Title: [206881] trunk/Source/WebCore
- Revision
- 206881
- Author
- [email protected]
- Date
- 2016-10-06 14:03:54 -0700 (Thu, 06 Oct 2016)
Log Message
Crash when ApplePaySession.completeMerchantValidation is not passed a dictionary
https://bugs.webkit.org/show_bug.cgi?id=163074
rdar://problem/27824842
Reviewed by Tim Horton.
Raise a type error on a null initializer object.
* Modules/applepay/ApplePaySession.cpp:
(WebCore::ApplePaySession::completeMerchantValidation):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (206880 => 206881)
--- trunk/Source/WebCore/ChangeLog 2016-10-06 20:53:08 UTC (rev 206880)
+++ trunk/Source/WebCore/ChangeLog 2016-10-06 21:03:54 UTC (rev 206881)
@@ -1,3 +1,16 @@
+2016-10-06 Anders Carlsson <[email protected]>
+
+ Crash when ApplePaySession.completeMerchantValidation is not passed a dictionary
+ https://bugs.webkit.org/show_bug.cgi?id=163074
+ rdar://problem/27824842
+
+ Reviewed by Tim Horton.
+
+ Raise a type error on a null initializer object.
+
+ * Modules/applepay/ApplePaySession.cpp:
+ (WebCore::ApplePaySession::completeMerchantValidation):
+
2016-10-06 Antti Koivisto <[email protected]>
Mutating styleSheet in shadow tree doesn't update the style
Modified: trunk/Source/WebCore/Modules/applepay/ApplePaySession.cpp (206880 => 206881)
--- trunk/Source/WebCore/Modules/applepay/ApplePaySession.cpp 2016-10-06 20:53:08 UTC (rev 206880)
+++ trunk/Source/WebCore/Modules/applepay/ApplePaySession.cpp 2016-10-06 21:03:54 UTC (rev 206881)
@@ -843,6 +843,11 @@
return;
}
+ if (!merchantSessionDictionary.initializerObject()) {
+ ec = TypeError;
+ return;
+ }
+
auto& document = *downcast<Document>(scriptExecutionContext());
auto& window = *document.domWindow();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
