WebKit Bugzilla
Attachment 372661 Details for
Bug 199123
: Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-199123-20190621165338.patch (text/plain), 4.32 KB, created by
Brady Eidson
on 2019-06-21 16:53:39 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Brady Eidson
Created:
2019-06-21 16:53:39 PDT
Size:
4.32 KB
patch
obsolete
>Subversion Revision: 246650 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index ec3afe4ed3654e4ccb80ed6c371206203eb07463..52ce681f092da1625ee3ad234e4a3f21f72f3836 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,13 @@ >+2019-06-21 Brady Eidson <beidson@apple.com> >+ >+ Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad. >+ <rdar://problem/51535942> and https://bugs.webkit.org/show_bug.cgi?id=199123 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * loader/FrameLoaderStateMachine.h: >+ (WebCore::FrameLoaderStateMachine::stateForDebugging const): >+ > 2019-06-20 Saam Barati <sbarati@apple.com> > > [WHLSL] Property resolver needs to recurse on newValueExpression for RMW operations >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 4d853a146b7da1afffe23c4f49fd8235215af7b1..cbf1f13f50da01fadfa5f039b5f599626f5038df 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,14 @@ >+2019-06-21 Brady Eidson <beidson@apple.com> >+ >+ Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad. >+ <rdar://problem/51535942> and https://bugs.webkit.org/show_bug.cgi?id=199123 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: >+ (WebKit::WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad): Properly detect this null DocumentLoader >+ and try to learn more about the state of things. >+ > 2019-06-20 Alexander Mikhaylenko <exalm7659@gmail.com> > > [GTK] Enable navigation swipe layout tests >diff --git a/Source/WebCore/loader/FrameLoaderStateMachine.h b/Source/WebCore/loader/FrameLoaderStateMachine.h >index 6fb8c71bc84e9945f2607d2d5f0de5b909bbf643..25d8631177b66a90443ec075c797c22fb2b6098a 100644 >--- a/Source/WebCore/loader/FrameLoaderStateMachine.h >+++ b/Source/WebCore/loader/FrameLoaderStateMachine.h >@@ -57,6 +57,8 @@ public: > WEBCORE_EXPORT bool firstLayoutDone() const; > void advanceTo(State); > >+ State stateForDebugging() const { return m_state; } >+ > private: > State m_state; > }; >diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >index c74c82f623c8fedaea9d2c67e6fd9392a5eed93b..eb7b9c1c45ac8dbe256c85396142dc22910449ae 100644 >--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >@@ -311,7 +311,12 @@ void WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad() > if (!webPage) > return; > >- WebDocumentLoader& documentLoader = static_cast<WebDocumentLoader&>(*m_frame->coreFrame()->loader().provisionalDocumentLoader()); >+ WebDocumentLoader* documentLoader = static_cast<WebDocumentLoader*>(m_frame->coreFrame()->loader().provisionalDocumentLoader()); >+ if (!documentLoader) { >+ RELEASE_LOG_FAULT(Loading, "WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad called with no provisional DocumentLoader. FrameState is %i. FrameLoaderStateMachine stateForDebugging - %i", m_frame->coreFrame()->loader().state(), m_frame->coreFrame()->loader().stateMachine().stateForDebugging()); >+ return; >+ } >+ > RefPtr<API::Object> userData; > > LOG(Loading, "WebProcess %i - dispatchDidReceiveServerRedirectForProvisionalLoad to request url %s", getCurrentProcessID(), documentLoader.request().url().string().utf8().data()); >@@ -320,7 +325,7 @@ void WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad() > webPage->injectedBundleLoaderClient().didReceiveServerRedirectForProvisionalLoadForFrame(*webPage, *m_frame, userData); > > // Notify the UIProcess. >- webPage->send(Messages::WebPageProxy::DidReceiveServerRedirectForProvisionalLoadForFrame(m_frame->frameID(), documentLoader.navigationID(), documentLoader.request(), UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()))); >+ webPage->send(Messages::WebPageProxy::DidReceiveServerRedirectForProvisionalLoadForFrame(m_frame->frameID(), documentLoader->navigationID(), documentLoader->request(), UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()))); > } > > void WebFrameLoaderClient::dispatchDidChangeProvisionalURL()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=372661">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 199123
:
372661
|
372806