[webkit-changes] [259378] trunk/Source/WebCore

Wed, 01 Apr 2020 22:24:30 -0700

Title: [259378] trunk/Source/WebCore
Revision
259378
Author
[email protected]
Date
2020-04-01 22:22:48 -0700 (Wed, 01 Apr 2020)

Log Message

Crash in WebCore::HTMLDocumentParser::insert
https://bugs.webkit.org/show_bug.cgi?id=209892

Reviewed by Darin Adler.

Speculative fix to check that the parser hasn't been detached before running preload scanner.

No new tests since there is no reproduction and I couldn't come up with one.

* html/parser/HTMLDocumentParser.cpp:
(WebCore::HTMLDocumentParser::pumpTokenizer):
(WebCore::HTMLDocumentParser::insert):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (259377 => 259378)


--- trunk/Source/WebCore/ChangeLog	2020-04-02 03:55:19 UTC (rev 259377)
+++ trunk/Source/WebCore/ChangeLog	2020-04-02 05:22:48 UTC (rev 259378)
@@ -1,3 +1,18 @@
+2020-04-01  Ryosuke Niwa  <[email protected]>
+
+        Crash in WebCore::HTMLDocumentParser::insert
+        https://bugs.webkit.org/show_bug.cgi?id=209892
+
+        Reviewed by Darin Adler.
+
+        Speculative fix to check that the parser hasn't been detached before running preload scanner.
+
+        No new tests since there is no reproduction and I couldn't come up with one.
+
+        * html/parser/HTMLDocumentParser.cpp:
+        (WebCore::HTMLDocumentParser::pumpTokenizer):
+        (WebCore::HTMLDocumentParser::insert):
+
 2020-04-01  Jack Lee  <[email protected]>
 
         Remove the unnecessary null check for document

Modified: trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp (259377 => 259378)


--- trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp	2020-04-02 03:55:19 UTC (rev 259377)
+++ trunk/Source/WebCore/html/parser/HTMLDocumentParser.cpp	2020-04-02 05:22:48 UTC (rev 259378)
@@ -333,7 +333,7 @@
     if (shouldResume)
         m_parserScheduler->scheduleForResume();
 
-    if (isWaitingForScripts()) {
+    if (isWaitingForScripts() && !isDetached()) {
         ASSERT(m_tokenizer.isInDataState());
         if (!m_preloadScanner) {
             m_preloadScanner = makeUnique<HTMLPreloadScanner>(m_options, document()->url(), document()->deviceScaleFactor());
@@ -391,7 +391,7 @@
     m_input.insertAtCurrentInsertionPoint(WTFMove(source));
     pumpTokenizerIfPossible(ForceSynchronous);
 
-    if (isWaitingForScripts()) {
+    if (isWaitingForScripts() && !isDetached()) {
         // Check the document.write() output with a separate preload scanner as
         // the main scanner can't deal with insertions.
         if (!m_insertionPreloadScanner)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to