167030 – Avoid nullptr frame dereference when scrollTo is called on a disconnected DOMWindow

Bug 167030 - Avoid nullptr frame dereference when scrollTo is called on a disconnected DOMWindow

Summary: Avoid nullptr frame dereference when scrollTo is called on a disconnected DOM...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Layout and Rendering (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Brent Fulgham

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2017-01-13 16:04 PST by Brent Fulgham
Modified:	2017-01-15 13:54 PST (History)
CC List:	5 users (show)

See Also:

Attachments
Patch (1.35 KB, patch) 2017-01-13 16:09 PST, Brent Fulgham	dino: review+ bfulgham: commit-queue+	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Brent Fulgham 2017-01-13 16:04:15 PST

All of the functions in DOMWindow properly check that the frame is non-nullptr before using it. All, except for DOMWindow::scrollTo.

This patch corrects this oversight and avoids a potential crash.

Comment 1 Brent Fulgham 2017-01-13 16:04:28 PST

<rdar://problem/29995070>

Comment 2 Brent Fulgham 2017-01-13 16:09:17 PST

Created attachment 298805 [details]
Patch

Comment 3 Brent Fulgham 2017-01-13 16:37:58 PST

Committed r210750: <http://trac.webkit.org/changeset/210750>

Comment 4 Simon Fraser (smfr) 2017-01-13 20:03:17 PST

Why is there no test?