WebSearchableFormData crashes when given a detached HTMLFormElement
authorabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 24 Aug 2011 04:32:42 +0000 (04:32 +0000)
committerabarth@webkit.org <abarth@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 24 Aug 2011 04:32:42 +0000 (04:32 +0000)
https://bugs.webkit.org/show_bug.cgi?id=66831

Reviewed by Dimitri Glazkov.

We need to null-check the Frame.

* src/WebSearchableFormData.cpp:
(HTMLNames::GetFormEncoding):
* tests/WebFrameTest.cpp:
(WebKit::TEST_F):
* tests/data/form.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@93692 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/chromium/ChangeLog
Source/WebKit/chromium/src/WebSearchableFormData.cpp
Source/WebKit/chromium/tests/WebFrameTest.cpp
Source/WebKit/chromium/tests/data/form.html [new file with mode: 0644]

index ef39dcc..4f05d37 100644 (file)
@@ -1,3 +1,18 @@
+2011-08-23  Adam Barth  <abarth@webkit.org>
+
+        WebSearchableFormData crashes when given a detached HTMLFormElement
+        https://bugs.webkit.org/show_bug.cgi?id=66831
+
+        Reviewed by Dimitri Glazkov.
+
+        We need to null-check the Frame.
+
+        * src/WebSearchableFormData.cpp:
+        (HTMLNames::GetFormEncoding):
+        * tests/WebFrameTest.cpp:
+        (WebKit::TEST_F):
+        * tests/data/form.html: Added.
+
 2011-08-23  Iain Merrick  <husky@google.com>
 
         [chromium] Make WebGL context current before querying for extensions
index 611ceed..e8ba237 100644 (file)
@@ -64,6 +64,8 @@ void GetFormEncoding(const HTMLFormElement* form, TextEncoding* encoding)
         if (encoding->isValid())
             return;
     }
+    if (!form->document()->frame())
+         return;
     *encoding = TextEncoding(form->document()->loader()->writer()->encoding());
 }
 
index b38d544..9446120 100644 (file)
 
 #include "config.h"
 
-#include <googleurl/src/gurl.h>
-#include <gtest/gtest.h>
-#include <webkit/support/webkit_support.h>
+#include "WebDocument.h"
+#include "WebFormElement.h"
 #include "WebFrame.h"
 #include "WebFrameClient.h"
+#include "WebSearchableFormData.h"
 #include "WebSettings.h"
 #include "WebString.h"
 #include "WebURL.h"
@@ -42,6 +42,9 @@
 #include "WebURLResponse.h"
 #include "WebView.h"
 #include "v8.h"
+#include <googleurl/src/gurl.h>
+#include <gtest/gtest.h>
+#include <webkit/support/webkit_support.h>
 
 using namespace WebKit;
 
@@ -145,4 +148,25 @@ TEST_F(WebFrameTest, FrameForEnteredContext)
     webView->close();
 }
 
+TEST_F(WebFrameTest, FormWithNullFrame)
+{
+    registerMockedURLLoad("form.html");
+
+    TestWebFrameClient webFrameClient;
+    WebView* webView = WebView::create(0);
+    webView->initializeMainFrame(&webFrameClient);
+
+    loadFrame(webView->mainFrame(), "form.html");
+    serveRequests();
+
+    WebVector<WebFormElement> forms;
+    webView->mainFrame()->document().forms(forms);
+    webView->close();
+
+    EXPECT_EQ(forms.size(), 1U);
+
+    // This test passes if this doesn't crash.
+    WebSearchableFormData searchableDataForm(forms[0]);
+}
+
 }
diff --git a/Source/WebKit/chromium/tests/data/form.html b/Source/WebKit/chromium/tests/data/form.html
new file mode 100644 (file)
index 0000000..41a33d6
--- /dev/null
@@ -0,0 +1 @@
+<form action="about:blank" method="POST"></form>