Skip to site navigation (Press enter)

[webkit-changes] [228793] releases/WebKitGTK/webkit-2.20

carlosgc Tue, 20 Feb 2018 04:13:22 -0800

Title: [228793] releases/WebKitGTK/webkit-2.20

Revision: 228793
Author: carlo...@webkit.org
Date: 2018-02-20 04:12:18 -0800 (Tue, 20 Feb 2018)

Log Message

Merge r228561 - fast/frames/sandboxed-iframe-navigation-top-denied.html is crashing in Inspector::createScriptCallStackForConsole::Exec for GTK
https://bugs.webkit.org/show_bug.cgi?id=172952


Patch by Fujii Hironori <hironori.fu...@sony.com> on 2018-02-16
Reviewed by Michael Catanzaro.

Source/_javascript_Core:

Null dereference of VM::topCallFrame happens in
Inspector::createScriptCallStackForConsole if the ExecState has no
call frames.

* inspector/ScriptCallStackFactory.cpp:
(Inspector::createScriptCallStack): Do null check of topCallFrame.
(Inspector::createScriptCallStackForConsole): Ditto.

LayoutTests:

* platform/gtk/TestExpectations: Unmarked fast/frames/sandboxed-iframe-navigation-top-denied.html.

Modified Paths

releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog
releases/WebKitGTK/webkit-2.20/LayoutTests/platform/gtk/TestExpectations
releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog
releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/inspector/ScriptCallStackFactory.cpp

Diff

Modified: releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog (228792 => 228793)


--- releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog	2018-02-20 12:12:11 UTC (rev 228792)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/ChangeLog	2018-02-20 12:12:18 UTC (rev 228793)
@@ -1,5 +1,14 @@
 2018-02-16  Fujii Hironori  <hironori.fu...@sony.com>
 
+        fast/frames/sandboxed-iframe-navigation-top-denied.html is crashing in Inspector::createScriptCallStackForConsole::Exec for GTK
+        https://bugs.webkit.org/show_bug.cgi?id=172952
+
+        Reviewed by Michael Catanzaro.
+
+        * platform/gtk/TestExpectations: Unmarked fast/frames/sandboxed-iframe-navigation-top-denied.html.
+
+2018-02-16  Fujii Hironori  <hironori.fu...@sony.com>
+
         IndexedDB: Several test crash in when destroying a IDBKeyData
         https://bugs.webkit.org/show_bug.cgi?id=167576

Modified: releases/WebKitGTK/webkit-2.20/LayoutTests/platform/gtk/TestExpectations (228792 => 228793)


--- releases/WebKitGTK/webkit-2.20/LayoutTests/platform/gtk/TestExpectations	2018-02-20 12:12:11 UTC (rev 228792)
+++ releases/WebKitGTK/webkit-2.20/LayoutTests/platform/gtk/TestExpectations	2018-02-20 12:12:18 UTC (rev 228793)
@@ -1285,7 +1285,6 @@
 
 webkit.org/b/172951 editing/execCommand/crash-replacing-list-by-list.html [ Crash ]
 webkit.org/b/172951 editing/inserting/insert-table-in-paragraph-crash.html [ Crash ]
-webkit.org/b/172952 fast/frames/sandboxed-iframe-navigation-top-denied.html [ Crash ]
 
 webkit.org/b/172955 media/video-preload.html [ Crash Pass ]

Modified: releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog (228792 => 228793)


--- releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog	2018-02-20 12:12:11 UTC (rev 228792)
+++ releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/ChangeLog	2018-02-20 12:12:18 UTC (rev 228793)
@@ -1,3 +1,18 @@
+2018-02-16  Fujii Hironori  <hironori.fu...@sony.com>
+
+        fast/frames/sandboxed-iframe-navigation-top-denied.html is crashing in Inspector::createScriptCallStackForConsole::Exec for GTK
+        https://bugs.webkit.org/show_bug.cgi?id=172952
+
+        Reviewed by Michael Catanzaro.
+
+        Null dereference of VM::topCallFrame happens in
+        Inspector::createScriptCallStackForConsole if the ExecState has no
+        call frames.
+
+        * inspector/ScriptCallStackFactory.cpp:
+        (Inspector::createScriptCallStack): Do null check of topCallFrame.
+        (Inspector::createScriptCallStackForConsole): Ditto.
+
 2018-02-18  Dominik Inführ  <dominik.infu...@gmail.com>
 
         Offlineasm/MIPS: immediates need to be within 16-bit signed values

Modified: releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/inspector/ScriptCallStackFactory.cpp (228792 => 228793)


--- releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/inspector/ScriptCallStackFactory.cpp	2018-02-20 12:12:11 UTC (rev 228792)
+++ releases/WebKitGTK/webkit-2.20/Source/_javascript_Core/inspector/ScriptCallStackFactory.cpp	2018-02-20 12:12:18 UTC (rev 228793)
@@ -93,6 +93,8 @@
     Vector<ScriptCallFrame> frames;
 
     CallFrame* frame = exec->vm().topCallFrame;
+    if (!frame)
+        return ScriptCallStack::create();
     CreateScriptCallStackFunctor functor(false, frames, maxStackSize);
     frame->iterate(functor);
 
@@ -108,6 +110,8 @@
     Vector<ScriptCallFrame> frames;
 
     CallFrame* frame = exec->vm().topCallFrame;
+    if (!frame)
+        return ScriptCallStack::create();
     CreateScriptCallStackFunctor functor(true, frames, maxStackSize);
     frame->iterate(functor);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes