Title: [192582] trunk/Source/WebCore
- Revision
- 192582
- Author
- cdu...@apple.com
- Date
- 2015-11-18 11:07:54 -0800 (Wed, 18 Nov 2015)
Log Message
Null dereference in Performance::Performance(WebCore::Frame*)
https://bugs.webkit.org/show_bug.cgi?id=151390
Reviewed by Brady Eidson.
Based on the stack trace, it appears the DocumentLoader can be null
when constructing the Performance object. This patch thus adds a null
check before trying to dereference it.
No new tests, was not able to reproduce.
* page/DOMWindow.cpp:
(WebCore::DOMWindow::navigator):
(WebCore::DOMWindow::performance):
* page/Performance.cpp:
(WebCore::Performance::Performance):
(WebCore::Performance::scriptExecutionContext):
* page/Performance.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (192581 => 192582)
--- trunk/Source/WebCore/ChangeLog 2015-11-18 19:02:00 UTC (rev 192581)
+++ trunk/Source/WebCore/ChangeLog 2015-11-18 19:07:54 UTC (rev 192582)
@@ -1,3 +1,24 @@
+2015-11-18 Chris Dumez <cdu...@apple.com>
+
+ Null dereference in Performance::Performance(WebCore::Frame*)
+ https://bugs.webkit.org/show_bug.cgi?id=151390
+
+ Reviewed by Brady Eidson.
+
+ Based on the stack trace, it appears the DocumentLoader can be null
+ when constructing the Performance object. This patch thus adds a null
+ check before trying to dereference it.
+
+ No new tests, was not able to reproduce.
+
+ * page/DOMWindow.cpp:
+ (WebCore::DOMWindow::navigator):
+ (WebCore::DOMWindow::performance):
+ * page/Performance.cpp:
+ (WebCore::Performance::Performance):
+ (WebCore::Performance::scriptExecutionContext):
+ * page/Performance.h:
+
2015-11-18 Per Arne Vollan <pe...@outlook.com>
[WinCairo][MediaFoundation] The main thread can sometimes be blocked forever when ending a media session.
Modified: trunk/Source/WebCore/page/DOMWindow.cpp (192581 => 192582)
--- trunk/Source/WebCore/page/DOMWindow.cpp 2015-11-18 19:02:00 UTC (rev 192581)
+++ trunk/Source/WebCore/page/DOMWindow.cpp 2015-11-18 19:07:54 UTC (rev 192582)
@@ -723,7 +723,7 @@
Navigator* DOMWindow::navigator() const
{
if (!isCurrentlyDisplayedInFrame())
- return 0;
+ return nullptr;
if (!m_navigator)
m_navigator = Navigator::create(m_frame);
return m_navigator.get();
@@ -733,9 +733,9 @@
Performance* DOMWindow::performance() const
{
if (!isCurrentlyDisplayedInFrame())
- return 0;
+ return nullptr;
if (!m_performance)
- m_performance = Performance::create(m_frame);
+ m_performance = Performance::create(*m_frame);
return m_performance.get();
}
#endif
Modified: trunk/Source/WebCore/page/Performance.cpp (192581 => 192582)
--- trunk/Source/WebCore/page/Performance.cpp 2015-11-18 19:02:00 UTC (rev 192581)
+++ trunk/Source/WebCore/page/Performance.cpp 2015-11-18 19:07:54 UTC (rev 192582)
@@ -30,10 +30,13 @@
*/
#include "config.h"
+
+#if ENABLE(WEB_TIMING)
#include "Performance.h"
#include "Document.h"
#include "DocumentLoader.h"
+#include "Frame.h"
#include "PerformanceEntry.h"
#include "PerformanceNavigation.h"
#include "PerformanceResourceTiming.h"
@@ -42,22 +45,18 @@
#include "ResourceResponse.h"
#include <wtf/CurrentTime.h>
-#if ENABLE(WEB_TIMING)
-
-#include "Frame.h"
-
namespace WebCore {
#if ENABLE(RESOURCE_TIMING)
static const size_t defaultResourceTimingBufferSize = 150;
#endif
-Performance::Performance(Frame* frame)
- : DOMWindowProperty(frame)
+Performance::Performance(Frame& frame)
+ : DOMWindowProperty(&frame)
#if ENABLE(RESOURCE_TIMING)
, m_resourceTimingBufferSize(defaultResourceTimingBufferSize)
#endif // ENABLE(RESOURCE_TIMING)
- , m_referenceTime(frame->document()->loader()->timing().referenceMonotonicTime())
+ , m_referenceTime(frame.document()->loader() ? frame.document()->loader()->timing().referenceMonotonicTime() : monotonicallyIncreasingTime())
#if ENABLE(USER_TIMING)
, m_userTiming(nullptr)
#endif // ENABLE(USER_TIMING)
@@ -72,7 +71,7 @@
ScriptExecutionContext* Performance::scriptExecutionContext() const
{
if (!frame())
- return 0;
+ return nullptr;
return frame()->document();
}
@@ -231,7 +230,7 @@
double Performance::now() const
{
- double nowSeconds = WTF::monotonicallyIncreasingTime() - m_referenceTime;
+ double nowSeconds = monotonicallyIncreasingTime() - m_referenceTime;
const double resolutionSeconds = 0.000005;
return 1000.0 * floor(nowSeconds / resolutionSeconds) * resolutionSeconds;
}
Modified: trunk/Source/WebCore/page/Performance.h (192581 => 192582)
--- trunk/Source/WebCore/page/Performance.h 2015-11-18 19:02:00 UTC (rev 192581)
+++ trunk/Source/WebCore/page/Performance.h 2015-11-18 19:07:54 UTC (rev 192582)
@@ -54,7 +54,7 @@
class Performance final : public ScriptWrappable, public RefCounted<Performance>, public DOMWindowProperty, public EventTargetWithInlineData {
public:
- static Ref<Performance> create(Frame* frame) { return adoptRef(*new Performance(frame)); }
+ static Ref<Performance> create(Frame& frame) { return adoptRef(*new Performance(frame)); }
~Performance();
virtual EventTargetInterface eventTargetInterface() const override { return PerformanceEventTargetInterfaceType; }
@@ -89,7 +89,7 @@
#endif // ENABLE(USER_TIMING)
private:
- explicit Performance(Frame*);
+ explicit Performance(Frame&);
virtual void refEventTarget() override { ref(); }
virtual void derefEventTarget() override { deref(); }
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
