Title: [254576] trunk
- Revision
- 254576
- Author
- achristen...@apple.com
- Date
- 2020-01-15 10:40:56 -0800 (Wed, 15 Jan 2020)
Log Message
Null Ptr Deref @ WebCore::DocumentLoader::clearMainResourceLoader
https://bugs.webkit.org/show_bug.cgi?id=206204
Source/WebCore:
Patch by Pinki Gyanchandani <pgyanchand...@apple.com> on 2020-01-15
Reviewed by Alex Christensen.
Test: loader/change-src-during-iframe-load-crash.html
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::frameLoader const):
(WebCore::DocumentLoader::clearMainResourceLoader):
LayoutTests:
Added a NULL pointer check for FrameLoader. If FramLoader is NULL then return instead of
accessing activeDocumentLoader.
Patch by Pinki Gyanchandani <pgyanchand...@apple.com> on 2020-01-15
Reviewed by Alex Christensen.
* loader/change-src-during-iframe-load-crash-expected.txt: Added.
* loader/change-src-during-iframe-load-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (254575 => 254576)
--- trunk/LayoutTests/ChangeLog 2020-01-15 18:22:16 UTC (rev 254575)
+++ trunk/LayoutTests/ChangeLog 2020-01-15 18:40:56 UTC (rev 254576)
@@ -1,3 +1,16 @@
+2020-01-15 Pinki Gyanchandani <pgyanchand...@apple.com>
+
+ Null Ptr Deref @ WebCore::DocumentLoader::clearMainResourceLoader
+ https://bugs.webkit.org/show_bug.cgi?id=206204
+
+ Added a NULL pointer check for FrameLoader. If FramLoader is NULL then return instead of
+ accessing activeDocumentLoader.
+
+ Reviewed by Alex Christensen.
+
+ * loader/change-src-during-iframe-load-crash-expected.txt: Added.
+ * loader/change-src-during-iframe-load-crash.html: Added.
+
2020-01-15 Jer Noble <jer.no...@apple.com>
Revert fullscreen CSS quirk for reddit.com; add width and height style to fullscreen.css.
Modified: trunk/LayoutTests/http/tests/security/http-0.9/xhr-blocked-expected.txt (254575 => 254576)
--- trunk/LayoutTests/http/tests/security/http-0.9/xhr-blocked-expected.txt 2020-01-15 18:22:16 UTC (rev 254575)
+++ trunk/LayoutTests/http/tests/security/http-0.9/xhr-blocked-expected.txt 2020-01-15 18:40:56 UTC (rev 254576)
@@ -1,2 +1,3 @@
+asdf
ALERT: PASS
Added: trunk/LayoutTests/loader/change-src-during-iframe-load-crash-expected.txt (0 => 254576)
--- trunk/LayoutTests/loader/change-src-during-iframe-load-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/loader/change-src-during-iframe-load-crash-expected.txt 2020-01-15 18:40:56 UTC (rev 254576)
@@ -0,0 +1 @@
+The test is declared pass if there is no crash observed.
Added: trunk/LayoutTests/loader/change-src-during-iframe-load-crash.html (0 => 254576)
--- trunk/LayoutTests/loader/change-src-during-iframe-load-crash.html (rev 0)
+++ trunk/LayoutTests/loader/change-src-during-iframe-load-crash.html 2020-01-15 18:40:56 UTC (rev 254576)
@@ -0,0 +1,20 @@
+<html>
+<script>
+function load() {
+ document.body.innerHTML = 'The test is declared pass if there is no crash observed.';
+ if (window.testRunner) {
+ testRunner.dumpAsText();
+ testRunner.waitUntilDone();
+ }
+}
+
+function eventhandler3() {
+ iframe1.srcdoc = "x";
+ if (window.testRunner)
+ testRunner.notifyDone();
+}
+
+</script>
+<body _onload_="load()">
+<iframe id="iframe1" src=""
+<iframe id="iframe2" _onload_="eventhandler3()" srcdoc="y">
Modified: trunk/Source/WebCore/ChangeLog (254575 => 254576)
--- trunk/Source/WebCore/ChangeLog 2020-01-15 18:22:16 UTC (rev 254575)
+++ trunk/Source/WebCore/ChangeLog 2020-01-15 18:40:56 UTC (rev 254576)
@@ -1,3 +1,16 @@
+2020-01-15 Pinki Gyanchandani <pgyanchand...@apple.com>
+
+ Null Ptr Deref @ WebCore::DocumentLoader::clearMainResourceLoader
+ https://bugs.webkit.org/show_bug.cgi?id=206204
+
+ Reviewed by Alex Christensen.
+
+ Test: loader/change-src-during-iframe-load-crash.html
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::frameLoader const):
+ (WebCore::DocumentLoader::clearMainResourceLoader):
+
2020-01-15 Jer Noble <jer.no...@apple.com>
Revert fullscreen CSS quirk for reddit.com; add width and height style to fullscreen.css.
Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (254575 => 254576)
--- trunk/Source/WebCore/loader/DocumentLoader.cpp 2020-01-15 18:22:16 UTC (rev 254575)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp 2020-01-15 18:40:56 UTC (rev 254576)
@@ -1272,7 +1272,11 @@
{
m_loadingMainResource = false;
- if (this == frameLoader()->activeDocumentLoader())
+ auto* frameLoader = this->frameLoader();
+ if (!frameLoader)
+ return;
+
+ if (this == frameLoader->activeDocumentLoader())
checkLoadComplete();
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes