[webkit-changes] [152756] trunk/Source/WebKit2

[commit-queue]

Title: [152756] trunk/Source/WebKit2

Revision

152756

Author

commit-qu...@webkit.org

Date

2013-07-16 23:04:04 -0700 (Tue, 16 Jul 2013)

Log Message

setPluginUnavailabilityReason can destroy renderObject before obscurity check
https://bugs.webkit.org/show_bug.cgi?id=118770
<rdar://problem/14462331>

Patch by Gordon Sheridan <gordon_sheri...@apple.com> on 2013-07-16
Reviewed by Tim Horton.

* WebProcess/WebPage/WebPage.cpp:
(WebKit::WebPage::createPlugin):
Moved obscurity check to before renderObject is potentially destroyed.

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp

Diff

Modified: trunk/Source/WebKit2/ChangeLog (152755 => 152756)

--- trunk/Source/WebKit2/ChangeLog	2013-07-17 05:34:17 UTC (rev 152755)
+++ trunk/Source/WebKit2/ChangeLog	2013-07-17 06:04:04 UTC (rev 152756)
@@ -1,3 +1,15 @@
+2013-07-16  Gordon Sheridan  <gordon_sheri...@apple.com>
+
+        setPluginUnavailabilityReason can destroy renderObject before obscurity check
+        https://bugs.webkit.org/show_bug.cgi?id=118770
+        <rdar://problem/14462331>
+
+        Reviewed by Tim Horton.
+
+        * WebProcess/WebPage/WebPage.cpp:
+        (WebKit::WebPage::createPlugin):
+        Moved obscurity check to before renderObject is potentially destroyed.
+
 2013-07-16  Alexey Proskuryakov  <a...@apple.com>
 
         REGRESSION (r150291): Chinese predictive input pop-up disappears on twitter.com

Modified: trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp (152755 => 152756)

--- trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp	2013-07-17 05:34:17 UTC (rev 152755)
+++ trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp	2013-07-17 06:04:04 UTC (rev 152756)
@@ -556,17 +556,13 @@
         bool replacementObscured = false;
         if (pluginElement->renderer()->isEmbeddedObject()) {
             RenderEmbeddedObject* renderObject = toRenderEmbeddedObject(pluginElement->renderer());
+            replacementObscured = renderObject->isReplacementObscured();
+            
+            // setPluginUnavailabilityReason can cause a reattach, which means that our RenderEmbeddedObject might get destroyed, so it is important to check obscurity first
             renderObject->setPluginUnavailabilityReasonDescription(unavailabilityDescription);
             renderObject->setPluginUnavailabilityReason(RenderEmbeddedObject::InsecurePluginVersion);
         }
 
-        // setPluginUnavailabilityReason can cause a reattach, which means that our RenderEmbeddedObject has been destroyed, so re-acquire it.
-
-        if (pluginElement->renderer() && pluginElement->renderer()->isEmbeddedObject()) {
-            RenderEmbeddedObject* renderObject = toRenderEmbeddedObject(pluginElement->renderer());
-            replacementObscured = renderObject->isReplacementObscured();
-        }
-
         send(Messages::WebPageProxy::DidBlockInsecurePluginVersion(parameters.mimeType, parameters.url.string(), frameURLString, pageURLString, replacementObscured));
         return 0;
     }

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes