[webkit-changes] [177824] trunk

Tue, 30 Dec 2014 10:40:45 -0800

Title: [177824] trunk
Revision
177824
Author
rga...@webkit.org
Date
2014-12-30 10:40:20 -0800 (Tue, 30 Dec 2014)

Log Message

Too large plugins are crashing.
https://bugs.webkit.org/show_bug.cgi?id=139856

Reviewed by Darin Adler.

Source/WebKit2:

* WebProcess/Plugins/PluginProxy.cpp:
(WebKit::PluginProxy::updateBackingStore): Return false if backingStore cannot be allocated.

LayoutTests:

Add layout test to cover this crash.

* plugins/large-plugin-crash-expected.txt: Added.
* plugins/large-plugin-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (177823 => 177824)


--- trunk/LayoutTests/ChangeLog	2014-12-30 17:41:13 UTC (rev 177823)
+++ trunk/LayoutTests/ChangeLog	2014-12-30 18:40:20 UTC (rev 177824)
@@ -1,3 +1,15 @@
+2014-12-30  Gabor Rapcsanyi  <rga...@webkit.org>
+
+        Too large plugins are crashing.
+        https://bugs.webkit.org/show_bug.cgi?id=139856
+
+        Reviewed by Darin Adler.
+
+        Add layout test to cover this crash.
+
+        * plugins/large-plugin-crash-expected.txt: Added.
+        * plugins/large-plugin-crash.html: Added.
+
 2014-12-29  Sebastian Dröge  <sebast...@centricular.com>
 
         Enable MediaSource tests for the GTK port

Added: trunk/LayoutTests/plugins/large-plugin-crash-expected.txt (0 => 177824)


--- trunk/LayoutTests/plugins/large-plugin-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/plugins/large-plugin-crash-expected.txt	2014-12-30 18:40:20 UTC (rev 177824)
@@ -0,0 +1,5 @@
+Bug 139856: Large plugin crash.
+
+This test PASSES if it does not CRASH.
+
+

Added: trunk/LayoutTests/plugins/large-plugin-crash.html (0 => 177824)


--- trunk/LayoutTests/plugins/large-plugin-crash.html	                        (rev 0)
+++ trunk/LayoutTests/plugins/large-plugin-crash.html	2014-12-30 18:40:20 UTC (rev 177824)
@@ -0,0 +1,15 @@
+<html>
+    <body>
+        <p>Bug <a href="" Large plugin crash.</p>
+        <p>This test PASSES if it does not CRASH.</p>
+
+        <embed id="plugin" width="99999999999999999" type="application/x-webkit-test-netscape"></embed>
+
+        <script>
+            if (window.testRunner)
+                testRunner.dumpAsText();
+            document.getElementById('plugin').style.webkitTransform = 'scale(1)';
+        </script>
+
+    </body>
+</html>

Modified: trunk/Source/WebKit2/ChangeLog (177823 => 177824)


--- trunk/Source/WebKit2/ChangeLog	2014-12-30 17:41:13 UTC (rev 177823)
+++ trunk/Source/WebKit2/ChangeLog	2014-12-30 18:40:20 UTC (rev 177824)
@@ -1,3 +1,13 @@
+2014-12-30  Gabor Rapcsanyi  <rga...@webkit.org>
+
+        Too large plugins are crashing.
+        https://bugs.webkit.org/show_bug.cgi?id=139856
+
+        Reviewed by Darin Adler.
+
+        * WebProcess/Plugins/PluginProxy.cpp:
+        (WebKit::PluginProxy::updateBackingStore): Return false if backingStore cannot be allocated.
+
 2014-12-30  Anders Carlsson  <ander...@apple.com>
 
         Transient local storage namespaces need to ref their storage areas

Modified: trunk/Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp (177823 => 177824)


--- trunk/Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp	2014-12-30 17:41:13 UTC (rev 177823)
+++ trunk/Source/WebKit2/WebProcess/Plugins/PluginProxy.cpp	2014-12-30 18:40:20 UTC (rev 177824)
@@ -596,6 +596,8 @@
     
     if (!m_backingStore) {
         m_backingStore = ShareableBitmap::create(backingStoreSize, ShareableBitmap::SupportsAlpha);
+        if (!m_backingStore)
+            return false;
         return true;
     }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to