Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e63fe9d14548d612e19da56efce3dab4f1a59ae2
https://github.com/WebKit/WebKit/commit/e63fe9d14548d612e19da56efce3dab4f1a59ae2
Author: Frédéric Wang <[email protected]>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
A
LayoutTests/fast/harness/internals-object-property-access-on-window-without-frame-crash-expected.txt
A
LayoutTests/fast/harness/internals-object-property-access-on-window-without-frame-crash.html
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
Log Message:
-----------
Fix crashes/assertions when calling internals API on a window without frame
https://bugs.webkit.org/show_bug.cgi?id=286252
Reviewed by Anne van Kesteren and Darin Adler.
There are multiple places in Internals.cpp that assumes a document, a
frame, a page or valid parameters ; and would otherwise crash or assert.
In this patch, we add a generic test case exercising Window.internals
properties when the associated frame is null. It calls the getter and
setter for each of these properties, or if the property is a function,
executes it with ten '1' as arguments. This should cover a large amount
of cases detectable by fuzzers. We also modify the code to fix the
issues found with that new test but there are probably more. Some of
these APIs should probably throw in case of failure, but we don't
necessarily modify their signature in this patch.
*
LayoutTests/fast/harness/internals-object-property-access-on-window-without-frame-crash-expected.txt:
Added.
*
LayoutTests/fast/harness/internals-object-property-access-on-window-without-frame-crash.html:
Added.
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::setStrictRawResourceValidationPolicyDisabled): null-check
frame.
(WebCore::Internals::numberOfActiveAnimations const): ditto.
(WebCore::Internals::numberOfAnimationTimelineInvalidations const): ditto.
(WebCore::Internals::insertTextPlaceholder): ditto.
(WebCore::Internals::formControlStateOfPreviousHistoryItem): ditto.
(WebCore::Internals::setFormControlStateOfPreviousHistoryItem): ditto.
(WebCore::Internals::testProcessIncomingSyncMessagesWhenWaitingForSyncReply):
null-check document, frame and page and throw.
(WebCore::Internals::isDocumentAlive const): Replace ASSERT with an exception.
(WebCore::Internals::openDummyInspectorFrontend): null-check document, frame
and page.
(WebCore::Internals::setInspectorIsUnderTest): ditto.
(WebCore::Internals::setFullscreenAutoHideDuration): ditto and replace ASSERT
with an exception.
(WebCore::Internals::getReferencedFilePaths const): null-check frame.
(WebCore::Internals::startTrackingRenderingUpdates): null-check document, frame
and page.
(WebCore::Internals::renderingUpdateCount): ditto.
(WebCore::Internals::setCompositingPolicyOverride): ditto.
(WebCore::Internals::compositingPolicyOverride const): ditto.
(WebCore::Internals::evaluateInWorldIgnoringException): null-check document and
frame.
(WebCore::Internals::forceAXObjectCacheUpdate const): null-check document and
axObjectCache.
(WebCore::Internals::forceReload): null-check frame.
(WebCore::Internals::reloadExpiredOnly): ditto.
(WebCore::Internals::setSelectionFromNone): ditto.
(WebCore::Internals::mockPaymentCoordinator): null-check page and throw.
(WebCore::Internals::systemColorForCSSValue): Replace RELEASE_ASSERT with an
exception.
(WebCore::Internals::setTopDocumentURLForQuirks): null-check on frame and page.
* Source/WebCore/testing/Internals.h: Change some functions to return
Exceptions.
Canonical link: https://commits.webkit.org/289309@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
