Bug 28149 - Ensure embedders can't crash WebKit by updating visited links before Page creation
Summary: Ensure embedders can't crash WebKit by updating visited links before Page cre...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebCore Misc. (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2009-08-10 09:25 PDT by Dimitri Glazkov (Google)
Modified: 2009-08-10 11:10 PDT (History)
1 user (show)

See Also:


Attachments
Provide graceful handling for premature visited state change updates, v1. (1.61 KB, patch)
2009-08-10 09:30 PDT, Dimitri Glazkov (Google)
darin: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Dimitri Glazkov (Google) 2009-08-10 09:25:27 PDT
I discovered this while troubleshooting a crash on Chromium, but it seems like it may be applicable to other ports. Depending on how visited link state is managed, the embedder may not be aware that a Page constructor has never been called and invoke visited state change methods prematurely. The logical way to handle this is to exit early (since there's no pages, there's nothing to update).
Comment 1 Dimitri Glazkov (Google) 2009-08-10 09:30:59 PDT
Created attachment 34479 [details]
Provide graceful handling for premature visited state change updates, v1.

 WebCore/ChangeLog     |   12 ++++++++++++
 WebCore/page/Page.cpp |    8 ++++++--
 2 files changed, 18 insertions(+), 2 deletions(-)
Comment 2 Dimitri Glazkov (Google) 2009-08-10 11:10:57 PDT
Landed as http://trac.webkit.org/changeset/46987.