RESOLVED FIXED 158266
Fix null dereferencing in ResourceTimingInformation::addResourceTiming 
https://bugs.webkit.org/show_bug.cgi?id=158266
Summary Fix null dereferencing in ResourceTimingInformation::addResourceTiming
Alex Christensen
Reported 2016-06-01 11:38:57 PDT
Fix null dereferencing in ResourceTimingInformation::addResourceTiming
Attachments
Patch (2.24 KB, patch)
2016-06-01 11:43 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (2.35 KB, patch)
2016-06-01 11:50 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (4.90 KB, patch)
2016-06-01 12:04 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2016-06-01 11:43:19 PDT
Created attachment 280253 [details] Patch
Brady Eidson
Comment 2 2016-06-01 11:45:58 PDT
Comment on attachment 280253 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=280253&action=review How was this noticed? How does it reproduce? How can we test it? > Source/WebCore/ChangeLog:9 > + Reviewed by NOBODY (OOPS!). > + > + * loader/ResourceTimingInformation.cpp: There's an expected WebCore/ChangeLog line missing here...!
Alex Christensen
Comment 3 2016-06-01 11:50:14 PDT
Created attachment 280255 [details] Patch
Chris Dumez
Comment 4 2016-06-01 11:53:36 PDT
Comment on attachment 280255 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=280255&action=review > Source/WebCore/loader/ResourceTimingInformation.cpp:46 > + auto initiatorIt = m_initiatorMap.find(resource); Considering it does nothing when document is null, shouldn't we update the parameter to be a Document& document and do a null check at the call site if needed?
Alexey Proskuryakov
Comment 5 2016-06-01 11:54:01 PDT
Comment on attachment 280255 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=280255&action=review > Source/WebCore/ChangeLog:9 > + This would crash sometimes in http/tests/security/cross-frame-access-custom.html Given that it's a flaky crash, is it actually correct to fix it with a null check? What will the observable failure be when we bail out early?
Alex Christensen
Comment 6 2016-06-01 12:04:18 PDT
Created attachment 280257 [details] Patch
Alex Christensen
Comment 7 2016-06-01 12:09:03 PDT
(In reply to comment #5) > Comment on attachment 280255 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=280255&action=review > > > Source/WebCore/ChangeLog:9 > > + This would crash sometimes in http/tests/security/cross-frame-access-custom.html > > Given that it's a flaky crash, is it actually correct to fix it with a null > check? What will the observable failure be when we bail out early? If there's no document, then the performance entry simply won't be recorded. I think this is correct. Chris's suggestion makes this patch look and feel much better. We were really assuming CachedResourceLoader::document always returned non-null, which was a bad assumption. There are other similar checks in CachedResourceLoader.cpp.
Chris Dumez
Comment 8 2016-06-01 12:41:30 PDT
Comment on attachment 280257 [details] Patch Seems reasonable.
WebKit Commit Bot
Comment 9 2016-06-01 13:14:04 PDT
Comment on attachment 280257 [details] Patch Clearing flags on attachment: 280257 Committed r201565: <http://trac.webkit.org/changeset/201565>
WebKit Commit Bot
Comment 10 2016-06-01 13:14:09 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.