Title: [209817] trunk/Source/WebCore
- Revision
- 209817
- Author
- [email protected]
- Date
- 2016-12-14 10:54:28 -0800 (Wed, 14 Dec 2016)
Log Message
WebContent crash under WebCore::CachedResource::load in WebCore::FrameLoader::outgoingReferrer const
https://bugs.webkit.org/show_bug.cgi?id=165852
<rdar://problem/27297153>
Reviewed by Chris Dumez.
There appears to be some path where we get here with a null frame.
No test, don't know how exactly this happens.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::outgoingReferrer):
Null check the frame.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (209816 => 209817)
--- trunk/Source/WebCore/ChangeLog 2016-12-14 18:44:13 UTC (rev 209816)
+++ trunk/Source/WebCore/ChangeLog 2016-12-14 18:54:28 UTC (rev 209817)
@@ -1,3 +1,19 @@
+2016-12-14 Antti Koivisto <[email protected]>
+
+ WebContent crash under WebCore::CachedResource::load in WebCore::FrameLoader::outgoingReferrer const
+ https://bugs.webkit.org/show_bug.cgi?id=165852
+ <rdar://problem/27297153>
+
+ Reviewed by Chris Dumez.
+
+ There appears to be some path where we get here with a null frame.
+ No test, don't know how exactly this happens.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::outgoingReferrer):
+
+ Null check the frame.
+
2016-12-14 Chris Dumez <[email protected]>
Unreviewed, rolling out r209766.
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (209816 => 209817)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2016-12-14 18:44:13 UTC (rev 209816)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2016-12-14 18:54:28 UTC (rev 209817)
@@ -923,12 +923,14 @@
// See http://www.whatwg.org/specs/web-apps/current-work/#fetching-resources
// for why we walk the parent chain for srcdoc documents.
Frame* frame = &m_frame;
- while (frame->document()->isSrcdocDocument()) {
+ while (frame && frame->document()->isSrcdocDocument()) {
frame = frame->tree().parent();
// Srcdoc documents cannot be top-level documents, by definition,
// because they need to be contained in iframes with the srcdoc.
ASSERT(frame);
}
+ if (!frame)
+ return emptyString();
return frame->loader().m_outgoingReferrer;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
