[webkit-changes] [255372] trunk/Source/WebKitLegacy/mac

[timothy_horton]

Title: [255372] trunk/Source/WebKitLegacy/mac

Revision

255372

Author

timothy_hor...@apple.com

Date

2020-01-29 11:36:27 -0800 (Wed, 29 Jan 2020)

Log Message

Null deref under -[WebFrame isTelephoneNumberParsingAllowed]
https://bugs.webkit.org/show_bug.cgi?id=206921

Reviewed by Anders Carlsson.

* WebView/WebFrame.mm:
(-[WebFrame isTelephoneNumberParsingAllowed]):
(-[WebFrame isTelephoneNumberParsingEnabled]):
DataDetectors can hold on to a WebFrame on an operation queue before
calling into these methods. In the meantime, it is possible for the
WebView to be closed, resulting in a null core Frame.
This is not reproducible in a test app, but a speculative fix seems fine.

Modified Paths

• trunk/Source/WebKitLegacy/mac/ChangeLog
• trunk/Source/WebKitLegacy/mac/WebView/WebFrame.mm

Diff

Modified: trunk/Source/WebKitLegacy/mac/ChangeLog (255371 => 255372)

--- trunk/Source/WebKitLegacy/mac/ChangeLog	2020-01-29 19:35:21 UTC (rev 255371)
+++ trunk/Source/WebKitLegacy/mac/ChangeLog	2020-01-29 19:36:27 UTC (rev 255372)
@@ -1,3 +1,18 @@
+2020-01-29  Tim Horton  <timothy_hor...@apple.com>
+
+        Null deref under -[WebFrame isTelephoneNumberParsingAllowed]
+        https://bugs.webkit.org/show_bug.cgi?id=206921
+
+        Reviewed by Anders Carlsson.
+
+        * WebView/WebFrame.mm:
+        (-[WebFrame isTelephoneNumberParsingAllowed]):
+        (-[WebFrame isTelephoneNumberParsingEnabled]):
+        DataDetectors can hold on to a WebFrame on an operation queue before
+        calling into these methods. In the meantime, it is possible for the
+        WebView to be closed, resulting in a null core Frame.
+        This is not reproducible in a test app, but a speculative fix seems fine.
+
 2020-01-27  Antoine Quint  <grao...@apple.com>
 
         [Web Animations] Make Animation.timeline read-write only if a runtime flag is enabled

Modified: trunk/Source/WebKitLegacy/mac/WebView/WebFrame.mm (255371 => 255372)

--- trunk/Source/WebKitLegacy/mac/WebView/WebFrame.mm	2020-01-29 19:35:21 UTC (rev 255371)
+++ trunk/Source/WebKitLegacy/mac/WebView/WebFrame.mm	2020-01-29 19:36:27 UTC (rev 255372)
@@ -1446,14 +1446,18 @@
 
 - (BOOL)isTelephoneNumberParsingAllowed
 {
-    auto* document = core(self)->document();
-    return document->isTelephoneNumberParsingAllowed();
+    WebCore::Frame *frame = core(self);
+    if (!frame || !frame->document())
+        return false;
+    return frame->document()->isTelephoneNumberParsingAllowed();
 }
 
 - (BOOL)isTelephoneNumberParsingEnabled
 {
-    auto* document = core(self)->document();
-    return document->isTelephoneNumberParsingEnabled();
+    WebCore::Frame *frame = core(self);
+    if (!frame || !frame->document())
+        return false;
+    return frame->document()->isTelephoneNumberParsingEnabled();
 }
 
 - (DOMRange *)selectedDOMRange

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes