[webkit-changes] [163628] trunk/Source/WebKit2

Fri, 07 Feb 2014 10:27:04 -0800

Title: [163628] trunk/Source/WebKit2
Revision
163628
Author
m...@apple.com
Date
2014-02-07 10:31:29 -0800 (Fri, 07 Feb 2014)

Log Message

[Cocoa] WKWebProcessPlugInNodeHandle methods leak and may crash
https://bugs.webkit.org/show_bug.cgi?id=128365

Reviewed by Anders Carlsson.

* WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm:
(+[WKWebProcessPlugInNodeHandle nodeHandleWithJSValue:inContext:]): Null-check the result
of InjectedBundleNodeHandle::getOrCreate, and autorelease the return value.
(-[WKWebProcessPlugInNodeHandle htmlIFrameElementContentFrame]): Null-check the result of
InjectedBundleNodeHandle::htmlIFrameElementContentFrame, and autorelease the return value.

Modified Paths

Diff

Modified: trunk/Source/WebKit2/ChangeLog (163627 => 163628)


--- trunk/Source/WebKit2/ChangeLog	2014-02-07 18:26:48 UTC (rev 163627)
+++ trunk/Source/WebKit2/ChangeLog	2014-02-07 18:31:29 UTC (rev 163628)
@@ -1,3 +1,16 @@
+2014-02-07  Dan Bernstein  <m...@apple.com>
+
+        [Cocoa] WKWebProcessPlugInNodeHandle methods leak and may crash
+        https://bugs.webkit.org/show_bug.cgi?id=128365
+
+        Reviewed by Anders Carlsson.
+
+        * WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm:
+        (+[WKWebProcessPlugInNodeHandle nodeHandleWithJSValue:inContext:]): Null-check the result
+        of InjectedBundleNodeHandle::getOrCreate, and autorelease the return value.
+        (-[WKWebProcessPlugInNodeHandle htmlIFrameElementContentFrame]): Null-check the result of
+        InjectedBundleNodeHandle::htmlIFrameElementContentFrame, and autorelease the return value.
+
 2014-02-06  Brady Eidson  <beid...@apple.com>
 
         IDB: storage/indexeddb/create-index-with-integer-keys.html fails

Modified: trunk/Source/WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm (163627 => 163628)


--- trunk/Source/WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm	2014-02-07 18:26:48 UTC (rev 163627)
+++ trunk/Source/WebKit2/WebProcess/InjectedBundle/API/Cocoa/WKWebProcessPlugInNodeHandle.mm	2014-02-07 18:31:29 UTC (rev 163628)
@@ -48,14 +48,19 @@
     JSContextRef contextRef = [context JSGlobalContextRef];
     JSObjectRef objectRef = JSValueToObject(contextRef, [value JSValueRef], 0);
     RefPtr<InjectedBundleNodeHandle> nodeHandle = InjectedBundleNodeHandle::getOrCreate(contextRef, objectRef);
+    if (!nodeHandle)
+        return nil;
 
-    return wrapper(*nodeHandle.release().leakRef());
+    return [wrapper(*nodeHandle.release().leakRef()) autorelease];
 }
 
 - (WKWebProcessPlugInFrame *)htmlIFrameElementContentFrame
 {
     RefPtr<WebFrame> frame = _nodeHandle->htmlIFrameElementContentFrame();
-    return wrapper(*frame.release().leakRef());
+    if (!frame)
+        return nil;
+
+    return [wrapper(*frame.release().leakRef()) autorelease];
 }
 
 - (CGRect)elementBounds

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to