Skip to site navigation (Press enter)

[webkit-changes] [125543] trunk/Source/WebCore

commit-queue Tue, 14 Aug 2012 04:39:06 -0700

Title: [125543] trunk/Source/WebCore

Revision: 125543
Author: [email protected]
Date: 2012-08-14 04:39:28 -0700 (Tue, 14 Aug 2012)

Log Message

Fix crash in http/tests/plugins/plugin-document-has-focus
https://bugs.webkit.org/show_bug.cgi?id=93949


Patch by Mike West <[email protected]> on 2012-08-14
Reviewed by Jochen Eisinger.

Covered by http/tests/plugins/plugin-document-has-focus.html. If that
doesn't crash, we're good!

* loader/SubframeLoader.cpp:
(WebCore::SubframeLoader::pluginIsLoadable):
    Check the PluginDocument's ownerElement before derefing.

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/loader/SubframeLoader.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (125542 => 125543)


--- trunk/Source/WebCore/ChangeLog	2012-08-14 11:32:46 UTC (rev 125542)
+++ trunk/Source/WebCore/ChangeLog	2012-08-14 11:39:28 UTC (rev 125543)
@@ -1,3 +1,17 @@
+2012-08-14  Mike West  <[email protected]>
+
+        Fix crash in http/tests/plugins/plugin-document-has-focus
+        https://bugs.webkit.org/show_bug.cgi?id=93949
+
+        Reviewed by Jochen Eisinger.
+
+        Covered by http/tests/plugins/plugin-document-has-focus.html. If that
+        doesn't crash, we're good!
+
+        * loader/SubframeLoader.cpp:
+        (WebCore::SubframeLoader::pluginIsLoadable):
+            Check the PluginDocument's ownerElement before derefing.
+
 2012-08-14  KwangYong Choi  <[email protected]>
 
         [EFL] Fixed displaying buffering progress in the media control.

Modified: trunk/Source/WebCore/loader/SubframeLoader.cpp (125542 => 125543)


--- trunk/Source/WebCore/loader/SubframeLoader.cpp	2012-08-14 11:32:46 UTC (rev 125542)
+++ trunk/Source/WebCore/loader/SubframeLoader.cpp	2012-08-14 11:39:28 UTC (rev 125543)
@@ -126,7 +126,7 @@
             return false;
         }
 
-        String declaredMimeType = document()->isPluginDocument() ?
+        String declaredMimeType = document()->isPluginDocument() && document()->ownerElement() ?
             document()->ownerElement()->fastGetAttribute(HTMLNames::typeAttr) :
             pluginElement->fastGetAttribute(HTMLNames::typeAttr);
         if (!document()->contentSecurityPolicy()->allowObjectFromSource(url)

_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo/webkit-changes