Title: [89083] branches/safari-534-branch/Source/WebKit2
Diff
Modified: branches/safari-534-branch/Source/WebKit2/ChangeLog (89082 => 89083)
--- branches/safari-534-branch/Source/WebKit2/ChangeLog 2011-06-16 23:32:58 UTC (rev 89082)
+++ branches/safari-534-branch/Source/WebKit2/ChangeLog 2011-06-16 23:34:19 UTC (rev 89083)
@@ -1,5 +1,21 @@
2011-06-14 Lucas Forschler <[email protected]>
+ Merged 88956.
+
+ 2011-06-14 Lucas Forschler <[email protected]>
+
+ Reviewed by Sam Weinig.
+
+ Fix possible null dereference in webSecKeychainItemCreateFromContentOnMainThread
+ https://bugs.webkit.org/show_bug.cgi?id=62736
+ <rdar://problem/9601595>
+
+ * WebProcess/mac/KeychainItemShimMethods.mm:
+ (WebKit::webSecKeychainItemCreateFromContentOnMainThread):
+ SecKeychainItemCreateFromContent can potentially return a null keychain item, so add a null check before trying to retain it.
+
+2011-06-14 Lucas Forschler <[email protected]>
+
Merged 88953.
2011-06-15 Anders Carlsson <[email protected]>
Modified: branches/safari-534-branch/Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm (89082 => 89083)
--- branches/safari-534-branch/Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm 2011-06-16 23:32:58 UTC (rev 89082)
+++ branches/safari-534-branch/Source/WebKit2/WebProcess/mac/KeychainItemShimMethods.mm 2011-06-16 23:34:19 UTC (rev 89083)
@@ -234,8 +234,9 @@
ASSERT_NOT_REACHED();
return;
}
-
- CFRetain(response.keychainItem());
+
+ if (response.keychainItem())
+ CFRetain(response.keychainItem());
context->item = response.keychainItem();
context->resultCode = response.resultCode();
}
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
