Title: [210870] branches/safari-603-branch/Source/WebCore
- Revision
- 210870
- Author
- matthew_han...@apple.com
- Date
- 2017-01-18 12:43:09 -0800 (Wed, 18 Jan 2017)
Log Message
Merge r210750. rdar://problem/29995070
Modified Paths
Diff
Modified: branches/safari-603-branch/Source/WebCore/ChangeLog (210869 => 210870)
--- branches/safari-603-branch/Source/WebCore/ChangeLog 2017-01-18 20:43:07 UTC (rev 210869)
+++ branches/safari-603-branch/Source/WebCore/ChangeLog 2017-01-18 20:43:09 UTC (rev 210870)
@@ -1,5 +1,23 @@
2017-01-18 Matthew Hanson <matthew_han...@apple.com>
+ Merge r210750. rdar://problem/29995070
+
+ 2017-01-13 Brent Fulgham <bfulg...@apple.com>
+
+ Avoid nullptr frame dereference when scrollTo is called on a disconnected DOMWindow
+ https://bugs.webkit.org/show_bug.cgi?id=167030
+ <rdar://problem/29995070>
+
+ Reviewed by Dean Jackson.
+
+ Correct DOMWindow::scrollTo to match all other functions in the class so that the it
+ checks that the current frame is valid before attempting to use it.
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::scrollTo):
+
+2017-01-18 Matthew Hanson <matthew_han...@apple.com>
+
Merge r210727. rdar://problem/29668223
2017-01-12 Tim Horton <timothy_hor...@apple.com>
Modified: branches/safari-603-branch/Source/WebCore/page/DOMWindow.cpp (210869 => 210870)
--- branches/safari-603-branch/Source/WebCore/page/DOMWindow.cpp 2017-01-18 20:43:07 UTC (rev 210869)
+++ branches/safari-603-branch/Source/WebCore/page/DOMWindow.cpp 2017-01-18 20:43:09 UTC (rev 210870)
@@ -1565,6 +1565,9 @@
void DOMWindow::scrollTo(const ScrollToOptions& options) const
{
+ if (!isCurrentlyDisplayedInFrame())
+ return;
+
RefPtr<FrameView> view = m_frame->view();
if (!view)
return;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
