Fix possible null dereference in WebBackForwardList::restoreFromState
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 Aug 2018 22:58:21 +0000 (22:58 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 8 Aug 2018 22:58:21 +0000 (22:58 +0000)
https://bugs.webkit.org/show_bug.cgi?id=188418
<rdar://problem/42531726>

Patch by Alex Christensen <achristensen@webkit.org> on 2018-08-08
Reviewed by Chris Dumez.

Source/WebKit:

* UIProcess/WebBackForwardList.cpp:
(WebKit::WebBackForwardList::restoreFromState):
Null-check m_page like we do everywhere else in this file because it can be set to null when closing the page.

Tools:

* TestWebKitAPI/Tests/WebKit/RestoreSessionState.cpp:
(TestWebKitAPI::TEST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@234714 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/WebBackForwardList.cpp
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKit/RestoreSessionState.cpp

index b854c60..c463d1c 100644 (file)
@@ -1,3 +1,15 @@
+2018-08-08  Alex Christensen  <achristensen@webkit.org>
+
+        Fix possible null dereference in WebBackForwardList::restoreFromState
+        https://bugs.webkit.org/show_bug.cgi?id=188418
+        <rdar://problem/42531726>
+
+        Reviewed by Chris Dumez.
+
+        * UIProcess/WebBackForwardList.cpp:
+        (WebKit::WebBackForwardList::restoreFromState):
+        Null-check m_page like we do everywhere else in this file because it can be set to null when closing the page.
+
 2018-08-08  Commit Queue  <commit-queue@webkit.org>
 
         Unreviewed, rolling out r234314, r234320, and r234321.
index 0808a1a..b714783 100644 (file)
@@ -433,6 +433,9 @@ BackForwardListState WebBackForwardList::backForwardListState(WTF::Function<bool
 
 void WebBackForwardList::restoreFromState(BackForwardListState backForwardListState)
 {
+    if (!m_page)
+        return;
+
     Vector<Ref<WebBackForwardListItem>> items;
     items.reserveInitialCapacity(backForwardListState.items.size());
 
index f6e9792..22c3cc5 100644 (file)
@@ -1,3 +1,14 @@
+2018-08-08  Alex Christensen  <achristensen@webkit.org>
+
+        Fix possible null dereference in WebBackForwardList::restoreFromState
+        https://bugs.webkit.org/show_bug.cgi?id=188418
+        <rdar://problem/42531726>
+
+        Reviewed by Chris Dumez.
+
+        * TestWebKitAPI/Tests/WebKit/RestoreSessionState.cpp:
+        (TestWebKitAPI::TEST):
+
 2018-08-08  Ross Kirsling  <ross.kirsling@sony.com>
 
         run-builtins-generator-tests does not correctly handle CRLFs from stderr
index fc7942a..51dad25 100644 (file)
@@ -126,6 +126,18 @@ TEST(WebKit, RestoreSessionStateContainingScrollRestorationDefaultWithAsyncPolic
     EXPECT_JS_EQ(webView.page(), "history.scrollRestoration", "auto");
 }
 
+TEST(WebKit, RestoreSessionStateAfterClose)
+{
+    auto context = adoptWK(WKContextCreate());
+    PlatformWebView webView(context.get());
+    setPageLoaderClient(webView.page());
+    auto data = createSessionStateData(context.get());
+    EXPECT_NOT_NULL(data);
+    WKPageClose(webView.page());
+    auto sessionState = adoptWK(WKSessionStateCreateFromData(data.get()));
+    WKPageRestoreFromSessionState(webView.page(), sessionState.get());
+}
+    
 } // namespace TestWebKitAPI
 
 #endif