[webkit-changes] [259525] trunk/Source/WebCore

Fri, 03 Apr 2020 18:06:27 -0700

Title: [259525] trunk/Source/WebCore
Revision
259525
Author
[email protected]
Date
2020-04-03 18:04:42 -0700 (Fri, 03 Apr 2020)

Log Message

Protect contentFrame in SubframeLoader::loadOrRedirectSubframe with RefPtr.
https://bugs.webkit.org/show_bug.cgi?id=127096
<rdar://problem/61221941>

Reviewed by Alex Christensen.

ContentFrame is used throughout loadOrRedirectSubframe so it needs to be protected with RefPtr.
And if loader changes frame in SubframeLoader::loadSubframe, return nullptr to notify the caller.

No new tests, covered by existing test.

* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::loadOrRedirectSubframe):
(WebCore::SubframeLoader::loadSubframe):
* loader/SubframeLoader.h:

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (259524 => 259525)


--- trunk/Source/WebCore/ChangeLog	2020-04-04 01:01:13 UTC (rev 259524)
+++ trunk/Source/WebCore/ChangeLog	2020-04-04 01:04:42 UTC (rev 259525)
@@ -1,3 +1,21 @@
+2020-04-03  Jack Lee  <[email protected]>
+
+        Protect contentFrame in SubframeLoader::loadOrRedirectSubframe with RefPtr.
+        https://bugs.webkit.org/show_bug.cgi?id=127096
+        <rdar://problem/61221941>
+
+        Reviewed by Alex Christensen.
+
+        ContentFrame is used throughout loadOrRedirectSubframe so it needs to be protected with RefPtr.
+        And if loader changes frame in SubframeLoader::loadSubframe, return nullptr to notify the caller.
+
+        No new tests, covered by existing test.
+
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::loadOrRedirectSubframe):
+        (WebCore::SubframeLoader::loadSubframe):
+        * loader/SubframeLoader.h:
+
 2020-04-03  Alex Christensen  <[email protected]>
 
         Add SPI to make WKUserScripts wait for a notification

Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (259524 => 259525)


--- trunk/Source/WebCore/loader/SubframeLoader.cpp	2020-04-04 01:01:13 UTC (rev 259524)
+++ trunk/Source/WebCore/loader/SubframeLoader.cpp	2020-04-04 01:04:42 UTC (rev 259525)
@@ -303,7 +303,7 @@
     URL upgradedRequestURL = requestURL;
     initiatingDocument.contentSecurityPolicy()->upgradeInsecureRequestIfNeeded(upgradedRequestURL, ContentSecurityPolicy::InsecureRequestType::Load);
 
-    auto* frame = ownerElement.contentFrame();
+    RefPtr<Frame> frame = makeRefPtr(ownerElement.contentFrame());
     if (frame)
         frame->navigationScheduler().scheduleLocationChange(initiatingDocument, initiatingDocument.securityOrigin(), upgradedRequestURL, m_frame.loader().outgoingReferrer(), lockHistory, lockBackForwardList);
     else
@@ -316,7 +316,7 @@
     return ownerElement.contentFrame();
 }
 
-Frame* SubframeLoader::loadSubframe(HTMLFrameOwnerElement& ownerElement, const URL& url, const String& name, const String& referrer)
+RefPtr<Frame> SubframeLoader::loadSubframe(HTMLFrameOwnerElement& ownerElement, const URL& url, const String& name, const String& referrer)
 {
     Ref<Frame> protect(m_frame);
     auto document = makeRef(ownerElement.document());
@@ -376,7 +376,10 @@
     if (frame->loader().state() == FrameStateComplete && !frame->loader().policyDocumentLoader())
         frame->loader().checkCompleted();
 
-    return frame.get();
+    if (!frame->tree().parent())
+        return nullptr;
+
+    return frame;
 }
 
 bool SubframeLoader::allowPlugins()

Modified: trunk/Source/WebCore/loader/SubframeLoader.h (259524 => 259525)


--- trunk/Source/WebCore/loader/SubframeLoader.h	2020-04-04 01:01:13 UTC (rev 259524)
+++ trunk/Source/WebCore/loader/SubframeLoader.h	2020-04-04 01:04:42 UTC (rev 259525)
@@ -70,7 +70,7 @@
 private:
     bool requestPlugin(HTMLPlugInImageElement&, const URL&, const String& serviceType, const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback);
     Frame* loadOrRedirectSubframe(HTMLFrameOwnerElement&, const URL&, const AtomString& frameName, LockHistory, LockBackForwardList);
-    Frame* loadSubframe(HTMLFrameOwnerElement&, const URL&, const String& name, const String& referrer);
+    RefPtr<Frame> loadSubframe(HTMLFrameOwnerElement&, const URL&, const String& name, const String& referrer);
     bool loadPlugin(HTMLPlugInImageElement&, const URL&, const String& mimeType, const Vector<String>& paramNames, const Vector<String>& paramValues, bool useFallback);
 
     bool shouldUsePlugin(const URL&, const String& mimeType, bool hasFallback, bool& useFallback);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to