Title: [130006] trunk/Source/WebCore
- Revision
- 130006
- Author
- morr...@google.com
- Date
- 2012-09-30 22:56:48 -0700 (Sun, 30 Sep 2012)
Log Message
https://bugs.webkit.org/show_bug.cgi?id=97988
Crash on FrameTree::scopedChildCount()
Reviewed by Kent Tamura.
The series of crash reports says that there are some null pointer
access in scopedChildCount(). This change added a null guard
against Frame::document(), that can return null.
No new tests. This is tied to some specific timing and is hard to reproduce.
* page/FrameTree.cpp:
(WebCore::FrameTree::scopedChildCount):
(WebCore::FrameTree::scopedChild):
(WebCore):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (130005 => 130006)
--- trunk/Source/WebCore/ChangeLog 2012-10-01 05:50:08 UTC (rev 130005)
+++ trunk/Source/WebCore/ChangeLog 2012-10-01 05:56:48 UTC (rev 130006)
@@ -1,3 +1,21 @@
+2012-09-30 MORITA Hajime <morr...@google.com>
+
+ https://bugs.webkit.org/show_bug.cgi?id=97988
+ Crash on FrameTree::scopedChildCount()
+
+ Reviewed by Kent Tamura.
+
+ The series of crash reports says that there are some null pointer
+ access in scopedChildCount(). This change added a null guard
+ against Frame::document(), that can return null.
+
+ No new tests. This is tied to some specific timing and is hard to reproduce.
+
+ * page/FrameTree.cpp:
+ (WebCore::FrameTree::scopedChildCount):
+ (WebCore::FrameTree::scopedChild):
+ (WebCore):
+
2012-09-30 Yoshifumi Inoue <yo...@chromium.org>
Make multiple fields date/time input UI related files to available all ports
Modified: trunk/Source/WebCore/page/FrameTree.cpp (130005 => 130006)
--- trunk/Source/WebCore/page/FrameTree.cpp 2012-10-01 05:50:08 UTC (rev 130005)
+++ trunk/Source/WebCore/page/FrameTree.cpp 2012-10-01 05:56:48 UTC (rev 130006)
@@ -172,6 +172,9 @@
inline Frame* FrameTree::scopedChild(unsigned index, TreeScope* scope) const
{
+ if (!scope)
+ return 0;
+
unsigned scopedIndex = 0;
for (Frame* result = firstChild(); result; result = result->tree()->nextSibling()) {
if (result->inScope(scope)) {
@@ -186,6 +189,9 @@
inline Frame* FrameTree::scopedChild(const AtomicString& name, TreeScope* scope) const
{
+ if (!scope)
+ return 0;
+
for (Frame* child = firstChild(); child; child = child->tree()->nextSibling())
if (child->tree()->uniqueName() == name && child->inScope(scope))
return child;
@@ -194,6 +200,9 @@
inline unsigned FrameTree::scopedChildCount(TreeScope* scope) const
{
+ if (!scope)
+ return 0;
+
unsigned scopedCount = 0;
for (Frame* result = firstChild(); result; result = result->tree()->nextSibling()) {
if (result->inScope(scope))
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo/webkit-changes
