[webkit-changes] [256068] trunk/Source/WebKit

[timothy]

Title: [256068] trunk/Source/WebKit

Revision

256068

Author

timo...@apple.com

Date

2020-02-07 15:01:42 -0800 (Fri, 07 Feb 2020)

Log Message

Crash under WKBundleFrameForJavaScriptContext dereferencing a NULL WebCore::Frame.
https://bugs.webkit.org/show_bug.cgi?id=207407
rdar://problem/59206599

Reviewed by Tim Horton.

* WebProcess/WebPage/WebFrame.cpp:
(WebKit::WebFrame::frameForContext): Add a null check for the coreFrame.

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp

Diff

Modified: trunk/Source/WebKit/ChangeLog (256067 => 256068)

--- trunk/Source/WebKit/ChangeLog	2020-02-07 22:52:51 UTC (rev 256067)
+++ trunk/Source/WebKit/ChangeLog	2020-02-07 23:01:42 UTC (rev 256068)
@@ -1,3 +1,14 @@
+2020-02-07  Timothy Hatcher  <timo...@apple.com>
+
+        Crash under WKBundleFrameForJavaScriptContext dereferencing a NULL WebCore::Frame.
+        https://bugs.webkit.org/show_bug.cgi?id=207407
+        rdar://problem/59206599
+
+        Reviewed by Tim Horton.
+
+        * WebProcess/WebPage/WebFrame.cpp:
+        (WebKit::WebFrame::frameForContext): Add a null check for the coreFrame.
+
 2020-02-07  Ryan Haddad  <ryanhad...@apple.com>
 
         Unreviewed, rolling out r256051.

Modified: trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp (256067 => 256068)

--- trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp	2020-02-07 22:52:51 UTC (rev 256067)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebFrame.cpp	2020-02-07 23:01:42 UTC (rev 256068)
@@ -703,12 +703,14 @@
 
 WebFrame* WebFrame::frameForContext(JSContextRef context)
 {
-
     JSC::JSGlobalObject* globalObjectObj = toJS(context);
     JSDOMWindow* window = jsDynamicCast<JSDOMWindow*>(globalObjectObj->vm(), globalObjectObj);
     if (!window)
         return nullptr;
-    return WebFrame::fromCoreFrame(*(window->wrapped().frame()));
+    auto* coreFrame = window->wrapped().frame();
+    if (!coreFrame)
+        return nullptr;
+    return WebFrame::fromCoreFrame(*coreFrame);
 }
 
 JSValueRef WebFrame::jsWrapperForWorld(InjectedBundleNodeHandle* nodeHandle, InjectedBundleScriptWorld* world)

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes