Title: [229414] trunk/Source/WebKitLegacy/mac
- Revision
- 229414
- Author
- [email protected]
- Date
- 2018-03-08 10:29:00 -0800 (Thu, 08 Mar 2018)
Log Message
Possible null dereference of the page under WebFrameNetworkingContext::storageSession()
https://bugs.webkit.org/show_bug.cgi?id=183455
<rdar://problem/38191749>
Reviewed by Youenn Fablet.
Add a null check for the page as we have evidence from crashes that it can be null.
Other functions in WebFrameNetworkingContext already null check the page as well,
not just the frame so this is consistent.
* WebCoreSupport/WebFrameNetworkingContext.mm:
(WebFrameNetworkingContext::storageSession const):
Modified Paths
Diff
Modified: trunk/Source/WebKitLegacy/mac/ChangeLog (229413 => 229414)
--- trunk/Source/WebKitLegacy/mac/ChangeLog 2018-03-08 18:24:07 UTC (rev 229413)
+++ trunk/Source/WebKitLegacy/mac/ChangeLog 2018-03-08 18:29:00 UTC (rev 229414)
@@ -1,3 +1,18 @@
+2018-03-08 Chris Dumez <[email protected]>
+
+ Possible null dereference of the page under WebFrameNetworkingContext::storageSession()
+ https://bugs.webkit.org/show_bug.cgi?id=183455
+ <rdar://problem/38191749>
+
+ Reviewed by Youenn Fablet.
+
+ Add a null check for the page as we have evidence from crashes that it can be null.
+ Other functions in WebFrameNetworkingContext already null check the page as well,
+ not just the frame so this is consistent.
+
+ * WebCoreSupport/WebFrameNetworkingContext.mm:
+ (WebFrameNetworkingContext::storageSession const):
+
2018-03-08 Yusuke Suzuki <[email protected]>
[JSC] Add inherits<T>(VM&) leveraging JSCast fast path
Modified: trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebFrameNetworkingContext.mm (229413 => 229414)
--- trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebFrameNetworkingContext.mm 2018-03-08 18:24:07 UTC (rev 229413)
+++ trunk/Source/WebKitLegacy/mac/WebCoreSupport/WebFrameNetworkingContext.mm 2018-03-08 18:29:00 UTC (rev 229414)
@@ -93,7 +93,7 @@
NetworkStorageSession& WebFrameNetworkingContext::storageSession() const
{
ASSERT(isMainThread());
- if (frame() && frame()->page()->sessionID().isEphemeral()) {
+ if (frame() && frame()->page() && frame()->page()->sessionID().isEphemeral()) {
if (auto* session = NetworkStorageSession::storageSession(PAL::SessionID::legacyPrivateSessionID()))
return *session;
// Some requests may still be coming shortly before WebCore updates the session ID and after WebKit destroys the private browsing session.
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
