[webkit-changes] [246767] trunk/Source

[beidson]

Title: [246767] trunk/Source

Revision

246767

Author

beid...@apple.com

Date

2019-06-24 16:00:22 -0700 (Mon, 24 Jun 2019)

Log Message

Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad.
<rdar://problem/51535942> and https://bugs.webkit.org/show_bug.cgi?id=199123

Reviewed by Andy Estes.

Source/WebCore:

* loader/FrameLoaderStateMachine.h:
(WebCore::FrameLoaderStateMachine::stateForDebugging const):

Source/WebKit:

* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad): Properly detect this null DocumentLoader
  and try to learn more about the state of things.

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/FrameLoaderStateMachine.h
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (246766 => 246767)

--- trunk/Source/WebCore/ChangeLog	2019-06-24 22:44:09 UTC (rev 246766)
+++ trunk/Source/WebCore/ChangeLog	2019-06-24 23:00:22 UTC (rev 246767)
@@ -1,3 +1,13 @@
+2019-06-24  Brady Eidson  <beid...@apple.com>
+
+        Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad.
+        <rdar://problem/51535942> and https://bugs.webkit.org/show_bug.cgi?id=199123
+
+        Reviewed by Andy Estes.
+
+        * loader/FrameLoaderStateMachine.h:
+        (WebCore::FrameLoaderStateMachine::stateForDebugging const):
+
 2019-06-24  Simon Fraser  <simon.fra...@apple.com>
 
         REGRESSION (r246725 ): Crashes on twitch.tv

Modified: trunk/Source/WebCore/loader/FrameLoaderStateMachine.h (246766 => 246767)

--- trunk/Source/WebCore/loader/FrameLoaderStateMachine.h	2019-06-24 22:44:09 UTC (rev 246766)
+++ trunk/Source/WebCore/loader/FrameLoaderStateMachine.h	2019-06-24 23:00:22 UTC (rev 246767)
@@ -57,6 +57,8 @@
     WEBCORE_EXPORT bool firstLayoutDone() const;
     void advanceTo(State);
 
+    State stateForDebugging() const { return m_state; }
+
 private:
     State m_state;
 };

Modified: trunk/Source/WebKit/ChangeLog (246766 => 246767)

--- trunk/Source/WebKit/ChangeLog	2019-06-24 22:44:09 UTC (rev 246766)
+++ trunk/Source/WebKit/ChangeLog	2019-06-24 23:00:22 UTC (rev 246767)
@@ -1,3 +1,14 @@
+2019-06-24  Brady Eidson  <beid...@apple.com>
+
+        Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad.
+        <rdar://problem/51535942> and https://bugs.webkit.org/show_bug.cgi?id=199123
+
+        Reviewed by Andy Estes.
+
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+        (WebKit::WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad): Properly detect this null DocumentLoader
+          and try to learn more about the state of things.
+
 2019-06-24  Chris Dumez  <cdu...@apple.com>
 
         Pages using Google's anti-flicker optimization may take ~5 seconds to do initial paint

Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (246766 => 246767)

--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2019-06-24 22:44:09 UTC (rev 246766)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2019-06-24 23:00:22 UTC (rev 246767)
@@ -311,16 +311,21 @@
     if (!webPage)
         return;
 
-    WebDocumentLoader& documentLoader = static_cast<WebDocumentLoader&>(*m_frame->coreFrame()->loader().provisionalDocumentLoader());
+    WebDocumentLoader* documentLoader = static_cast<WebDocumentLoader*>(m_frame->coreFrame()->loader().provisionalDocumentLoader());
+    if (!documentLoader) {
+        RELEASE_LOG_FAULT(Loading, "WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad called with no provisional DocumentLoader. FrameState is %i. FrameLoaderStateMachine stateForDebugging - %i", m_frame->coreFrame()->loader().state(), m_frame->coreFrame()->loader().stateMachine().stateForDebugging());
+        return;
+    }
+
     RefPtr<API::Object> userData;
 
-    LOG(Loading, "WebProcess %i - dispatchDidReceiveServerRedirectForProvisionalLoad to request url %s", getCurrentProcessID(), documentLoader.request().url().string().utf8().data());
+    LOG(Loading, "WebProcess %i - dispatchDidReceiveServerRedirectForProvisionalLoad to request url %s", getCurrentProcessID(), documentLoader->request().url().string().utf8().data());
 
     // Notify the bundle client.
     webPage->injectedBundleLoaderClient().didReceiveServerRedirectForProvisionalLoadForFrame(*webPage, *m_frame, userData);
 
     // Notify the UIProcess.
-    webPage->send(Messages::WebPageProxy::DidReceiveServerRedirectForProvisionalLoadForFrame(m_frame->frameID(), documentLoader.navigationID(), documentLoader.request(), UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
+    webPage->send(Messages::WebPageProxy::DidReceiveServerRedirectForProvisionalLoadForFrame(m_frame->frameID(), documentLoader->navigationID(), documentLoader->request(), UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
 }
 
 void WebFrameLoaderClient::dispatchDidChangeProvisionalURL()

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes