fix: RenderFrameHost nullptr dereference (#45508)
* fix: add nullptr tests before using render_frame_ Co-authored-by: Charles Kerr <charles@charleskerr.com> * refactor: extract-method HasRenderFrame() Co-authored-by: Charles Kerr <charles@charleskerr.com> --------- Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Charles Kerr <charles@charleskerr.com>
This commit is contained in:
trop[bot]
GitHub
parent
cb7eb6fe3d
commit
984b8f9b1b
2 changed files with 11 additions and 5 deletions
|
|
@ -183,7 +183,7 @@ void WebFrameMain::UpdateRenderFrameHost(content::RenderFrameHost* rfh) {
|
||||||
}
|
}
|
||||||
|
|
||||||
bool WebFrameMain::CheckRenderFrame() const {
|
bool WebFrameMain::CheckRenderFrame() const {
|
||||||
if (render_frame_disposed_) {
|
if (!HasRenderFrame()) {
|
||||||
v8::Isolate* isolate = JavascriptEnvironment::GetIsolate();
|
v8::Isolate* isolate = JavascriptEnvironment::GetIsolate();
|
||||||
v8::HandleScope scope(isolate);
|
v8::HandleScope scope(isolate);
|
||||||
gin_helper::ErrorThrower(isolate).ThrowError(
|
gin_helper::ErrorThrower(isolate).ThrowError(
|
||||||
|
|
@ -435,7 +435,7 @@ v8::Local<v8::Promise> WebFrameMain::CollectDocumentJSCallStack(
|
||||||
gin_helper::Promise<base::Value> promise(args->isolate());
|
gin_helper::Promise<base::Value> promise(args->isolate());
|
||||||
v8::Local<v8::Promise> handle = promise.GetHandle();
|
v8::Local<v8::Promise> handle = promise.GetHandle();
|
||||||
|
|
||||||
if (render_frame_disposed_) {
|
if (!HasRenderFrame()) {
|
||||||
promise.RejectWithErrorMessage(
|
promise.RejectWithErrorMessage(
|
||||||
"Render frame was disposed before WebFrameMain could be accessed");
|
"Render frame was disposed before WebFrameMain could be accessed");
|
||||||
return handle;
|
return handle;
|
||||||
|
|
@ -463,7 +463,7 @@ void WebFrameMain::CollectedJavaScriptCallStack(
|
||||||
gin_helper::Promise<base::Value> promise,
|
gin_helper::Promise<base::Value> promise,
|
||||||
const std::string& untrusted_javascript_call_stack,
|
const std::string& untrusted_javascript_call_stack,
|
||||||
const std::optional<blink::LocalFrameToken>& remote_frame_token) {
|
const std::optional<blink::LocalFrameToken>& remote_frame_token) {
|
||||||
if (render_frame_disposed_) {
|
if (!HasRenderFrame()) {
|
||||||
promise.RejectWithErrorMessage(
|
promise.RejectWithErrorMessage(
|
||||||
"Render frame was disposed before call stack was received");
|
"Render frame was disposed before call stack was received");
|
||||||
return;
|
return;
|
||||||
|
|
|
||||||
|
|
@ -101,8 +101,14 @@ class WebFrameMain final : public gin::Wrappable<WebFrameMain>,
|
||||||
void TeardownMojoConnection();
|
void TeardownMojoConnection();
|
||||||
void OnRendererConnectionError();
|
void OnRendererConnectionError();
|
||||||
|
|
||||||
// WebFrameMain can outlive its RenderFrameHost pointer so we need to check
|
[[nodiscard]] constexpr bool HasRenderFrame() const {
|
||||||
// whether its been disposed of prior to accessing it.
|
return !render_frame_disposed_ && render_frame_ != nullptr;
|
||||||
|
}
|
||||||
|
|
||||||
|
// Throws a JS error if HasRenderFrame() is false.
|
||||||
|
// WebFrameMain can outlive its RenderFrameHost pointer,
|
||||||
|
// so we need to check whether its been disposed of
|
||||||
|
// prior to accessing it.
|
||||||
bool CheckRenderFrame() const;
|
bool CheckRenderFrame() const;
|
||||||
|
|
||||||
v8::Local<v8::Promise> ExecuteJavaScript(gin::Arguments* args,
|
v8::Local<v8::Promise> ExecuteJavaScript(gin::Arguments* args,
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue