MantisBT - LibDOM
View Issue Details
0002789LibDOM[All Projects] Generalpublic2020-08-15 23:212020-10-02 15:20
Assigned ToDaniel Silverstone 
PlatformOSOS Version
Fixed in CI build #
Reported in CI build #
Summary0002789: Crashes found from fuzzing
DescriptionFuzzing netsurf-gtk using Domato[1] found a few segfaults in LibDOM 0.4.1 (HEAD at 93b8a9bba18fc3166dd158484188b1730afdd382).

Minimized test cases, along with corresponding AddressSanitizer stack traces, are attached.

TagsNo tags attached.
Attached Fileszip (6,386) 2020-08-15 23:21
txt 5.asan.txt (3,341) 2020-08-16 17:37

2020-08-16 17:37   
Here is another crash input, caused by referencing rowIndex of an HTMLTableRowElement when there is no <thead> in the table:

window.onload = function () {
    row = document.getElementById("htmlvar00004");

<!-- Crashes when no <thead> element -->
<tr id="htmlvar00004"></tr>
Daniel Silverstone   
2020-10-02 15:20   
Thanks for this, I've made appropriate fixes to our DOM bindings to deal with these. If you could let us know the best way to get domato and monkey working together we can add this to our CI.

Issue History
2020-08-15 23:21sha0sumNew Issue
2020-08-15 23:21sha0sumFile Added:
2020-08-16 17:37sha0sumFile Added: 5.asan.txt
2020-08-16 17:37sha0sumNote Added: 0002286
2020-10-02 11:16Daniel SilverstoneAssigned To => Daniel Silverstone
2020-10-02 11:16Daniel SilverstoneStatusnew => assigned
2020-10-02 15:20Daniel SilverstoneStatusassigned => resolved
2020-10-02 15:20Daniel SilverstoneResolutionopen => fixed
2020-10-02 15:20Daniel SilverstoneNote Added: 0002295