Bug 167030

Summary:

Avoid nullptr frame dereference when scrollTo is called on a disconnected DOMWindow

Product:

WebKit

Reporter:

Brent Fulgham <bfulgham>

Component:

Layout and Rendering

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, commit-queue, dbates, simon.fraser, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	dino: review+, bfulgham: commit-queue+

Brent Fulgham

Reported 2017-01-13 16:04:15 PST

All of the functions in DOMWindow properly check that the frame is non-nullptr before using it. All, except for DOMWindow::scrollTo. This patch corrects this oversight and avoids a potential crash.

Attachments
Patch (1.35 KB, patch) 2017-01-13 16:09 PST, Brent Fulgham	dino: review+ bfulgham: commit-queue+	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Brent Fulgham

Comment 1 2017-01-13 16:04:28 PST

<rdar://problem/29995070>

Brent Fulgham

Comment 2 2017-01-13 16:09:17 PST

Created attachment 298805 [details] Patch

Brent Fulgham

Comment 3 2017-01-13 16:37:58 PST

Committed r210750: <http://trac.webkit.org/changeset/210750>

Simon Fraser (smfr)

Comment 4 2017-01-13 20:03:17 PST

Why is there no test?

Note You need to log in before you can comment on or make changes to this bug.