[webkit-changes] [239305] trunk/Source/WebKit

Mon, 17 Dec 2018 17:32:44 -0800

Title: [239305] trunk/Source/WebKit
Revision
239305
Author
commit-qu...@webkit.org
Date
2018-12-17 17:32:34 -0800 (Mon, 17 Dec 2018)

Log Message

Fix occasional null-dereference crash in WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame
https://bugs.webkit.org/show_bug.cgi?id=192744
<rdar://problem/45842668>

Patch by Alex Christensen <achristen...@webkit.org> on 2018-12-17
Reviewed by Chris Dumez.

* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame):
Things happen.  Navigations can be null.  If they are, we shouldn't dereference pointers to them.

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (239304 => 239305)


--- trunk/Source/WebKit/ChangeLog	2018-12-18 01:21:07 UTC (rev 239304)
+++ trunk/Source/WebKit/ChangeLog	2018-12-18 01:32:34 UTC (rev 239305)
@@ -1,3 +1,15 @@
+2018-12-17  Alex Christensen  <achristen...@webkit.org>
+
+        Fix occasional null-dereference crash in WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame
+        https://bugs.webkit.org/show_bug.cgi?id=192744
+        <rdar://problem/45842668>
+
+        Reviewed by Chris Dumez.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame):
+        Things happen.  Navigations can be null.  If they are, we shouldn't dereference pointers to them.
+
 2018-12-17  Chris Dumez  <cdu...@apple.com>
 
         Unreviewed, revert recent CrashReporterClient build fixes as they are no longer needed.

Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (239304 => 239305)


--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2018-12-18 01:21:07 UTC (rev 239304)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp	2018-12-18 01:32:34 UTC (rev 239305)
@@ -3773,11 +3773,9 @@
     MESSAGE_CHECK_URL(request.url());
 
     // FIXME: We should message check that navigationID is not zero here, but it's currently zero for some navigations through the page cache.
-    RefPtr<API::Navigation> navigation;
-    if (navigationID) {
-        navigation = navigationState().navigation(navigationID);
+    RefPtr<API::Navigation> navigation = navigationID ? navigationState().navigation(navigationID) : nullptr;
+    if (navigation)
         navigation->appendRedirectionURL(request.url());
-    }
 
     auto transaction = m_pageLoadState.transaction();
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to