Title: [276662] branches/safari-611-branch/Source/WebCore
- Revision
- 276662
- Author
- [email protected]
- Date
- 2021-04-27 14:07:08 -0700 (Tue, 27 Apr 2021)
Log Message
Cherry-pick r276530. rdar://problem/77211441
Crash in constructCustomElementSynchronously
https://bugs.webkit.org/show_bug.cgi?id=224992
<rdar://66988026>
Reviewed by Tadeu Zagallo.
Exit early when the global object is nullptr although this shouldn't happen.
No new tests since we have no reproductions.
* bindings/js/JSCustomElementInterface.cpp:
(WebCore::JSCustomElementInterface::tryToConstructCustomElement): Added a null check.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276530 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: branches/safari-611-branch/Source/WebCore/ChangeLog (276661 => 276662)
--- branches/safari-611-branch/Source/WebCore/ChangeLog 2021-04-27 21:07:04 UTC (rev 276661)
+++ branches/safari-611-branch/Source/WebCore/ChangeLog 2021-04-27 21:07:08 UTC (rev 276662)
@@ -1,5 +1,40 @@
2021-04-27 Russell Epstein <[email protected]>
+ Cherry-pick r276530. rdar://problem/77211441
+
+ Crash in constructCustomElementSynchronously
+ https://bugs.webkit.org/show_bug.cgi?id=224992
+ <rdar://66988026>
+
+ Reviewed by Tadeu Zagallo.
+
+ Exit early when the global object is nullptr although this shouldn't happen.
+
+ No new tests since we have no reproductions.
+
+ * bindings/js/JSCustomElementInterface.cpp:
+ (WebCore::JSCustomElementInterface::tryToConstructCustomElement): Added a null check.
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@276530 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-04-23 Ryosuke Niwa <[email protected]>
+
+ Crash in constructCustomElementSynchronously
+ https://bugs.webkit.org/show_bug.cgi?id=224992
+ <rdar://66988026>
+
+ Reviewed by Tadeu Zagallo.
+
+ Exit early when the global object is nullptr although this shouldn't happen.
+
+ No new tests since we have no reproductions.
+
+ * bindings/js/JSCustomElementInterface.cpp:
+ (WebCore::JSCustomElementInterface::tryToConstructCustomElement): Added a null check.
+
+2021-04-27 Russell Epstein <[email protected]>
+
Cherry-pick r274170. rdar://problem/77194450
REGRESSION (r273003): Animated style may lose original display property value
Modified: branches/safari-611-branch/Source/WebCore/bindings/js/JSCustomElementInterface.cpp (276661 => 276662)
--- branches/safari-611-branch/Source/WebCore/bindings/js/JSCustomElementInterface.cpp 2021-04-27 21:07:04 UTC (rev 276661)
+++ branches/safari-611-branch/Source/WebCore/bindings/js/JSCustomElementInterface.cpp 2021-04-27 21:07:08 UTC (rev 276662)
@@ -99,13 +99,16 @@
return nullptr;
ASSERT(&document == scriptExecutionContext());
- auto& lexicalGlobalObject = *document.globalObject();
- auto element = constructCustomElementSynchronously(document, vm, lexicalGlobalObject, m_constructor.get(), localName);
+ auto* lexicalGlobalObject = document.globalObject();
+ ASSERT(lexicalGlobalObject);
+ if (!lexicalGlobalObject)
+ return nullptr;
+ auto element = constructCustomElementSynchronously(document, vm, *lexicalGlobalObject, m_constructor.get(), localName);
EXCEPTION_ASSERT(!!scope.exception() == !element);
if (!element) {
auto* exception = scope.exception();
scope.clearException();
- reportException(&lexicalGlobalObject, exception);
+ reportException(lexicalGlobalObject, exception);
return nullptr;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
