[webkit-changes] [288281] releases/WebKitGTK/webkit-2.34/Source/WebCore

[aperez]

Title: [288281] releases/WebKitGTK/webkit-2.34/Source/WebCore

Revision

288281

Author

ape...@igalia.com

Date

2022-01-20 05:53:07 -0800 (Thu, 20 Jan 2022)

Log Message

Merge r287017 - Null pointer crash in FetchResponse::clone
https://bugs.webkit.org/show_bug.cgi?id=234236
<rdar://86327601>

Reviewed by Alex Christensen.

>From the log, we are most probably getting a null globalObject from a ScriptExecutionContext in FetchResponse::clone.
This may happen in case the document is navigated away but we still execute some code for it.
Add a null check to ensure we do not crash.

* Modules/fetch/FetchResponse.cpp:
(WebCore::FetchResponse::clone):

Modified Paths

• releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog
• releases/WebKitGTK/webkit-2.34/Source/WebCore/Modules/fetch/FetchResponse.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog (288280 => 288281)

--- releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog	2022-01-20 13:35:50 UTC (rev 288280)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/ChangeLog	2022-01-20 13:53:07 UTC (rev 288281)
@@ -1,3 +1,18 @@
+2021-12-14  Youenn Fablet  <you...@apple.com>
+
+        Null pointer crash in FetchResponse::clone
+        https://bugs.webkit.org/show_bug.cgi?id=234236
+        <rdar://86327601>
+
+        Reviewed by Alex Christensen.
+
+        From the log, we are most probably getting a null globalObject from a ScriptExecutionContext in FetchResponse::clone.
+        This may happen in case the document is navigated away but we still execute some code for it.
+        Add a null check to ensure we do not crash.
+
+        * Modules/fetch/FetchResponse.cpp:
+        (WebCore::FetchResponse::clone):
+
 2021-12-10  Gabriel Nava Marino  <gnavamar...@apple.com>
 
         nullptr deref in ComputeFloatOffsetForLineLayoutAdapter<FloatingObject::FloatLeft>::updateOffsetIfNeeded

Modified: releases/WebKitGTK/webkit-2.34/Source/WebCore/Modules/fetch/FetchResponse.cpp (288280 => 288281)

--- releases/WebKitGTK/webkit-2.34/Source/WebCore/Modules/fetch/FetchResponse.cpp	2022-01-20 13:35:50 UTC (rev 288280)
+++ releases/WebKitGTK/webkit-2.34/Source/WebCore/Modules/fetch/FetchResponse.cpp	2022-01-20 13:53:07 UTC (rev 288281)
@@ -178,7 +178,11 @@
 
     // If loading, let's create a stream so that data is teed on both clones.
     if (isLoading() && !m_readableStreamSource) {
-        auto voidOrException = createReadableStream(*context.globalObject());
+        auto* globalObject = context.globalObject();
+        if (!globalObject)
+            return Exception { InvalidStateError, "Context is stopped"_s };
+
+        auto voidOrException = createReadableStream(*globalObject);
         if (UNLIKELY(voidOrException.hasException()))
             return voidOrException.releaseException();
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes