[webkit-changes] [199740] trunk/Source/WebKit2

[cdumez]

Title: [199740] trunk/Source/WebKit2

Revision

199740

Author

cdu...@apple.com

Date

2016-04-19 13:20:10 -0700 (Tue, 19 Apr 2016)

Log Message

Crash under WebKit::PluginView::pluginSnapshotTimerFired
https://bugs.webkit.org/show_bug.cgi?id=156754
<rdar://problem/22566764>

Reviewed by Beth Dakin.

Add null check for frame() before trying to access the frame settings,
similarly to what is done earlier in this function. This fixes a top
crasher.

* WebProcess/Plugins/PluginView.cpp:
(WebKit::PluginView::pluginSnapshotTimerFired):

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp

Diff

Modified: trunk/Source/WebKit2/ChangeLog (199739 => 199740)

--- trunk/Source/WebKit2/ChangeLog	2016-04-19 19:57:14 UTC (rev 199739)
+++ trunk/Source/WebKit2/ChangeLog	2016-04-19 20:20:10 UTC (rev 199740)
@@ -1,3 +1,18 @@
+2016-04-19  Chris Dumez  <cdu...@apple.com>
+
+        Crash under WebKit::PluginView::pluginSnapshotTimerFired
+        https://bugs.webkit.org/show_bug.cgi?id=156754
+        <rdar://problem/22566764>
+
+        Reviewed by Beth Dakin.
+
+        Add null check for frame() before trying to access the frame settings,
+        similarly to what is done earlier in this function. This fixes a top
+        crasher.
+
+        * WebProcess/Plugins/PluginView.cpp:
+        (WebKit::PluginView::pluginSnapshotTimerFired):
+
 2016-04-19  Dean Jackson  <d...@apple.com>
 
         New SPI to export a dictionary of runtime features

Modified: trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp (199739 => 199740)

--- trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp	2016-04-19 19:57:14 UTC (rev 199739)
+++ trunk/Source/WebKit2/WebProcess/Plugins/PluginView.cpp	2016-04-19 20:20:10 UTC (rev 199740)
@@ -1818,7 +1818,8 @@
 
 #if ENABLE(PRIMARY_SNAPSHOTTED_PLUGIN_HEURISTIC)
     unsigned candidateArea = 0;
-    bool noSnapshotFoundAfterMaxRetries = m_countSnapshotRetries == frame()->settings().maximumPlugInSnapshotAttempts() && !isPlugInOnScreen && !snapshotFound;
+    unsigned maximumSnapshotRetries = frame() ? frame()->settings().maximumPlugInSnapshotAttempts() : 0;
+    bool noSnapshotFoundAfterMaxRetries = m_countSnapshotRetries == maximumSnapshotRetries && !isPlugInOnScreen && !snapshotFound;
     if (m_webPage->plugInIsPrimarySize(plugInImageElement, candidateArea)
         && (noSnapshotFoundAfterMaxRetries || plugInCameOnScreen))
         m_pluginElement->setDisplayState(HTMLPlugInElement::Playing);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes