[webkit-changes] [227758] trunk/Source/WebKit

[achristensen]

Title: [227758] trunk/Source/WebKit

Revision

227758

Author

achristen...@apple.com

Date

2018-01-29 15:17:13 -0800 (Mon, 29 Jan 2018)

Log Message

Make policy checks more robust against null pointer dereferencing
https://bugs.webkit.org/show_bug.cgi?id=182263
<rdar://problem/34895714>

Reviewed by Tim Horton.

We're still dereferencing null.  Check everything.

* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (227757 => 227758)

--- trunk/Source/WebKit/ChangeLog	2018-01-29 22:35:06 UTC (rev 227757)
+++ trunk/Source/WebKit/ChangeLog	2018-01-29 23:17:13 UTC (rev 227758)
@@ -1,3 +1,16 @@
+2018-01-29  Alex Christensen  <achristen...@webkit.org>
+
+        Make policy checks more robust against null pointer dereferencing
+        https://bugs.webkit.org/show_bug.cgi?id=182263
+        <rdar://problem/34895714>
+
+        Reviewed by Tim Horton.
+
+        We're still dereferencing null.  Check everything.
+
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+        (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForResponse):
+
 2018-01-29  Brent Fulgham  <bfulg...@apple.com>
 
         Add telemetry to track storage access API adoption

Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (227757 => 227758)

--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2018-01-29 22:35:06 UTC (rev 227757)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2018-01-29 23:17:13 UTC (rev 227758)
@@ -748,7 +748,10 @@
     WebCore::Frame* coreFrame = m_frame->coreFrame();
     if (!coreFrame)
         return function(PolicyAction::Ignore);
-    auto navigationID = static_cast<WebDocumentLoader&>(*coreFrame->loader().provisionalDocumentLoader()).navigationID();
+    auto* policyDocumentLoader = coreFrame->loader().provisionalDocumentLoader();
+    if (!policyDocumentLoader)
+        return function(PolicyAction::Ignore);
+    auto navigationID = static_cast<WebDocumentLoader&>(*policyDocumentLoader).navigationID();
     if (!webPage->sendSync(Messages::WebPageProxy::DecidePolicyForResponseSync(m_frame->frameID(), SecurityOriginData::fromFrame(coreFrame), navigationID, response, request, canShowMIMEType, listenerID, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())), Messages::WebPageProxy::DecidePolicyForResponseSync::Reply(receivedPolicyAction, policyAction, downloadID), Seconds::infinity(), IPC::SendSyncOption::InformPlatformProcessWillSuspend)) {
         m_frame->didReceivePolicyDecision(listenerID, PolicyAction::Ignore, 0, { }, { });
         return;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes