Title: [163628] trunk/Source/WebKit2
- Revision
- 163628
- Author
- m...@apple.com
- Date
- 2014-02-07 10:31:29 -0800 (Fri, 07 Feb 2014)
Log Message
[Cocoa] WKWebProcessPlugInNodeHandle methods leak and may crash
https://bugs.webkit.org/show_bug.cgi?id=128365
Reviewed by Anders Carlsson.
* WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm:
(+[WKWebProcessPlugInNodeHandle nodeHandleWithJSValue:inContext:]): Null-check the result
of InjectedBundleNodeHandle::getOrCreate, and autorelease the return value.
(-[WKWebProcessPlugInNodeHandle htmlIFrameElementContentFrame]): Null-check the result of
InjectedBundleNodeHandle::htmlIFrameElementContentFrame, and autorelease the return value.
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (163627 => 163628)
--- trunk/Source/WebKit2/ChangeLog 2014-02-07 18:26:48 UTC (rev 163627)
+++ trunk/Source/WebKit2/ChangeLog 2014-02-07 18:31:29 UTC (rev 163628)
@@ -1,3 +1,16 @@
+2014-02-07 Dan Bernstein <m...@apple.com>
+
+ [Cocoa] WKWebProcessPlugInNodeHandle methods leak and may crash
+ https://bugs.webkit.org/show_bug.cgi?id=128365
+
+ Reviewed by Anders Carlsson.
+
+ * WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm:
+ (+[WKWebProcessPlugInNodeHandle nodeHandleWithJSValue:inContext:]): Null-check the result
+ of InjectedBundleNodeHandle::getOrCreate, and autorelease the return value.
+ (-[WKWebProcessPlugInNodeHandle htmlIFrameElementContentFrame]): Null-check the result of
+ InjectedBundleNodeHandle::htmlIFrameElementContentFrame, and autorelease the return value.
+
2014-02-06 Brady Eidson <beid...@apple.com>
IDB: storage/indexeddb/create-index-with-integer-keys.html fails
Modified: trunk/Source/WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm (163627 => 163628)
--- trunk/Source/WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm 2014-02-07 18:26:48 UTC (rev 163627)
+++ trunk/Source/WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm 2014-02-07 18:31:29 UTC (rev 163628)
@@ -48,14 +48,19 @@
JSContextRef contextRef = [context JSGlobalContextRef];
JSObjectRef objectRef = JSValueToObject(contextRef, [value JSValueRef], 0);
RefPtr<InjectedBundleNodeHandle> nodeHandle = InjectedBundleNodeHandle::getOrCreate(contextRef, objectRef);
+ if (!nodeHandle)
+ return nil;
- return wrapper(*nodeHandle.release().leakRef());
+ return [wrapper(*nodeHandle.release().leakRef()) autorelease];
}
- (WKWebProcessPlugInFrame *)htmlIFrameElementContentFrame
{
RefPtr<WebFrame> frame = _nodeHandle->htmlIFrameElementContentFrame();
- return wrapper(*frame.release().leakRef());
+ if (!frame)
+ return nil;
+
+ return [wrapper(*frame.release().leakRef()) autorelease];
}
- (CGRect)elementBounds
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes