diff options
| author | Cary Clark <cary@android.com> | 2009-06-15 14:02:40 -0400 |
|---|---|---|
| committer | Cary Clark <cary@android.com> | 2009-06-15 14:02:40 -0400 |
| commit | b4cbd6b88943a0e01d235c581bcf62f9e5acf4a3 (patch) | |
| tree | 6c14f85a1f1039ce4a87c973ae4058246f51e5c1 /WebCore | |
| parent | 40e08ce5f3984e7f4c70ea623114b1aca1cc9c42 (diff) | |
| download | external_webkit-b4cbd6b88943a0e01d235c581bcf62f9e5acf4a3.zip external_webkit-b4cbd6b88943a0e01d235c581bcf62f9e5acf4a3.tar.gz external_webkit-b4cbd6b88943a0e01d235c581bcf62f9e5acf4a3.tar.bz2 | |
detect null pointer in webkit script exception
This security fix
https://android-git.corp.google.com/w/?p=platform/external/webkit.git;a=commit;h=df1815070cfd8d2ed6f7101d1b8d60d037c839e6
introduced a regression in the layout test javascript-url-crash-function.html
It's enough to check for a null scriptExecutionContext in
reportException()
Diffstat (limited to 'WebCore')
| -rw-r--r-- | WebCore/bindings/js/JSDOMBinding.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/WebCore/bindings/js/JSDOMBinding.cpp b/WebCore/bindings/js/JSDOMBinding.cpp index 5db8791..bb3e1b5 100644 --- a/WebCore/bindings/js/JSDOMBinding.cpp +++ b/WebCore/bindings/js/JSDOMBinding.cpp @@ -412,6 +412,8 @@ void reportException(JSC::ExecState* exec, JSValuePtr exception) exec->clearException(); ScriptExecutionContext* scriptExecutionContext = static_cast<JSDOMGlobalObject*>(exec->lexicalGlobalObject())->scriptExecutionContext(); + if (!scriptExecutionContext) + return; scriptExecutionContext->reportException(errorMessage, lineNumber, exceptionSourceURL); } |