[Webkit-unassigned] [Bug 205132] Null Ptr Deref @ WTF::TypeCastTraits<WebCore::HTMLTextFormControlElement const, WebCore::Element const, false>::isType
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Dec 11 15:55:25 PST 2019
https://bugs.webkit.org/show_bug.cgi?id=205132
--- Comment #7 from Ryosuke Niwa <rniwa at webkit.org> ---
(In reply to Jack from comment #6)
> (In reply to Ryosuke Niwa from comment #5)
> > > Source/WebCore/html/shadow/TextControlInnerElements.cpp:176
> > > + if (shadowHost() && shadowHostStyle) {
> >
> > This isn't right. We shouldn't have nullptr for shadowHostStyle here. We
> > need to figure out how we're getting there.
>
> I did check the flag when this element was created. When instantiating
> TextControlInnerTextElement, the argument "document" passed to the
> constructor has IsShadowRootFlag set to false, and the element simply copy
> that flag.
?? Document is never a shadow root.
TextControlInnerElements exists inside the shadow tree of a HTMLInputElement / HTMLTextAreaElement. The shadow host of such a shadow tree is HTMLInputElement / HTMLTextAreaElement. See https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_shadow_DOM
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20191211/398b5252/attachment-0001.htm>
More information about the webkit-unassigned
mailing list