[Webkit-unassigned] [Bug 161898] New: Null-pointer dereference in WebCore::MediaPlayer::getStartDate
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Sep 13 02:29:06 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=161898
Bug ID: 161898
Summary: Null-pointer dereference in
WebCore::MediaPlayer::getStartDate
Classification: Unclassified
Product: WebKit
Version: Safari Technology Preview
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Media Elements
Assignee: webkit-unassigned at lists.webkit.org
Reporter: codecolorist at gmail.com
In webkit/Source/WebCore/html/HTMLMediaElement.cpp, the method HTMLMediaElement::getStartDate doesn't check if m_player is null:
double HTMLMediaElement::getStartDate() const
{
return m_player->getStartDate().toDouble();
}
So this simple one line javascript can crash the browser:
document.createElement('video').getStartDate()
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160913/357e3790/attachment.html>
More information about the webkit-unassigned
mailing list