[webkit-changes] [228839] branches/safari-605-branch/Source/WebKit

[jmarcell]

Title: [228839] branches/safari-605-branch/Source/WebKit

Revision

228839

Author

jmarc...@apple.com

Date

2018-02-20 14:30:08 -0800 (Tue, 20 Feb 2018)

Log Message

Cherry-pick r228713. rdar://problem/37714036

Modified Paths

branches/safari-605-branch/Source/WebKit/ChangeLog
branches/safari-605-branch/Source/WebKit/UIProcess/WebPageProxy.cpp

Diff

Modified: branches/safari-605-branch/Source/WebKit/ChangeLog (228838 => 228839)

--- branches/safari-605-branch/Source/WebKit/ChangeLog	2018-02-20 22:30:06 UTC (rev 228838)
+++ branches/safari-605-branch/Source/WebKit/ChangeLog	2018-02-20 22:30:08 UTC (rev 228839)
@@ -1,5 +1,31 @@
 2018-02-20  Jason Marcell  <jmarc...@apple.com>
 
+        Cherry-pick r228713. rdar://problem/37714036
+
+    2018-02-19  Daniel Bates  <daba...@apple.com>
+
+            Null pointer dereference in WebPageProxy::urlSchemeHandlerForScheme()
+            https://bugs.webkit.org/show_bug.cgi?id=182905
+            <rdar://problem/37676775>
+
+            Reviewed by Alex Christensen.
+
+            Return nullptr when querying for the scheme handler of the null string.
+
+            Before a navigation is performed WebKit checks if the destination URL is associated with an app
+            unless the embedding client overrides the WKNavigationDelegate delegate callback -webView:decidePolicyForNavigationAction:decisionHandler.
+            If the URL is not associated with an app then WebKit may fall back to checking if the embedding
+            client registered a scheme handler for it. Currently we assume that the scheme is a non-null
+            string when checking the scheme handler registry. However the scheme can be a null string if
+            it is part of a malformed URL. And this leads to bad news bears when we try to use it to look
+            for a scheme handler. Instead check that the scheme is a non-null string before checking to see
+            if it is in the scheme handler registry.
+
+            * UIProcess/WebPageProxy.cpp:
+            (WebKit::WebPageProxy::urlSchemeHandlerForScheme):
+
+2018-02-20  Jason Marcell  <jmarc...@apple.com>
+
         Cherry-pick r228589. rdar://problem/37697687
 
     2018-02-16  Ryosuke Niwa  <rn...@webkit.org>

Modified: branches/safari-605-branch/Source/WebKit/UIProcess/WebPageProxy.cpp (228838 => 228839)

--- branches/safari-605-branch/Source/WebKit/UIProcess/WebPageProxy.cpp	2018-02-20 22:30:06 UTC (rev 228838)
+++ branches/safari-605-branch/Source/WebKit/UIProcess/WebPageProxy.cpp	2018-02-20 22:30:08 UTC (rev 228839)
@@ -7172,7 +7172,7 @@
 
 WebURLSchemeHandler* WebPageProxy::urlSchemeHandlerForScheme(const String& scheme)
 {
-    return m_urlSchemeHandlersByScheme.get(scheme);
+    return scheme.isNull() ? nullptr : m_urlSchemeHandlersByScheme.get(scheme);
 }
 
 void WebPageProxy::startURLSchemeTask(URLSchemeTaskParameters&& parameters)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes