Title: [126921] trunk/Source/WebCore
- Revision
- 126921
- Author
- jer.no...@apple.com
- Date
- 2012-08-28 13:19:16 -0700 (Tue, 28 Aug 2012)
Log Message
Crash in WebCore::logPluginRequest + 183
https://bugs.webkit.org/show_bug.cgi?id=95218
Reviewed by Oliver Hunt.
Crash is within findPluginMIMETypeFromURL, caused by a null-dereference of
page()->pluginData(). Add a null-check and return an empty string.
* loader/SubframeLoader.cpp:
(WebCore::findPluginMIMETypeFromURL):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (126920 => 126921)
--- trunk/Source/WebCore/ChangeLog 2012-08-28 20:12:28 UTC (rev 126920)
+++ trunk/Source/WebCore/ChangeLog 2012-08-28 20:19:16 UTC (rev 126921)
@@ -1,3 +1,16 @@
+2012-08-28 Jer Noble <jer.no...@apple.com>
+
+ Crash in WebCore::logPluginRequest + 183
+ https://bugs.webkit.org/show_bug.cgi?id=95218
+
+ Reviewed by Oliver Hunt.
+
+ Crash is within findPluginMIMETypeFromURL, caused by a null-dereference of
+ page()->pluginData(). Add a null-check and return an empty string.
+
+ * loader/SubframeLoader.cpp:
+ (WebCore::findPluginMIMETypeFromURL):
+
2012-08-28 Simon Fraser <simon.fra...@apple.com>
Regression (r126774): Crash when scrolling after removing sticky element.
Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (126920 => 126921)
--- trunk/Source/WebCore/loader/SubframeLoader.cpp 2012-08-28 20:12:28 UTC (rev 126920)
+++ trunk/Source/WebCore/loader/SubframeLoader.cpp 2012-08-28 20:19:16 UTC (rev 126921)
@@ -171,6 +171,9 @@
String extension = url.substring(dotIndex + 1);
PluginData* pluginData = page->pluginData();
+ if (!pluginData)
+ return String();
+
for (size_t i = 0; i < pluginData->mimes().size(); ++i) {
const MimeClassInfo& mimeClassInfo = pluginData->mimes()[i];
for (size_t j = 0; j < mimeClassInfo.extensions.size(); ++j) {
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes