diff options
author | Viktor Engelmann <viktor.engelmann@qt.io> | 2016-08-16 13:50:43 +0200 |
---|---|---|
committer | Kai Koehne <kai.koehne@qt.io> | 2016-09-12 11:38:25 +0000 |
commit | 527af790d460f0ec486fdbb667a36164a829761e (patch) | |
tree | 65ae46210f4f65f9f6d6f5beda0dff881c870cd4 /src/core/user_script_controller_host.cpp | |
parent | 2209add7a5b019afef7830d8bbf416fbb2a2ecf5 (diff) |
Resolved nullptr dereference bug
In line 282f of
chromium/content/browser/frame_host/render_frame_host_manager.cc,
RenderFrameHostManager::Navigate passes nullptr to
WebContentsImpl::NotifyViewSwapped.
In line 3833f of
chromium/content/browser/web_contents/web_contents_impl.cc,
this is passed on to the observers, including
UserResourceControllerHost::WebContentsObserverHelper::RenderViewHostChanged
which dereferenced it unchecked, causing a crash.
Task-number: QTBUG-55254
Change-Id: Ibdb6645f63957d28a89c50b51faeb3aea086a8b3
Reviewed-by: Kai Koehne <kai.koehne@qt.io>
Diffstat (limited to 'src/core/user_script_controller_host.cpp')
-rw-r--r-- | src/core/user_script_controller_host.cpp | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/src/core/user_script_controller_host.cpp b/src/core/user_script_controller_host.cpp index a0d3f6fed..4dcd1a071 100644 --- a/src/core/user_script_controller_host.cpp +++ b/src/core/user_script_controller_host.cpp @@ -78,7 +78,8 @@ void UserScriptControllerHost::WebContentsObserverHelper::RenderViewCreated(cont void UserScriptControllerHost::WebContentsObserverHelper::RenderViewHostChanged(content::RenderViewHost *oldHost, content::RenderViewHost *newHost) { - oldHost->Send(new RenderViewObserverHelper_ClearScripts(oldHost->GetRoutingID())); + if (oldHost) + oldHost->Send(new RenderViewObserverHelper_ClearScripts(oldHost->GetRoutingID())); content::WebContents *contents = web_contents(); Q_FOREACH (const UserScript &script, m_controllerHost->m_perContentsScripts.value(contents)) |