Changeset 254576 in webkit

Timestamp:

Jan 15, 2020 10:40:56 AM (4 years ago)

Author:

achristensen@apple.com

Message:

Null Ptr Deref @ WebCore::DocumentLoader::clearMainResourceLoader
​https://bugs.webkit.org/show_bug.cgi?id=206204

Source/WebCore:

Patch by Pinki Gyanchandani <​pgyanchandani@apple.com> on 2020-01-15
Reviewed by Alex Christensen.

Test: loader/change-src-during-iframe-load-crash.html

• loader/DocumentLoader.cpp:

(WebCore::DocumentLoader::frameLoader const):
(WebCore::DocumentLoader::clearMainResourceLoader):

LayoutTests:

Added a NULL pointer check for FrameLoader. If FramLoader is NULL then return instead of
accessing activeDocumentLoader.

Patch by Pinki Gyanchandani <​pgyanchandani@apple.com> on 2020-01-15
Reviewed by Alex Christensen.

• loader/change-src-during-iframe-load-crash-expected.txt: Added.
• loader/change-src-during-iframe-load-crash.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/security/http-0.9/xhr-blocked-expected.txt (modified) (1 diff)
• LayoutTests/loader/change-src-during-iframe-load-crash-expected.txt (added)
• LayoutTests/loader/change-src-during-iframe-load-crash.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/loader/DocumentLoader.cpp (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2020-01-15  Pinki Gyanchandani  <pgyanchandani@apple.com>
+
+        Null Ptr Deref @ WebCore::DocumentLoader::clearMainResourceLoader
+        https://bugs.webkit.org/show_bug.cgi?id=206204
+
+        Added a NULL pointer check for FrameLoader. If FramLoader is NULL then return instead of
+        accessing activeDocumentLoader.
+
+        Reviewed by Alex Christensen.
+
+        * loader/change-src-during-iframe-load-crash-expected.txt: Added.
+        * loader/change-src-during-iframe-load-crash.html: Added.
+
 2020-01-15  Jer Noble  <jer.noble@apple.com>
 

trunk/LayoutTests/http/tests/security/http-0.9/xhr-blocked-expected.txt

@@ +1 @@
+asdf
 ALERT: PASS
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-01-15  Pinki Gyanchandani  <pgyanchandani@apple.com>
+
+        Null Ptr Deref @ WebCore::DocumentLoader::clearMainResourceLoader
+        https://bugs.webkit.org/show_bug.cgi?id=206204
+
+        Reviewed by Alex Christensen.
+
+        Test: loader/change-src-during-iframe-load-crash.html
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::frameLoader const):
+        (WebCore::DocumentLoader::clearMainResourceLoader):
+
 2020-01-15  Jer Noble  <jer.noble@apple.com>
 

trunk/Source/WebCore/loader/DocumentLoader.cpp

@@ -1273 +1273 @@
     m_loadingMainResource = false;
 
-    if (this == frameLoader()->activeDocumentLoader())
+    auto* frameLoader = this->frameLoader();
+    if (!frameLoader)
+        return;
+
+    if (this == frameLoader->activeDocumentLoader())
         checkLoadComplete();
 }