[Webkit-unassigned] [Bug 249689] Web process crash in WebCore::isDescendantOfFullScreenLayer when when fullscreening video on reddit.com
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Jan 4 13:01:46 PST 2023
https://bugs.webkit.org/show_bug.cgi?id=249689
--- Comment #3 from Michael Catanzaro <mcatanzaro at gnome.org> ---
There is a bug in RenderLayerCompositor::isDescendantOfFullScreenLayer, here:
auto* fullScreenRenderer = dynamicDowncast<RenderLayerModelObject>(fullScreenElement->renderer());
auto* fullScreenLayer = fullScreenRenderer->layer();
if (!fullScreenRenderer || !fullScreenLayer)
return FullScreenDescendant::NotApplicable;
The code first assumes that fullScreenRenderer is not nullptr (as if the dynamicDowncast cannot fail) and uses it unconditionally. Then it checks to see if it's nullptr on the very next line. No good. The downcast is surely failing here. There might be a platform-specific reason for that, but this is a cross-platform bug.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20230104/9571a503/attachment.htm>
More information about the webkit-unassigned
mailing list