[webkit-changes] [274996] trunk/Source/WebCore

Wed, 24 Mar 2021 18:49:16 -0700

Title: [274996] trunk/Source/WebCore
Revision
274996
Author
[email protected]
Date
2021-03-24 18:48:19 -0700 (Wed, 24 Mar 2021)

Log Message

bindings/js/JSEventListener.cpp:281:91: runtime error: reference binding to null pointer of type 'WebCore::ScriptExecutionContext'
https://bugs.webkit.org/show_bug.cgi?id=223719

Reviewed by Darin Adler.

Make sure we null check the scriptExecutionContext before we dereference it.

* bindings/js/JSEventListener.cpp:
(WebCore::eventHandlerAttribute):
(WebCore::windowEventHandlerAttribute):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (274995 => 274996)


--- trunk/Source/WebCore/ChangeLog	2021-03-25 01:42:09 UTC (rev 274995)
+++ trunk/Source/WebCore/ChangeLog	2021-03-25 01:48:19 UTC (rev 274996)
@@ -1,5 +1,18 @@
 2021-03-24  Chris Dumez  <[email protected]>
 
+        bindings/js/JSEventListener.cpp:281:91: runtime error: reference binding to null pointer of type 'WebCore::ScriptExecutionContext'
+        https://bugs.webkit.org/show_bug.cgi?id=223719
+
+        Reviewed by Darin Adler.
+
+        Make sure we null check the scriptExecutionContext before we dereference it.
+
+        * bindings/js/JSEventListener.cpp:
+        (WebCore::eventHandlerAttribute):
+        (WebCore::windowEventHandlerAttribute):
+
+2021-03-24  Chris Dumez  <[email protected]>
+
         Port FontDescriptionKey::computeHash() from legacy IntegerHasher to Hasher
         https://bugs.webkit.org/show_bug.cgi?id=223701

Modified: trunk/Source/WebCore/bindings/js/JSEventListener.cpp (274995 => 274996)


--- trunk/Source/WebCore/bindings/js/JSEventListener.cpp	2021-03-25 01:42:09 UTC (rev 274995)
+++ trunk/Source/WebCore/bindings/js/JSEventListener.cpp	2021-03-25 01:48:19 UTC (rev 274996)
@@ -278,7 +278,10 @@
 
 JSC::JSValue eventHandlerAttribute(EventTarget& target, const AtomString& eventType, DOMWrapperWorld& isolatedWorld)
 {
-    return eventHandlerAttribute(target.attributeEventListener(eventType, isolatedWorld), *target.scriptExecutionContext());
+    auto* context = target.scriptExecutionContext();
+    if (!context)
+        return jsNull();
+    return eventHandlerAttribute(target.attributeEventListener(eventType, isolatedWorld), *context);
 }
 
 void setEventHandlerAttribute(JSC::JSGlobalObject& lexicalGlobalObject, JSC::JSObject& wrapper, EventTarget& target, const AtomString& eventType, JSC::JSValue value)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to