Bug 28149

Summary: Ensure embedders can't crash WebKit by updating visited links before Page creation
Product: WebKit Reporter: Dimitri Glazkov (Google) <dglazkov>
Component: WebCore Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: darin
Priority: P2    
Version: 528+ (Nightly build)   
Hardware: All   
OS: All   
Attachments:
Description Flags
Provide graceful handling for premature visited state change updates, v1. darin: review+

Dimitri Glazkov (Google)
Reported 2009-08-10 09:25:27 PDT
I discovered this while troubleshooting a crash on Chromium, but it seems like it may be applicable to other ports. Depending on how visited link state is managed, the embedder may not be aware that a Page constructor has never been called and invoke visited state change methods prematurely. The logical way to handle this is to exit early (since there's no pages, there's nothing to update).
Attachments
Provide graceful handling for premature visited state change updates, v1. (1.61 KB, patch)
2009-08-10 09:30 PDT, Dimitri Glazkov (Google) 		darin: review+
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Dimitri Glazkov (Google)
Comment 1 2009-08-10 09:30:59 PDT
Created attachment 34479 [details] Provide graceful handling for premature visited state change updates, v1. WebCore/ChangeLog | 12 ++++++++++++ WebCore/page/Page.cpp | 8 ++++++-- 2 files changed, 18 insertions(+), 2 deletions(-)
Dimitri Glazkov (Google)
Comment 2 2009-08-10 11:10:57 PDT
Landed as http://trac.webkit.org/changeset/46987.
Note You need to log in before you can comment on or make changes to this bug.