Title: [241513] branches/safari-607-branch
- Revision
- 241513
- Author
- [email protected]
- Date
- 2019-02-14 00:35:00 -0800 (Thu, 14 Feb 2019)
Log Message
Cherry-pick r241500. rdar://problem/48065631
Crash in WKBundleFrameGetParentFrame when called inside didRemoveFrameFromHierarchy
https://bugs.webkit.org/show_bug.cgi?id=194641
Reviewed by Geoffrey Garen.
Source/WebKit:
Fixed the bug by adding a null check to WebFrame::parentFrame.
* WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::parentFrame const):
Tools:
Added a call to WKBundleFrameGetParentFrame to an existing test for didRemoveFrameFromHierarchy
so that the test would fail without this fix.
* TestWebKitAPI/Tests/WebKit/DidRemoveFrameFromHiearchyInPageCache_Bundle.cpp:
(TestWebKitAPI::didRemoveFrameFromHierarchyCallback):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241500 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-607-branch/Source/WebKit/ChangeLog (241512 => 241513)
--- branches/safari-607-branch/Source/WebKit/ChangeLog 2019-02-14 08:34:58 UTC (rev 241512)
+++ branches/safari-607-branch/Source/WebKit/ChangeLog 2019-02-14 08:35:00 UTC (rev 241513)
@@ -1,5 +1,44 @@
2019-02-13 Babak Shafiei <[email protected]>
+ Cherry-pick r241500. rdar://problem/48065631
+
+ Crash in WKBundleFrameGetParentFrame when called inside didRemoveFrameFromHierarchy
+ https://bugs.webkit.org/show_bug.cgi?id=194641
+
+ Reviewed by Geoffrey Garen.
+
+ Source/WebKit:
+
+ Fixed the bug by adding a null check to WebFrame::parentFrame.
+
+ * WebProcess/WebPage/WebFrame.cpp:
+ (WebKit::WebFrame::parentFrame const):
+
+ Tools:
+
+ Added a call to WKBundleFrameGetParentFrame to an existing test for didRemoveFrameFromHierarchy
+ so that the test would fail without this fix.
+
+ * TestWebKitAPI/Tests/WebKit/DidRemoveFrameFromHiearchyInPageCache_Bundle.cpp:
+ (TestWebKitAPI::didRemoveFrameFromHierarchyCallback):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241500 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-02-13 Ryosuke Niwa <[email protected]>
+
+ Crash in WKBundleFrameGetParentFrame when called inside didRemoveFrameFromHierarchy
+ https://bugs.webkit.org/show_bug.cgi?id=194641
+
+ Reviewed by Geoffrey Garen.
+
+ Fixed the bug by adding a null check to WebFrame::parentFrame.
+
+ * WebProcess/WebPage/WebFrame.cpp:
+ (WebKit::WebFrame::parentFrame const):
+
+2019-02-13 Babak Shafiei <[email protected]>
+
Cherry-pick r241481. rdar://problem/48065616
Encrypted PDFs inside <embed> or <object> crash the Web Content process
Modified: branches/safari-607-branch/Source/WebKit/WebProcess/WebPage/WebFrame.cpp (241512 => 241513)
--- branches/safari-607-branch/Source/WebKit/WebProcess/WebPage/WebFrame.cpp 2019-02-14 08:34:58 UTC (rev 241512)
+++ branches/safari-607-branch/Source/WebKit/WebProcess/WebPage/WebFrame.cpp 2019-02-14 08:35:00 UTC (rev 241513)
@@ -463,9 +463,13 @@
WebFrame* WebFrame::parentFrame() const
{
if (!m_coreFrame || !m_coreFrame->ownerElement())
- return 0;
+ return nullptr;
- return WebFrame::fromCoreFrame(*m_coreFrame->ownerElement()->document().frame());
+ auto* frame = m_coreFrame->ownerElement()->document().frame();
+ if (!frame)
+ return nullptr;
+
+ return WebFrame::fromCoreFrame(*frame);
}
Ref<API::Array> WebFrame::childFrames()
Modified: branches/safari-607-branch/Tools/ChangeLog (241512 => 241513)
--- branches/safari-607-branch/Tools/ChangeLog 2019-02-14 08:34:58 UTC (rev 241512)
+++ branches/safari-607-branch/Tools/ChangeLog 2019-02-14 08:35:00 UTC (rev 241513)
@@ -1,5 +1,45 @@
2019-02-13 Babak Shafiei <[email protected]>
+ Cherry-pick r241500. rdar://problem/48065631
+
+ Crash in WKBundleFrameGetParentFrame when called inside didRemoveFrameFromHierarchy
+ https://bugs.webkit.org/show_bug.cgi?id=194641
+
+ Reviewed by Geoffrey Garen.
+
+ Source/WebKit:
+
+ Fixed the bug by adding a null check to WebFrame::parentFrame.
+
+ * WebProcess/WebPage/WebFrame.cpp:
+ (WebKit::WebFrame::parentFrame const):
+
+ Tools:
+
+ Added a call to WKBundleFrameGetParentFrame to an existing test for didRemoveFrameFromHierarchy
+ so that the test would fail without this fix.
+
+ * TestWebKitAPI/Tests/WebKit/DidRemoveFrameFromHiearchyInPageCache_Bundle.cpp:
+ (TestWebKitAPI::didRemoveFrameFromHierarchyCallback):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@241500 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-02-13 Ryosuke Niwa <[email protected]>
+
+ Crash in WKBundleFrameGetParentFrame when called inside didRemoveFrameFromHierarchy
+ https://bugs.webkit.org/show_bug.cgi?id=194641
+
+ Reviewed by Geoffrey Garen.
+
+ Added a call to WKBundleFrameGetParentFrame to an existing test for didRemoveFrameFromHierarchy
+ so that the test would fail without this fix.
+
+ * TestWebKitAPI/Tests/WebKit/DidRemoveFrameFromHiearchyInPageCache_Bundle.cpp:
+ (TestWebKitAPI::didRemoveFrameFromHierarchyCallback):
+
+2019-02-13 Babak Shafiei <[email protected]>
+
Cherry-pick r241480. rdar://problem/48065618
Further restricting webarchive loads
Modified: branches/safari-607-branch/Tools/TestWebKitAPI/Tests/WebKit/DidRemoveFrameFromHiearchyInPageCache_Bundle.cpp (241512 => 241513)
--- branches/safari-607-branch/Tools/TestWebKitAPI/Tests/WebKit/DidRemoveFrameFromHiearchyInPageCache_Bundle.cpp 2019-02-14 08:34:58 UTC (rev 241512)
+++ branches/safari-607-branch/Tools/TestWebKitAPI/Tests/WebKit/DidRemoveFrameFromHiearchyInPageCache_Bundle.cpp 2019-02-14 08:35:00 UTC (rev 241513)
@@ -30,6 +30,7 @@
#include "InjectedBundleTest.h"
#include "PlatformUtilities.h"
+#include <WebKit/WKBundleFrame.h>
#include <WebKit/WKBundlePage.h>
namespace TestWebKitAPI {
@@ -45,10 +46,12 @@
static unsigned didRemoveFrameFromHierarchyCount;
-void didRemoveFrameFromHierarchyCallback(WKBundlePageRef page, WKBundleFrameRef, WKTypeRef*, const void*)
+void didRemoveFrameFromHierarchyCallback(WKBundlePageRef page, WKBundleFrameRef frame, WKTypeRef*, const void*)
{
didRemoveFrameFromHierarchyCount++;
+ RELEASE_ASSERT(!WKBundleFrameGetParentFrame(frame));
+
WKRetainPtr<WKStringRef> message(AdoptWK, WKStringCreateWithUTF8CString("DidRemoveFrameFromHierarchy"));
WKBundlePagePostMessage(page, message.get(), message.get());
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
