[Webkit-unassigned] [Bug 205132] Null Ptr Deref @ WTF::TypeCastTraits<WebCore::HTMLTextFormControlElement const, WebCore::Element const, false>::isType

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Wed Dec 11 15:48:38 PST 2019


https://bugs.webkit.org/show_bug.cgi?id=205132

--- Comment #6 from Jack <shihchieh_lee at apple.com> ---
(In reply to Ryosuke Niwa from comment #5)
> > Source/WebCore/html/shadow/TextControlInnerElements.cpp:176
> > +    if (shadowHost() && shadowHostStyle) {
> 
> This isn't right. We shouldn't have nullptr for shadowHostStyle here. We
> need to figure out how we're getting there.

I did check the flag when this element was created. When instantiating TextControlInnerTextElement, the argument "document" passed to the constructor has IsShadowRootFlag set to false, and the element simply copy that flag.

Is this normal, or we need to track down document?

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191211/268f9476/attachment.htm>


More information about the webkit-unassigned mailing list