Crash when reloading a Chromium "platform" app
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 Aug 2012 20:03:37 +0000 (20:03 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 Aug 2012 20:03:37 +0000 (20:03 +0000)
commit1798a6a20c413fb1aaef520195ccbf340cecfe1b
tree39124020adbd69ea0c64343f6bc5cf48a93ed890
parent0631fc22892d2ee2b709b13b36e95098b210ac5f
Crash when reloading a Chromium "platform" app
https://bugs.webkit.org/show_bug.cgi?id=93497

Reviewed by Eric Seidel.

Source/WebCore:

The framework for Chromium "platform" apps executes a big blob of
script during the didCreateScriptContext callback. This blob of scripts
interacts with a bunch of JavaScript objects and triggers a number of
security checks.

When reloading a frame, the didCreateScriptContext is called during
Frame::setDocument (as a consequence of calling
ScriptController::updateDocument). At that time, the SecurityOrigin
object hasn't yet been copied over to the DOMWindow, and we crash
trying to grab it.

The long-term fix for this bug is to fix
https://bugs.webkit.org/show_bug.cgi?id=75793, at which point there
will no longer be a SecurityOrigin object on DOMWindow. In the
meantime, however, we can fix this crash by null checking the
DOMWindow's SecurityOrigin object.

* bindings/generic/BindingSecurity.cpp:
(WebCore::canAccessDocument):

Source/WebKit/chromium:

Test that we don't crash when executing script during the
didCreateScriptContext callback.

* tests/WebFrameTest.cpp:
* tests/data/hello_world.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@125077 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Source/WebCore/ChangeLog
Source/WebCore/bindings/generic/BindingSecurity.cpp
Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/tests/WebFrameTest.cpp
Source/WebKit/chromium/tests/data/hello_world.html [new file with mode: 0644]