[Webkit-unassigned] [Bug 192392] New: Null pointer crash in DocumentOrderedMap::getElementById via FormAssociatedElement::findAssociatedForm

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Tue Dec 4 20:29:15 PST 2018


https://bugs.webkit.org/show_bug.cgi?id=192392

            Bug ID: 192392
           Summary: Null pointer crash in
                    DocumentOrderedMap::getElementById via
                    FormAssociatedElement::findAssociatedForm
           Product: WebKit
           Version: WebKit Nightly Build
          Hardware: Unspecified
                OS: Unspecified
            Status: NEW
          Severity: Normal
          Priority: P2
         Component: HTML DOM
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: rniwa at webkit.org
                CC: cdumez at apple.com

e.g.
#0 0x113e06e0c in WTF::RefPtr<WTF::StringImpl, WTF::DumbPtrTraits<WTF::StringImpl> >::get() const (WebCore:x86_64+0x16e0c)
#1 0x11602e168 in WebCore::DocumentOrderedMap::getElementById(WTF::AtomicStringImpl const&, WebCore::TreeScope const&) const::$_7::operator()(WTF::AtomicStringImpl const&, WebCore::Element const&) const (WebCore:x86_64+0x223e168)
#2 0x115fd0e4d in WebCore::Element* WebCore::DocumentOrderedMap::get<WebCore::DocumentOrderedMap::getElementById(WTF::AtomicStringImpl const&, WebCore::TreeScope const&) const::$_7>(WTF::AtomicStringImpl const&, WebCore::TreeScope const&, WebCore::DocumentOrderedMap::getElementById(WTF::AtomicStringImpl const&, WebCore::TreeScope const&) const::$_7 const&) const (WebCore:x86_64+0x21e0e4d)
#3 0x1162f4228 in WebCore::FormAssociatedElement::findAssociatedForm(WebCore::HTMLElement const*, WebCore::HTMLFormElement*) (WebCore:x86_64+0x2504228)
#4 0x1162f4d91 in WebCore::FormAssociatedElement::resetFormOwner() (WebCore:x86_64+0x2504d91)
#5 0x1160776b9 in WebCore::IdTargetObserverRegistry::notifyObserversInternal(WTF::AtomicStringImpl const&) (WebCore:x86_64+0x22876b9)
#6 0x11603a819 in WebCore::Element::attributeChanged(WebCore::QualifiedName const&, WTF::AtomicString const&, WTF::AtomicString const&, WebCore::Element::AttributeModificationReason) (WebCore:x86_64+0x224a819)
#7 0x1160417cd in WebCore::Element::didRemoveAttribute(WebCore::QualifiedName const&, WTF::AtomicString const&) (WebCore:x86_64+0x22517cd)
#8 0x116031759 in WebCore::Element::removeAttributeInternal(unsigned int, WebCore::Element::SynchronizationOfLazyAttribute) (WebCore:x86_64+0x2241759)
#9 0x116041e24 in WebCore::Element::removeAttribute(WTF::AtomicString const&) (WebCore:x86_64+0x2251e24)
#10 0x1146c29dd in WebCore::jsElementPrototypeFunctionRemoveAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&) (WebCore:x86_64+0x8d29dd)
#11 0x1146ab257 in long long WebCore::IDLOperation<WebCore::JSElement>::call<&(WebCore::jsElementPrototypeFunctionRemoveAttributeBody(JSC::ExecState*, WebCore::JSElement*, JSC::ThrowScope&)), (WebCore::CastedThisErrorBehavior)0>(JSC::ExecState&, char const*) (WebCore:x86_64+0x8bb257)

<rdar://problem/38030356>

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20181205/6753b456/attachment.html>


More information about the webkit-unassigned mailing list