WebContent crash under WebCore::CachedResource::load in WebCore::FrameLoader::outgoingReferrer const
https://bugs.webkit.org/show_bug.cgi?id=165852
<rdar://problem/27297153>
Reviewed by Chris Dumez.
There appears to be some path where we get here with a null frame.
No test, don't know how exactly this happens.
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::outgoingReferrer):
Null check the frame.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@209817 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
index eafd97f..3aada28 100644
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2016-12-14 Antti Koivisto <antti@apple.com>
+
+ WebContent crash under WebCore::CachedResource::load in WebCore::FrameLoader::outgoingReferrer const
+ https://bugs.webkit.org/show_bug.cgi?id=165852
+ <rdar://problem/27297153>
+
+ Reviewed by Chris Dumez.
+
+ There appears to be some path where we get here with a null frame.
+ No test, don't know how exactly this happens.
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::outgoingReferrer):
+
+ Null check the frame.
+
2016-12-14 Chris Dumez <cdumez@apple.com>
Unreviewed, rolling out r209766.
diff --git a/Source/WebCore/loader/FrameLoader.cpp b/Source/WebCore/loader/FrameLoader.cpp
index 0826ac5..3824b2c 100644
--- a/Source/WebCore/loader/FrameLoader.cpp
+++ b/Source/WebCore/loader/FrameLoader.cpp
@@ -923,12 +923,14 @@
// See http://www.whatwg.org/specs/web-apps/current-work/#fetching-resources
// for why we walk the parent chain for srcdoc documents.
Frame* frame = &m_frame;
- while (frame->document()->isSrcdocDocument()) {
+ while (frame && frame->document()->isSrcdocDocument()) {
frame = frame->tree().parent();
// Srcdoc documents cannot be top-level documents, by definition,
// because they need to be contained in iframes with the srcdoc.
ASSERT(frame);
}
+ if (!frame)
+ return emptyString();
return frame->loader().m_outgoingReferrer;
}
