[Webkit-unassigned] [Bug 206724] Nullptr crash when setting custom properties on detached style
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sun Jan 26 21:38:12 PST 2020
https://bugs.webkit.org/show_bug.cgi?id=206724
--- Comment #4 from Darin Adler <darin at apple.com> ---
Comment on attachment 388631
--> https://bugs.webkit.org/attachment.cgi?id=388631
Patch
View in context: https://bugs.webkit.org/attachment.cgi?id=388631&action=review
What causes the crash? It seems like the setCustomProperty function already tries to handle a null document. Where does the crash occur?
>> Source/WebCore/css/PropertySetCSSStyleDeclaration.h:63
>> + WeakPtr<Document> m_lastDocument;
>
> This doesn’t seem like the right approach to me.
I think this could be done with just a plain Ref<Document> that is initialized when the declaration is created and always used. I don’t think there’s any real risk of a reference cycle. And then we would not have to complicate the clearParentRule and clearParentElement functions.
But more importantly, I don’t understand what about a null document causes a crash.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200127/ff553b45/attachment.htm>
More information about the webkit-unassigned
mailing list