Title: [203242] trunk/Source/WebKit2
- Revision
- 203242
- Author
- cdu...@apple.com
- Date
- 2016-07-14 14:39:15 -0700 (Thu, 14 Jul 2016)
Log Message
[WK2][iOS] Potential null dereference under ViewGestureController::beginSwipeGesture()
https://bugs.webkit.org/show_bug.cgi?id=159776
<rdar://problem/22467100>
Reviewed by Tim Horton.
Potential null dereference under ViewGestureController::beginSwipeGesture() of:
m_webPageProxy.backForwardList().currentItem()
The client side is expected to call ViewGestureController::canSwipeInDirection() but
this only guarantees that the m_alternateBackForwardListSourceView's currentItem is
non-null when m_alternateBackForwardListSourceView is non-null. It does not guarantee
that m_webPageProxy's currentItem is non-null.
* UIProcess/ios/ViewGestureControllerIOS.mm:
(WebKit::ViewGestureController::beginSwipeGesture):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (203241 => 203242)
--- trunk/Source/WebKit2/ChangeLog 2016-07-14 21:15:28 UTC (rev 203241)
+++ trunk/Source/WebKit2/ChangeLog 2016-07-14 21:39:15 UTC (rev 203242)
@@ -1,3 +1,22 @@
+2016-07-14 Chris Dumez <cdu...@apple.com>
+
+ [WK2][iOS] Potential null dereference under ViewGestureController::beginSwipeGesture()
+ https://bugs.webkit.org/show_bug.cgi?id=159776
+ <rdar://problem/22467100>
+
+ Reviewed by Tim Horton.
+
+ Potential null dereference under ViewGestureController::beginSwipeGesture() of:
+ m_webPageProxy.backForwardList().currentItem()
+
+ The client side is expected to call ViewGestureController::canSwipeInDirection() but
+ this only guarantees that the m_alternateBackForwardListSourceView's currentItem is
+ non-null when m_alternateBackForwardListSourceView is non-null. It does not guarantee
+ that m_webPageProxy's currentItem is non-null.
+
+ * UIProcess/ios/ViewGestureControllerIOS.mm:
+ (WebKit::ViewGestureController::beginSwipeGesture):
+
2016-07-14 Csaba Osztrogonác <o...@webkit.org>
Fix the !ENABLE(WEB_SOCKETS) build after r202930
Modified: trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm (203241 => 203242)
--- trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm 2016-07-14 21:15:28 UTC (rev 203241)
+++ trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm 2016-07-14 21:39:15 UTC (rev 203242)
@@ -169,8 +169,10 @@
// Copy the snapshot from this view to the one that owns the back forward list, so that
// swiping forward will have the correct snapshot.
- if (m_webPageProxyForBackForwardListForCurrentSwipe != &m_webPageProxy)
- backForwardList.currentItem()->setSnapshot(m_webPageProxy.backForwardList().currentItem()->snapshot());
+ if (m_webPageProxyForBackForwardListForCurrentSwipe != &m_webPageProxy) {
+ if (auto* currentViewHistoryItem = m_webPageProxy.backForwardList().currentItem())
+ backForwardList.currentItem()->setSnapshot(currentViewHistoryItem->snapshot());
+ }
RefPtr<WebBackForwardListItem> targetItem = direction == SwipeDirection::Back ? backForwardList.backItem() : backForwardList.forwardItem();
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
