Bug 28149

Summary:

Ensure embedders can't crash WebKit by updating visited links before Page creation

Product:

WebKit

Reporter:

Dimitri Glazkov (Google) <dglazkov>

Component:

WebCore Misc.

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

darin

Priority:

Version:

528+ (Nightly build)

Hardware:

All

OS:

All

Attachments:

Description	Flags
Provide graceful handling for premature visited state change updates, v1.	darin: review+

Description Dimitri Glazkov (Google) 2009-08-10 09:25:27 PDT

I discovered this while troubleshooting a crash on Chromium, but it seems like it may be applicable to other ports. Depending on how visited link state is managed, the embedder may not be aware that a Page constructor has never been called and invoke visited state change methods prematurely. The logical way to handle this is to exit early (since there's no pages, there's nothing to update).

Comment 1 Dimitri Glazkov (Google) 2009-08-10 09:30:59 PDT

Created attachment 34479 [details]
Provide graceful handling for premature visited state change updates, v1.

 WebCore/ChangeLog     |   12 ++++++++++++
 WebCore/page/Page.cpp |    8 ++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)

Comment 2 Dimitri Glazkov (Google) 2009-08-10 11:10:57 PDT

Landed as http://trac.webkit.org/changeset/46987.