2008-11-09 Cameron Zwarich <zwarich@apple.com>
authorcwzwarich@webkit.org <cwzwarich@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 10 Nov 2008 01:19:13 +0000 (01:19 +0000)
committercwzwarich@webkit.org <cwzwarich@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 10 Nov 2008 01:19:13 +0000 (01:19 +0000)
        Reviewed by Darin Adler.

        Bug 19541: Null pointer in showModalDialog()
        <https://bugs.webkit.org/show_bug.cgi?id=19541>

        Add null frame->page() checks to JSDOMWindowBase::canShowModalDialog()
        and JSDOMWindowBase::canShowModalDialogNow()C

        WebCore:

        * bindings/js/JSDOMWindowBase.cpp:
        (WebCore::canShowModalDialog):
        (WebCore::canShowModalDialogNow):

        LayoutTests:

        * fast/dom/null-page-show-modal-dialog-crash-expected.txt: Added.
        * fast/dom/null-page-show-modal-dialog-crash.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@38248 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/fast/dom/null-page-show-modal-dialog-crash-expected.txt [new file with mode: 0644]
LayoutTests/fast/dom/null-page-show-modal-dialog-crash.html [new file with mode: 0644]
WebCore/ChangeLog
WebCore/bindings/js/JSDOMWindowBase.cpp

index 0a8aba2..5ceec55 100644 (file)
@@ -1,3 +1,13 @@
+2008-11-09  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Add a test for bug 19541: Null pointer in showModalDialog()
+        <https://bugs.webkit.org/show_bug.cgi?id=19541>
+
+        * fast/dom/null-page-show-modal-dialog-crash-expected.txt: Added.
+        * fast/dom/null-page-show-modal-dialog-crash.html: Added.
+
 2008-11-09  Alexey Proskuryakov  <ap@webkit.org>
 
         Reviewed by Darin Adler.
diff --git a/LayoutTests/fast/dom/null-page-show-modal-dialog-crash-expected.txt b/LayoutTests/fast/dom/null-page-show-modal-dialog-crash-expected.txt
new file mode 100644 (file)
index 0000000..5056982
--- /dev/null
@@ -0,0 +1 @@
+This is a test for https://bugs.webkit.org/show_bug.cgi?id=19541 RBug 19541: Null pointer in showModalDialog() This tests calling the showModalDialog() function on a window object from a detached iframe, both calling the saved showModalDialog() function and getting the property again after the iframe has been detached. If there is no crash this test passes.
diff --git a/LayoutTests/fast/dom/null-page-show-modal-dialog-crash.html b/LayoutTests/fast/dom/null-page-show-modal-dialog-crash.html
new file mode 100644 (file)
index 0000000..e86ba9a
--- /dev/null
@@ -0,0 +1,25 @@
+This is a test for <a href="https://bugs.webkit.org/show_bug.cgi?id=19541">https://bugs.webkit.org/show_bug.cgi?id=19541</a> 
+RBug 19541: Null pointer in showModalDialog()
+
+This tests calling the showModalDialog() function on a window object from a detached iframe, both calling the saved showModalDialog() function and getting the property again after the iframe has been detached.
+
+If there is no crash this test passes.
+<script type="text/javascript">
+if (window.layoutTestController)
+    layoutTestController.dumpAsText();
+
+var iframe = document.createElement("iframe");
+
+iframe.onload = function() {
+    var iframeWindow = iframe.contentWindow;
+    var f = iframeWindow.showModalDialog;
+
+    iframe.parentNode.removeChild(iframe);
+    if (iframeWindow.showModalDialog)
+        iframeWindow.showModalDialog();
+    if (f)
+        f.call(iframeWindow);
+};
+
+document.body.appendChild(iframe);
+</script>
index 1f20750..5731d73 100644 (file)
@@ -1,3 +1,17 @@
+2008-11-09  Cameron Zwarich  <zwarich@apple.com>
+
+        Reviewed by Darin Adler.
+
+        Bug 19541: Null pointer in showModalDialog()
+        <https://bugs.webkit.org/show_bug.cgi?id=19541>
+
+        Add null frame->page() checks to JSDOMWindowBase::canShowModalDialog()
+        and JSDOMWindowBase::canShowModalDialogNow()C
+
+        * bindings/js/JSDOMWindowBase.cpp:
+        (WebCore::canShowModalDialog):
+        (WebCore::canShowModalDialogNow):
+
 2008-11-09  Darin Adler  <darin@apple.com>
 
         - try to fix Windows build
index 0c1f90f..2212391 100644 (file)
@@ -297,14 +297,24 @@ static bool canShowModalDialog(const Frame* frame)
 {
     if (!frame)
         return false;
-    return frame->page()->chrome()->canRunModal();
+
+    Page* page = frame->page();
+    if (!page)
+        return false;
+
+    return page->chrome()->canRunModal();
 }
 
 static bool canShowModalDialogNow(const Frame* frame)
 {
     if (!frame)
         return false;
-    return frame->page()->chrome()->canRunModalNow();
+
+    Page* page = frame->page();
+    if (!page)
+        return false;
+
+    return page->chrome()->canRunModalNow();
 }
 
 static JSValue* showModalDialog(ExecState* exec, Frame* frame, const String& url, JSValue* dialogArgs, const String& featureArgs)