Changeset 111770 in webkit

Timestamp:

Mar 22, 2012 3:03:20 PM (12 years ago)

Author:

kubo@profusion.mobi

Message:

Crash in fast/dom/navigator-detached-nocrash.html
​https://bugs.webkit.org/show_bug.cgi?id=81773

Reviewed by Adam Barth.

BatteryManager::create() blindly assumes the Navigator* it
receives has a valid Frame, which is not always the case, as made
evident by the crashing test.

Follow abarth's suggestion and just stop
NavigatorBattery::webkitBattery() before it reaches the call to
BatteryManager::create() if that's the case.

No new tests, covered by fast/dom/navigator-detached-nocrash.html.

• Modules/battery/NavigatorBattery.cpp:

(WebCore::NavigatorBattery::webkitBattery):

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• Modules/battery/NavigatorBattery.cpp (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2012-03-22  Raphael Kubo da Costa  <rakuco@FreeBSD.org>
+
+        Crash in fast/dom/navigator-detached-nocrash.html
+        https://bugs.webkit.org/show_bug.cgi?id=81773
+
+        Reviewed by Adam Barth.
+
+        BatteryManager::create() blindly assumes the Navigator* it
+        receives has a valid Frame, which is not always the case, as made
+        evident by the crashing test.
+
+        Follow abarth's suggestion and just stop
+        NavigatorBattery::webkitBattery() before it reaches the call to
+        BatteryManager::create() if that's the case.
+
+        No new tests, covered by fast/dom/navigator-detached-nocrash.html.
+
+        * Modules/battery/NavigatorBattery.cpp:
+        (WebCore::NavigatorBattery::webkitBattery):
+
 2012-03-22  Emil A Eklund  <eae@chromium.org>
 

trunk/Source/WebCore/Modules/battery/NavigatorBattery.cpp

@@ -40 +40 @@
 BatteryManager* NavigatorBattery::webkitBattery(ScriptExecutionContext* context, Navigator* navigator)
 {
+    if (!navigator->frame())
+        return 0;
+
     NavigatorBattery* navigatorBattery = NavigatorBattery::from(navigator);
     if (!navigatorBattery->m_batteryManager)