[webkit-changes] [203242] trunk/Source/WebKit2

[cdumez]

Title: [203242] trunk/Source/WebKit2

Revision

203242

Author

cdu...@apple.com

Date

2016-07-14 14:39:15 -0700 (Thu, 14 Jul 2016)

Log Message

[WK2][iOS] Potential null dereference under ViewGestureController::beginSwipeGesture()
https://bugs.webkit.org/show_bug.cgi?id=159776
<rdar://problem/22467100>

Reviewed by Tim Horton.

Potential null dereference under ViewGestureController::beginSwipeGesture() of:
m_webPageProxy.backForwardList().currentItem()

The client side is expected to call ViewGestureController::canSwipeInDirection() but
this only guarantees that the m_alternateBackForwardListSourceView's currentItem is
non-null when m_alternateBackForwardListSourceView is non-null. It does not guarantee
that m_webPageProxy's currentItem is non-null.

* UIProcess/ios/ViewGestureControllerIOS.mm:
(WebKit::ViewGestureController::beginSwipeGesture):

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (203241 => 203242)

--- trunk/Source/WebKit2/ChangeLog	2016-07-14 21:15:28 UTC (rev 203241)
+++ trunk/Source/WebKit2/ChangeLog	2016-07-14 21:39:15 UTC (rev 203242)
@@ -1,3 +1,22 @@
+2016-07-14  Chris Dumez  <cdu...@apple.com>
+
+        [WK2][iOS] Potential null dereference under ViewGestureController::beginSwipeGesture()
+        https://bugs.webkit.org/show_bug.cgi?id=159776
+        <rdar://problem/22467100>
+
+        Reviewed by Tim Horton.
+
+        Potential null dereference under ViewGestureController::beginSwipeGesture() of:
+        m_webPageProxy.backForwardList().currentItem()
+
+        The client side is expected to call ViewGestureController::canSwipeInDirection() but
+        this only guarantees that the m_alternateBackForwardListSourceView's currentItem is
+        non-null when m_alternateBackForwardListSourceView is non-null. It does not guarantee
+        that m_webPageProxy's currentItem is non-null.
+
+        * UIProcess/ios/ViewGestureControllerIOS.mm:
+        (WebKit::ViewGestureController::beginSwipeGesture):
+
 2016-07-14  Csaba Osztrogonác  <o...@webkit.org>
 
         Fix the !ENABLE(WEB_SOCKETS) build after r202930

Modified: trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm (203241 => 203242)

--- trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm	2016-07-14 21:15:28 UTC (rev 203241)
+++ trunk/Source/WebKit2/UIProcess/ios/ViewGestureControllerIOS.mm	2016-07-14 21:39:15 UTC (rev 203242)
@@ -169,8 +169,10 @@
 
     // Copy the snapshot from this view to the one that owns the back forward list, so that
     // swiping forward will have the correct snapshot.
-    if (m_webPageProxyForBackForwardListForCurrentSwipe != &m_webPageProxy)
-        backForwardList.currentItem()->setSnapshot(m_webPageProxy.backForwardList().currentItem()->snapshot());
+    if (m_webPageProxyForBackForwardListForCurrentSwipe != &m_webPageProxy) {
+        if (auto* currentViewHistoryItem = m_webPageProxy.backForwardList().currentItem())
+            backForwardList.currentItem()->setSnapshot(currentViewHistoryItem->snapshot());
+    }
 
     RefPtr<WebBackForwardListItem> targetItem = direction == SwipeDirection::Back ? backForwardList.backItem() : backForwardList.forwardItem();
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes