Bug 167030

Summary:

Avoid nullptr frame dereference when scrollTo is called on a disconnected DOMWindow

Product:

WebKit

Reporter:

Brent Fulgham <bfulgham>

Component:

Layout and Rendering

Assignee:

Brent Fulgham <bfulgham>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

bfulgham, commit-queue, dbates, simon.fraser, zalan

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	dino: review+, bfulgham: commit-queue+

Description Brent Fulgham 2017-01-13 16:04:15 PST

All of the functions in DOMWindow properly check that the frame is non-nullptr before using it. All, except for DOMWindow::scrollTo.

This patch corrects this oversight and avoids a potential crash.

Comment 1 Brent Fulgham 2017-01-13 16:04:28 PST

<rdar://problem/29995070>

Comment 2 Brent Fulgham 2017-01-13 16:09:17 PST

Created attachment 298805 [details]
Patch

Comment 3 Brent Fulgham 2017-01-13 16:37:58 PST

Committed r210750: <http://trac.webkit.org/changeset/210750>

Comment 4 Simon Fraser (smfr) 2017-01-13 20:03:17 PST

Why is there no test?