WebKit Bugzilla
Attachment 372806 Details for
Bug 199123
: Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-199123-20190624151209.patch (text/plain), 4.43 KB, created by
Brady Eidson
on 2019-06-24 15:12:09 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Brady Eidson
Created:
2019-06-24 15:12:09 PDT
Size:
4.43 KB
patch
obsolete
>Subversion Revision: 246763 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index 30dd32961a7695dbe07b8cdbc6bd1217557a576c..33b33c642379f08aef044fbcdb1bdf914b235614 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,13 @@ >+2019-06-24 Brady Eidson <beidson@apple.com> >+ >+ Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad. >+ <rdar://problem/51535942> and https://bugs.webkit.org/show_bug.cgi?id=199123 >+ >+ Reviewed by Andy Estes. >+ >+ * loader/FrameLoaderStateMachine.h: >+ (WebCore::FrameLoaderStateMachine::stateForDebugging const): >+ > 2019-06-24 John Wilander <wilander@apple.com> > > Remove IsITPFirstPartyWebsiteDataRemovalEnabled as runtime check >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index fa29a4c4a1461713dcdeb19f705a180d9a5b55e7..597b7e70667f8f3df59841e65ec2416b3ce47ff1 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,14 @@ >+2019-06-24 Brady Eidson <beidson@apple.com> >+ >+ Null deref in WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad. >+ <rdar://problem/51535942> and https://bugs.webkit.org/show_bug.cgi?id=199123 >+ >+ Reviewed by Andy Estes. >+ >+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: >+ (WebKit::WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad): Properly detect this null DocumentLoader >+ and try to learn more about the state of things. >+ > 2019-06-24 John Wilander <wilander@apple.com> > > Remove IsITPFirstPartyWebsiteDataRemovalEnabled as runtime check >diff --git a/Source/WebCore/loader/FrameLoaderStateMachine.h b/Source/WebCore/loader/FrameLoaderStateMachine.h >index 6fb8c71bc84e9945f2607d2d5f0de5b909bbf643..25d8631177b66a90443ec075c797c22fb2b6098a 100644 >--- a/Source/WebCore/loader/FrameLoaderStateMachine.h >+++ b/Source/WebCore/loader/FrameLoaderStateMachine.h >@@ -57,6 +57,8 @@ public: > WEBCORE_EXPORT bool firstLayoutDone() const; > void advanceTo(State); > >+ State stateForDebugging() const { return m_state; } >+ > private: > State m_state; > }; >diff --git a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >index c74c82f623c8fedaea9d2c67e6fd9392a5eed93b..8a4444ef3d5599325c411b96ed7e43ae0ddef475 100644 >--- a/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >+++ b/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp >@@ -311,16 +311,21 @@ void WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad() > if (!webPage) > return; > >- WebDocumentLoader& documentLoader = static_cast<WebDocumentLoader&>(*m_frame->coreFrame()->loader().provisionalDocumentLoader()); >+ WebDocumentLoader* documentLoader = static_cast<WebDocumentLoader*>(m_frame->coreFrame()->loader().provisionalDocumentLoader()); >+ if (!documentLoader) { >+ RELEASE_LOG_FAULT(Loading, "WebFrameLoaderClient::dispatchDidReceiveServerRedirectForProvisionalLoad called with no provisional DocumentLoader. FrameState is %i. FrameLoaderStateMachine stateForDebugging - %i", m_frame->coreFrame()->loader().state(), m_frame->coreFrame()->loader().stateMachine().stateForDebugging()); >+ return; >+ } >+ > RefPtr<API::Object> userData; > >- LOG(Loading, "WebProcess %i - dispatchDidReceiveServerRedirectForProvisionalLoad to request url %s", getCurrentProcessID(), documentLoader.request().url().string().utf8().data()); >+ LOG(Loading, "WebProcess %i - dispatchDidReceiveServerRedirectForProvisionalLoad to request url %s", getCurrentProcessID(), documentLoader->request().url().string().utf8().data()); > > // Notify the bundle client. > webPage->injectedBundleLoaderClient().didReceiveServerRedirectForProvisionalLoadForFrame(*webPage, *m_frame, userData); > > // Notify the UIProcess. >- webPage->send(Messages::WebPageProxy::DidReceiveServerRedirectForProvisionalLoadForFrame(m_frame->frameID(), documentLoader.navigationID(), documentLoader.request(), UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()))); >+ webPage->send(Messages::WebPageProxy::DidReceiveServerRedirectForProvisionalLoadForFrame(m_frame->frameID(), documentLoader->navigationID(), documentLoader->request(), UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get()))); > } > > void WebFrameLoaderClient::dispatchDidChangeProvisionalURL()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=372806">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 199123
:
372661
| 372806