[Webkit-unassigned] [Bug 160830] Binding NULL pointer to reference in WebCore::RenderObject

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Mon Aug 15 14:11:13 PDT 2016


https://bugs.webkit.org/show_bug.cgi?id=160830

--- Comment #9 from Jonathan Bedard <jbedard at apple.com> ---
(In reply to comment #8)
> Please add a test which causes the null reference to be created.


The tests actually already exist, js/dom/script-start-end-locations.html and js/dom/cross-frame-symbols.html, for example, both cause this to happen (these are by no means an exhaustive list).

This bug was caught with Clang's undefined behavior sanitizer, which I am running locally.  Currently, for a number of reasons, we cannot run the undefined behavior sanitizer on our build machines.  Since this bug was the result of converting a NULL pointer to a reference and then back to a pointer, the above tests did not cause a crash.

I'm not sure how to test this, unless the undefined behavior sanitizer is integrated to our testing framework, which is a possible long term plan, but won't happen in the near future.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160815/07e9496f/attachment.html>


More information about the webkit-unassigned mailing list