Title: [210750] trunk/Source/WebCore
- Revision
- 210750
- Author
- bfulg...@apple.com
- Date
- 2017-01-13 16:36:53 -0800 (Fri, 13 Jan 2017)
Log Message
Avoid nullptr frame dereference when scrollTo is called on a disconnected DOMWindow
https://bugs.webkit.org/show_bug.cgi?id=167030
<rdar://problem/29995070>
Reviewed by Dean Jackson.
Correct DOMWindow::scrollTo to match all other functions in the class so that the it
checks that the current frame is valid before attempting to use it.
* page/DOMWindow.cpp:
(WebCore::DOMWindow::scrollTo):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (210749 => 210750)
--- trunk/Source/WebCore/ChangeLog 2017-01-14 00:16:10 UTC (rev 210749)
+++ trunk/Source/WebCore/ChangeLog 2017-01-14 00:36:53 UTC (rev 210750)
@@ -1,3 +1,17 @@
+2017-01-13 Brent Fulgham <bfulg...@apple.com>
+
+ Avoid nullptr frame dereference when scrollTo is called on a disconnected DOMWindow
+ https://bugs.webkit.org/show_bug.cgi?id=167030
+ <rdar://problem/29995070>
+
+ Reviewed by Dean Jackson.
+
+ Correct DOMWindow::scrollTo to match all other functions in the class so that the it
+ checks that the current frame is valid before attempting to use it.
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::scrollTo):
+
2017-01-13 Jer Noble <jer.no...@apple.com>
Use a strong reference when calling callOnMainThread to schedule events in AudioScheduledSourceNode.
Modified: trunk/Source/WebCore/page/DOMWindow.cpp (210749 => 210750)
--- trunk/Source/WebCore/page/DOMWindow.cpp 2017-01-14 00:16:10 UTC (rev 210749)
+++ trunk/Source/WebCore/page/DOMWindow.cpp 2017-01-14 00:36:53 UTC (rev 210750)
@@ -1565,6 +1565,9 @@
void DOMWindow::scrollTo(const ScrollToOptions& options) const
{
+ if (!isCurrentlyDisplayedInFrame())
+ return;
+
RefPtr<FrameView> view = m_frame->view();
if (!view)
return;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
