RESOLVED FIXED 98624
Null-check for DOMWindow before feeding it to FeatureObserver. 
https://bugs.webkit.org/show_bug.cgi?id=98624
Summary Null-check for DOMWindow before feeding it to FeatureObserver.
Mike West
Reported 2012-10-07 13:02:38 PDT
Null-check for DOMWindow before feeding it to FeatureObserver.
Attachments
Patch (1.73 KB, patch)
2012-10-07 13:04 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Patch (2.46 KB, patch)
2012-10-07 13:12 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Patch (5.63 KB, patch)
2012-10-07 14:24 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Assert. (5.49 KB, patch)
2012-10-07 21:00 PDT, Mike West 		no flags
DetailsFormatted DiffDiff
Show Obsolete (3) View All Add attachment proposed patch, testcase, etc.
Mike West
Comment 1 2012-10-07 13:04:31 PDT
Created attachment 167485 [details] Patch
Geoffrey Garen
Comment 2 2012-10-07 13:10:28 PDT
Comment on attachment 167485 [details] Patch Is it possible to write a regression test for this? How did you discover this issue?
Mike West
Comment 3 2012-10-07 13:12:26 PDT
Created attachment 167486 [details] Patch
Mike West
Comment 4 2012-10-07 13:13:18 PDT
Hey Adam! This patch follows up on http://crbug.com/154484. WDYT?
Mike West
Comment 5 2012-10-07 13:17:26 PDT
(In reply to comment #2) > (From update of attachment 167485 [details]) > Is it possible to write a regression test for this? I'll see what I can do. The bug would only occur when a document without a frame instantiates a Content Security Policy. Adam suggested that this might happen in documents created via XMLHttpRequest, so I'll start there... > How did you discover this issue? Crash report in http://crbug.com/154484
Mike West
Comment 6 2012-10-07 14:24:25 PDT
Created attachment 167489 [details] Patch
Mike West
Comment 7 2012-10-07 14:25:49 PDT
(In reply to comment #2) > (From update of attachment 167485 [details]) > Is it possible to write a regression test for this? The latest patch has a test that crashes reliably without the patch. Thanks for the nudge.
Adam Barth
Comment 8 2012-10-07 14:44:16 PDT
Comment on attachment 167489 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=167489&action=review > Source/WebCore/page/FeatureObserver.cpp:58 > + if (!domWindow) > + return; Presumably we don't need this null check in both places. It's better to have it in ContentSecurityPolicy.cpp since most callers will already know that the DOMWindow is non-0.
Mike West
Comment 9 2012-10-07 19:56:37 PDT
(In reply to comment #8) > (From update of attachment 167489 [details]) > View in context: https://bugs.webkit.org/attachment.cgi?id=167489&action=review > > > Source/WebCore/page/FeatureObserver.cpp:58 > > + if (!domWindow) > > + return; > > Presumably we don't need this null check in both places. It's better to have it in ContentSecurityPolicy.cpp since most callers will already know that the DOMWindow is non-0. I agree that the check is redundant, but wouldn't it be better to have it in FeatureObserver? It wasn't obvious to me that I was creating a crasher at the time I wrote the code; I'd rather gracefully handle such oversight. If you'd prefer that it remain in the caller, how would you feel about an ASSERT in FeatureObserver? If we're going to crash, we might as well mean it. :)
Adam Barth
Comment 10 2012-10-07 20:48:43 PDT
Sure. An assert is fine.
Mike West
Comment 11 2012-10-07 21:00:17 PDT
Created attachment 167499 [details] Assert.
Adam Barth
Comment 12 2012-10-08 11:08:22 PDT
Comment on attachment 167499 [details] Assert. Thanks.
WebKit Review Bot
Comment 13 2012-10-08 11:14:56 PDT
Comment on attachment 167499 [details] Assert. Clearing flags on attachment: 167499 Committed r130657: <http://trac.webkit.org/changeset/130657>
WebKit Review Bot
Comment 14 2012-10-08 11:15:00 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.