I am running locally. Currently, for a number of reasons, we cannot run the undefined behavior sanitizer on our build machines. Since this bug was the result of converting a NULL pointer to a reference and then back to a pointer, the above tests did not cause a crash.
I'm not sure how to test this, unless the undefined behavior sanitizer is integrated to our testing framework, which is a possible long term plan, but won't happen in the near future.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160815/07e9496f/attachment.html>
More information about the webkit-unassigned
mailing list