Changeset 239305 in webkit

Timestamp:

Dec 17, 2018 5:32:34 PM (5 years ago)

Author:

commit-queue@webkit.org

Message:

Fix occasional null-dereference crash in WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame
​https://bugs.webkit.org/show_bug.cgi?id=192744
<rdar://problem/45842668>

Patch by Alex Christensen <​achristensen@webkit.org> on 2018-12-17
Reviewed by Chris Dumez.

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame):
Things happen. Navigations can be null. If they are, we shouldn't dereference pointers to them.

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• UIProcess/WebPageProxy.cpp (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-12-17  Alex Christensen  <achristensen@webkit.org>
+
+        Fix occasional null-dereference crash in WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame
+        https://bugs.webkit.org/show_bug.cgi?id=192744
+        <rdar://problem/45842668>
+
+        Reviewed by Chris Dumez.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame):
+        Things happen.  Navigations can be null.  If they are, we shouldn't dereference pointers to them.
+
 2018-12-17  Chris Dumez  <cdumez@apple.com>
 

trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

@@ -3774 +3774 @@
 
     // FIXME: We should message check that navigationID is not zero here, but it's currently zero for some navigations through the page cache.
-    RefPtr<API::Navigation> navigation;
-    if (navigationID) {
-        navigation = navigationState().navigation(navigationID);
+    RefPtr<API::Navigation> navigation = navigationID ? navigationState().navigation(navigationID) : nullptr;
+    if (navigation)
         navigation->appendRedirectionURL(request.url());
-    }
 
     auto transaction = m_pageLoadState.transaction();