From a389915eaf30f76aea1673d5d6dcee463f1d9ce6 Mon Sep 17 00:00:00 2001 From: "kubo@profusion.mobi" Date: Thu, 22 Mar 2012 22:03:20 +0000 Subject: [PATCH] Crash in fast/dom/navigator-detached-nocrash.html https://bugs.webkit.org/show_bug.cgi?id=81773 Reviewed by Adam Barth. BatteryManager::create() blindly assumes the Navigator* it receives has a valid Frame, which is not always the case, as made evident by the crashing test. Follow abarth's suggestion and just stop NavigatorBattery::webkitBattery() before it reaches the call to BatteryManager::create() if that's the case. No new tests, covered by fast/dom/navigator-detached-nocrash.html. * Modules/battery/NavigatorBattery.cpp: (WebCore::NavigatorBattery::webkitBattery): git-svn-id: http://svn.webkit.org/repository/webkit/trunk@111770 268f45cc-cd09-0410-ab3c-d52691b4dbfc --- Source/WebCore/ChangeLog | 20 +++++++++++++++++++ .../Modules/battery/NavigatorBattery.cpp | 3 +++ 2 files changed, 23 insertions(+) diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index 9dd3992c5dc..0a782478d93 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,23 @@ +2012-03-22 Raphael Kubo da Costa + + Crash in fast/dom/navigator-detached-nocrash.html + https://bugs.webkit.org/show_bug.cgi?id=81773 + + Reviewed by Adam Barth. + + BatteryManager::create() blindly assumes the Navigator* it + receives has a valid Frame, which is not always the case, as made + evident by the crashing test. + + Follow abarth's suggestion and just stop + NavigatorBattery::webkitBattery() before it reaches the call to + BatteryManager::create() if that's the case. + + No new tests, covered by fast/dom/navigator-detached-nocrash.html. + + * Modules/battery/NavigatorBattery.cpp: + (WebCore::NavigatorBattery::webkitBattery): + 2012-03-22 Emil A Eklund Unreviewed, add missing include statement for CSSValueList.h. diff --git a/Source/WebCore/Modules/battery/NavigatorBattery.cpp b/Source/WebCore/Modules/battery/NavigatorBattery.cpp index 1b67248b5f8..e0d04dc9d7e 100644 --- a/Source/WebCore/Modules/battery/NavigatorBattery.cpp +++ b/Source/WebCore/Modules/battery/NavigatorBattery.cpp @@ -39,6 +39,9 @@ NavigatorBattery::~NavigatorBattery() BatteryManager* NavigatorBattery::webkitBattery(ScriptExecutionContext* context, Navigator* navigator) { + if (!navigator->frame()) + return 0; + NavigatorBattery* navigatorBattery = NavigatorBattery::from(navigator); if (!navigatorBattery->m_batteryManager) navigatorBattery->m_batteryManager = BatteryManager::create(context, navigator); -- GitLab