[webkit-changes] [WebKit/WebKit] e63fe9: Fix crashes/assertions when calling internals API ...
Frédéric Wang
noreply at github.com
Thu Jan 23 11:59:30 PST 2025
Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: e63fe9d14548d612e19da56efce3dab4f1a59ae2
https://github.com/WebKit/WebKit/commit/e63fe9d14548d612e19da56efce3dab4f1a59ae2
Author: Frédéric Wang <fwang at igalia.com>
Date: 2025-01-23 (Thu, 23 Jan 2025)
Changed paths:
A LayoutTests/fast/harness/internals-object-property-access-on-window-without-frame-crash-expected.txt
A LayoutTests/fast/harness/internals-object-property-access-on-window-without-frame-crash.html
M Source/WebCore/testing/Internals.cpp
M Source/WebCore/testing/Internals.h
Log Message:
-----------
Fix crashes/assertions when calling internals API on a window without frame
https://bugs.webkit.org/show_bug.cgi?id=286252
Reviewed by Anne van Kesteren and Darin Adler.
There are multiple places in Internals.cpp that assumes a document, a
frame, a page or valid parameters ; and would otherwise crash or assert.
In this patch, we add a generic test case exercising Window.internals
properties when the associated frame is null. It calls the getter and
setter for each of these properties, or if the property is a function,
executes it with ten '1' as arguments. This should cover a large amount
of cases detectable by fuzzers. We also modify the code to fix the
issues found with that new test but there are probably more. Some of
these APIs should probably throw in case of failure, but we don't
necessarily modify their signature in this patch.
* LayoutTests/fast/harness/internals-object-property-access-on-window-without-frame-crash-expected.txt: Added.
* LayoutTests/fast/harness/internals-object-property-access-on-window-without-frame-crash.html: Added.
* Source/WebCore/testing/Internals.cpp:
(WebCore::Internals::setStrictRawResourceValidationPolicyDisabled): null-check frame.
(WebCore::Internals::numberOfActiveAnimations const): ditto.
(WebCore::Internals::numberOfAnimationTimelineInvalidations const): ditto.
(WebCore::Internals::insertTextPlaceholder): ditto.
(WebCore::Internals::formControlStateOfPreviousHistoryItem): ditto.
(WebCore::Internals::setFormControlStateOfPreviousHistoryItem): ditto.
(WebCore::Internals::testProcessIncomingSyncMessagesWhenWaitingForSyncReply): null-check document, frame and page and throw.
(WebCore::Internals::isDocumentAlive const): Replace ASSERT with an exception.
(WebCore::Internals::openDummyInspectorFrontend): null-check document, frame and page.
(WebCore::Internals::setInspectorIsUnderTest): ditto.
(WebCore::Internals::setFullscreenAutoHideDuration): ditto and replace ASSERT with an exception.
(WebCore::Internals::getReferencedFilePaths const): null-check frame.
(WebCore::Internals::startTrackingRenderingUpdates): null-check document, frame and page.
(WebCore::Internals::renderingUpdateCount): ditto.
(WebCore::Internals::setCompositingPolicyOverride): ditto.
(WebCore::Internals::compositingPolicyOverride const): ditto.
(WebCore::Internals::evaluateInWorldIgnoringException): null-check document and frame.
(WebCore::Internals::forceAXObjectCacheUpdate const): null-check document and axObjectCache.
(WebCore::Internals::forceReload): null-check frame.
(WebCore::Internals::reloadExpiredOnly): ditto.
(WebCore::Internals::setSelectionFromNone): ditto.
(WebCore::Internals::mockPaymentCoordinator): null-check page and throw.
(WebCore::Internals::systemColorForCSSValue): Replace RELEASE_ASSERT with an exception.
(WebCore::Internals::setTopDocumentURLForQuirks): null-check on frame and page.
* Source/WebCore/testing/Internals.h: Change some functions to return Exceptions.
Canonical link: https://commits.webkit.org/289309@main
To unsubscribe from these emails, change your notification settings at https://github.com/WebKit/WebKit/settings/notifications
More information about the webkit-changes
mailing list