Skip to site navigation (Press enter)

[webkit-changes] [285466] branches/safari-612-branch/Source/WebKit

kocsen_chung Mon, 08 Nov 2021 17:10:06 -0800

Title: [285466] branches/safari-612-branch/Source/WebKit

Revision: 285466
Author: kocsen_ch...@apple.com
Date: 2021-11-08 17:09:17 -0800 (Mon, 08 Nov 2021)

Log Message

Cherry-pick r285179. rdar://problem/84919898


    Crash under WebPage::sendCOEPCORPViolation()
    https://bugs.webkit.org/show_bug.cgi?id=232631
    <rdar://84919898>

    Reviewed by Alex Christensen.

    Add missing null checks for the frame after calling `WebProcess::singleton().webFrame(frameID)`.

    * WebProcess/WebPage/WebPage.cpp:
    (WebKit::WebPage::sendCOEPPolicyInheritenceViolation):
    (WebKit::WebPage::sendCOEPCORPViolation):
    (WebKit::WebPage::sendViolationReportWhenNavigatingToCOOPResponse):
    (WebKit::WebPage::sendViolationReportWhenNavigatingAwayFromCOOPResponse):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@285179 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

branches/safari-612-branch/Source/WebKit/ChangeLog
branches/safari-612-branch/Source/WebKit/WebProcess/WebPage/WebPage.cpp

Diff

Modified: branches/safari-612-branch/Source/WebKit/ChangeLog (285465 => 285466)


--- branches/safari-612-branch/Source/WebKit/ChangeLog	2021-11-09 01:09:14 UTC (rev 285465)
+++ branches/safari-612-branch/Source/WebKit/ChangeLog	2021-11-09 01:09:17 UTC (rev 285466)
@@ -1,5 +1,42 @@
 2021-11-08  Kocsen Chung  <kocsen_ch...@apple.com>
 
+        Cherry-pick r285179. rdar://problem/84919898
+
+    Crash under WebPage::sendCOEPCORPViolation()
+    https://bugs.webkit.org/show_bug.cgi?id=232631
+    <rdar://84919898>
+    
+    Reviewed by Alex Christensen.
+    
+    Add missing null checks for the frame after calling `WebProcess::singleton().webFrame(frameID)`.
+    
+    * WebProcess/WebPage/WebPage.cpp:
+    (WebKit::WebPage::sendCOEPPolicyInheritenceViolation):
+    (WebKit::WebPage::sendCOEPCORPViolation):
+    (WebKit::WebPage::sendViolationReportWhenNavigatingToCOOPResponse):
+    (WebKit::WebPage::sendViolationReportWhenNavigatingAwayFromCOOPResponse):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@285179 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-11-02  Chris Dumez  <cdu...@apple.com>
+
+            Crash under WebPage::sendCOEPCORPViolation()
+            https://bugs.webkit.org/show_bug.cgi?id=232631
+            <rdar://84919898>
+
+            Reviewed by Alex Christensen.
+
+            Add missing null checks for the frame after calling `WebProcess::singleton().webFrame(frameID)`.
+
+            * WebProcess/WebPage/WebPage.cpp:
+            (WebKit::WebPage::sendCOEPPolicyInheritenceViolation):
+            (WebKit::WebPage::sendCOEPCORPViolation):
+            (WebKit::WebPage::sendViolationReportWhenNavigatingToCOOPResponse):
+            (WebKit::WebPage::sendViolationReportWhenNavigatingAwayFromCOOPResponse):
+
+2021-11-08  Kocsen Chung  <kocsen_ch...@apple.com>
+
         Cherry-pick r283470. rdar://problem/85166382
 
     WebCore::Length incorrectly uses memcpy() for copy constructors/operator and IPC encoding/decoding

Modified: branches/safari-612-branch/Source/WebKit/WebProcess/WebPage/WebPage.cpp (285465 => 285466)


--- branches/safari-612-branch/Source/WebKit/WebProcess/WebPage/WebPage.cpp	2021-11-09 01:09:14 UTC (rev 285465)
+++ branches/safari-612-branch/Source/WebKit/WebProcess/WebPage/WebPage.cpp	2021-11-09 01:09:17 UTC (rev 285466)
@@ -4337,13 +4337,13 @@
 
 void WebPage::sendCOEPPolicyInheritenceViolation(FrameIdentifier frameID, const SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, const String& type, const URL& blockedURL)
 {
-    if (auto* frame = WebProcess::singleton().webFrame(frameID); frame->coreFrame())
+    if (auto* frame = WebProcess::singleton().webFrame(frameID); frame && frame->coreFrame())
         WebCore::sendCOEPPolicyInheritenceViolation(*frame->coreFrame(), embedderOrigin, endpoint, disposition, type, blockedURL);
 }
 
 void WebPage::sendCOEPCORPViolation(FrameIdentifier frameID, const SecurityOriginData& embedderOrigin, const String& endpoint, COEPDisposition disposition, FetchOptions::Destination destination, const URL& blockedURL)
 {
-    if (auto* frame = WebProcess::singleton().webFrame(frameID); frame->coreFrame())
+    if (auto* frame = WebProcess::singleton().webFrame(frameID); frame && frame->coreFrame())
         WebCore::sendCOEPCORPViolation(*frame->coreFrame(), embedderOrigin, endpoint, disposition, destination, blockedURL);
 }
 
@@ -4356,7 +4356,7 @@
     if (Page::nonUtilityPageCount() <= 1)
         return;
 
-    if (auto* frame = WebProcess::singleton().webFrame(frameID); frame->coreFrame())
+    if (auto* frame = WebProcess::singleton().webFrame(frameID); frame && frame->coreFrame())
         WebCore::sendViolationReportWhenNavigatingToCOOPResponse(*frame->coreFrame(), coop, disposition, coopURL, previousResponseURL, coopOrigin.securityOrigin(), previousResponseOrigin.securityOrigin(), referrer, userAgent);
 }
 
@@ -4366,7 +4366,7 @@
     if (Page::nonUtilityPageCount() <= 1)
         return;
 
-    if (auto* frame = WebProcess::singleton().webFrame(frameID); frame->coreFrame())
+    if (auto* frame = WebProcess::singleton().webFrame(frameID); frame && frame->coreFrame())
         WebCore::sendViolationReportWhenNavigatingAwayFromCOOPResponse(*frame->coreFrame(), coop, disposition, coopURL, nextResponseURL, coopOrigin.securityOrigin(), nextResponseOrigin.securityOrigin(), isCOOPResponseNavigationSource, userAgent);
 }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes