28149 2009-08-10 09:25:27 -0700 Ensure embedders can't crash WebKit by updating visited links before Page creation 2009-08-10 11:10:57 -0700 1 1 1 Unclassified WebKit WebCore Misc. 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 dglazkov webkit-unassigned darin oldest_to_newest 138688 0 dglazkov 2009-08-10 09:25:27 -0700 I discovered this while troubleshooting a crash on Chromium, but it seems like it may be applicable to other ports. Depending on how visited link state is managed, the embedder may not be aware that a Page constructor has never been called and invoke visited state change methods prematurely. The logical way to handle this is to exit early (since there's no pages, there's nothing to update). 138691 1 34479 dglazkov 2009-08-10 09:30:59 -0700 Created attachment 34479 Provide graceful handling for premature visited state change updates, v1. WebCore/ChangeLog | 12 ++++++++++++ WebCore/page/Page.cpp | 8 ++++++-- 2 files changed, 18 insertions(+), 2 deletions(-) 138733 2 dglazkov 2009-08-10 11:10:57 -0700 Landed as http://trac.webkit.org/changeset/46987. 34479 2009-08-10 09:30:59 -0700 2009-08-10 10:22:31 -0700 Provide graceful handling for premature visited state change updates, v1. Provide-graceful-handling-for-premature-visited-state-change-updates-v1..patch text/plain 1652 dglazkov YmEyYWE0MTcxZjJmYmJhZmViNjFkMDZjMjMyMGY4NmJiM2Y3ODMzYgpkaWZmIC0tZ2l0IGEvV2Vi Q29yZS9DaGFuZ2VMb2cgYi9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCA3OWI2YjVjLi5hZDdmNzdl IDEwMDY0NAotLS0gYS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9XZWJDb3JlL0NoYW5nZUxvZwpA QCAtMSwzICsxLDE1IEBACisyMDA5LTA4LTEwICBEaW1pdHJpIEdsYXprb3YgIDxkZ2xhemtvdkBj aHJvbWl1bS5vcmc+CisKKyAgICAgICAgUmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAg ICAgICAgUHJvdmlkZSBncmFjZWZ1bCBoYW5kbGluZyBvZiB0aGUgc2l0dWF0aW9uIHdoZW4gYW4g ZW1iZWRkZXIgaW52b2tlcworICAgICAgICB2aXNpdGVkIGxpbmsgdXBkYXRlIG1ldGhvZHMgYmVm b3JlIGEgUGFnZSBjb25zdHJ1Y3RvciBoYXMgYmVlbiBjYWxsZWQuCisgICAgICAgIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD0yODE0OQorCisgICAgICAgICogcGFnZS9Q YWdlLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlBhZ2U6OmFsbFZpc2l0ZWRTdGF0ZUNoYW5nZWQp OiBBZGRlZCBhIG51bGwtY2hlY2sgZm9yIGFsbFBhZ2VzLgorICAgICAgICAoV2ViQ29yZTo6UGFn ZTo6dmlzaXRlZFN0YXRlQ2hhbmdlZCk6IERpdHRvLgorCiAyMDA5LTA4LTEwICBBbmR5IFNoYXcg PGFuZHkuc2hhd0Bub2tpYS5jb20+CiAKICAgICAgICAgUmV2aWV3ZWQgYnkgU2ltb24gSGF1c21h bm4uCmRpZmYgLS1naXQgYS9XZWJDb3JlL3BhZ2UvUGFnZS5jcHAgYi9XZWJDb3JlL3BhZ2UvUGFn ZS5jcHAKaW5kZXggMWJkZWE0Mi4uYjU1ODhhMiAxMDA2NDQKLS0tIGEvV2ViQ29yZS9wYWdlL1Bh Z2UuY3BwCisrKyBiL1dlYkNvcmUvcGFnZS9QYWdlLmNwcApAQCAtNTE0LDcgKzUxNCw5IEBAIHZv aWQgUGFnZTo6cmVtb3ZlQWxsVmlzaXRlZExpbmtzKCkKIHZvaWQgUGFnZTo6YWxsVmlzaXRlZFN0 YXRlQ2hhbmdlZChQYWdlR3JvdXAqIGdyb3VwKQogewogICAgIEFTU0VSVChncm91cCk7Ci0gICAg QVNTRVJUKGFsbFBhZ2VzKTsKKyAgICBpZiAoIWFsbFBhZ2VzKQorICAgICAgICByZXR1cm47CisK ICAgICBIYXNoU2V0PFBhZ2UqPjo6aXRlcmF0b3IgcGFnZXNFbmQgPSBhbGxQYWdlcy0+ZW5kKCk7 CiAgICAgZm9yIChIYXNoU2V0PFBhZ2UqPjo6aXRlcmF0b3IgaXQgPSBhbGxQYWdlcy0+YmVnaW4o KTsgaXQgIT0gcGFnZXNFbmQ7ICsraXQpIHsKICAgICAgICAgUGFnZSogcGFnZSA9ICppdDsKQEAg LTUzMCw3ICs1MzIsOSBAQCB2b2lkIFBhZ2U6OmFsbFZpc2l0ZWRTdGF0ZUNoYW5nZWQoUGFnZUdy b3VwKiBncm91cCkKIHZvaWQgUGFnZTo6dmlzaXRlZFN0YXRlQ2hhbmdlZChQYWdlR3JvdXAqIGdy b3VwLCBMaW5rSGFzaCB2aXNpdGVkTGlua0hhc2gpCiB7CiAgICAgQVNTRVJUKGdyb3VwKTsKLSAg ICBBU1NFUlQoYWxsUGFnZXMpOworICAgIGlmICghYWxsUGFnZXMpCisgICAgICAgIHJldHVybjsK KwogICAgIEhhc2hTZXQ8UGFnZSo+OjppdGVyYXRvciBwYWdlc0VuZCA9IGFsbFBhZ2VzLT5lbmQo KTsKICAgICBmb3IgKEhhc2hTZXQ8UGFnZSo+OjppdGVyYXRvciBpdCA9IGFsbFBhZ2VzLT5iZWdp bigpOyBpdCAhPSBwYWdlc0VuZDsgKytpdCkgewogICAgICAgICBQYWdlKiBwYWdlID0gKml0Owo=