Changeset 87114 in webkit


Ignore:
Timestamp:
May 23, 2011 6:17:11 PM (13 years ago)
Author:
jchaffraix@webkit.org
Message:

2011-05-23 Julien Chaffraix <jchaffraix@codeaurora.org>

Reviewed by Darin Adler.

Test for: Crash from null pointer dereference below WebCore::StorageAreaImpl::setItem()
https://bugs.webkit.org/show_bug.cgi?id=57140
<rdar://problem/9191214>

  • fast/storage/storage-detached-iframe-expected.txt: Added.
  • fast/storage/storage-detached-iframe.html: Added.
  • platform/chromium/test_expectations.txt: Marked the test as CRASH on Chromium - Linux.

2011-05-23 Julien Chaffraix <jchaffraix@codeaurora.org>

Reviewed by Darin Adler.

Crash from null pointer dereference below WebCore::StorageAreaImpl::setItem()
https://bugs.webkit.org/show_bug.cgi?id=57140

Test: fast/storage/storage-detached-iframe.html

Access of localStorage on a detached iframe was causing a crash because a detached
iframe has a null m_page, and WebCore::privateBrowsingEnabled() wasn't testing for such.

  • storage/StorageAreaImpl.cpp: (WebCore::privateBrowsingEnabled): check that child->page() is non-null before accessing it.
Location:
trunk
Files:
3 added
4 edited

Legend:

Unmodified
Added
Removed
  • trunk/LayoutTests/ChangeLog

    r87111 r87114  
     12011-05-23  Julien Chaffraix  <jchaffraix@codeaurora.org>
     2
     3        Reviewed by Darin Adler.
     4
     5        Test for: Crash from null pointer dereference below WebCore::StorageAreaImpl::setItem()
     6        https://bugs.webkit.org/show_bug.cgi?id=57140
     7        <rdar://problem/9191214>
     8
     9        * fast/storage/storage-detached-iframe-expected.txt: Added.
     10        * fast/storage/storage-detached-iframe.html: Added.
     11
     12        * platform/chromium/test_expectations.txt: Marked the test as CRASH
     13        on Chromium - Linux.
     14
    1152011-05-23  Chris Fleizach  <cfleizach@apple.com>
    216
  • trunk/LayoutTests/platform/chromium/test_expectations.txt

    r87067 r87114  
    41684168// New test from WK r87026
    41694169BUGCR83555 WIN LINUX : fast/block/positioning/058.html = IMAGE+TEXT
     4170
     4171BUGWK61326 LINUX : fast/storage/storage-detached-iframe.html = PASS CRASH
  • trunk/Source/WebCore/ChangeLog

    r87111 r87114  
     12011-05-23  Julien Chaffraix  <jchaffraix@codeaurora.org>
     2
     3        Reviewed by Darin Adler.
     4
     5        Crash from null pointer dereference below WebCore::StorageAreaImpl::setItem()
     6        https://bugs.webkit.org/show_bug.cgi?id=57140
     7
     8        Test: fast/storage/storage-detached-iframe.html
     9
     10        Access of localStorage on a detached iframe was causing a crash because a detached
     11        iframe has a null m_page, and WebCore::privateBrowsingEnabled() wasn't testing for such.
     12
     13        * storage/StorageAreaImpl.cpp:
     14        (WebCore::privateBrowsingEnabled): check that child->page() is non-null before
     15        accessing it.
     16
    1172011-05-23  Chris Fleizach  <cfleizach@apple.com>
    218
  • trunk/Source/WebCore/storage/StorageAreaImpl.cpp

    r85395 r87114  
    104104    return false;
    105105#else
    106     return frame->page()->settings()->privateBrowsingEnabled();
     106    return frame->page() && frame->page()->settings()->privateBrowsingEnabled();
    107107#endif
    108108}
Note: See TracChangeset for help on using the changeset viewer.