[wpt-sync] Sync PR 26921 - Fix nullptr dereference accessing PolicyContainer in Blink
Categories
(Core :: DOM: Security, task, P4)
Tracking
()
Tracking | Status | |
---|---|---|
firefox86 | --- | fixed |
People
(Reporter: mozilla.org, Unassigned)
References
()
Details
(Whiteboard: [wptsync downstream][domsecurity-backlog])
Sync web-platform-tests PR 26921 into mozilla-central (this bug is closed when the sync is complete).
PR: https://github.com/web-platform-tests/wpt/pull/26921
Details from upstream follow.
b'Antonio Sartori <antoniosartori@chromium.org>' wrote:
Fix nullptr dereference accessing PolicyContainer in Blink
When parsing a referrer policy from a meta tag, we were trying to
update the PolicyContainer (and with it, the PolicyContainerHost in
the Browser process) without checking for it not to be
nullptr. However, the PolicyContainer is nullptr for LocalFrames which
have no RenderFrameHost counterpart in the browser, which are used for
rendering SVG images. As a consequence, there are cases in which a
meta tag in an SVG image made the renderer crash.This change adds a nullptr check to fix this.
Bug: 1158034, 1130587
Change-Id: Ia0b5c51b4d1d68cfd7329da8c5e153bdef7deb3c
Reviewed-on: https://chromium-review.googlesource.com/2593000
WPT-Export-Revision: ce48087277d65732896b761f2e248393fb9cc3a2
Assignee | ||
Updated•3 years ago
|
Assignee | ||
Comment 1•3 years ago
|
||
Pushed to try (stability) https://treeherder.mozilla.org/#/jobs?repo=try&revision=010c8a2717af719b6ae1cd937622c00f6fe994bc
Assignee | ||
Comment 2•3 years ago
|
||
CI Results
Ran 0 Firefox configurations based on mozilla-central, and Firefox, Chrome, and Safari on GitHub CI
Total 1 tests and 1 subtests
Status Summary
Firefox
OK : 1
PASS: 1
Chrome
OK : 1
PASS: 1
Safari
OK : 1
PASS: 1
Links
Updated•3 years ago
|
Pushed by wptsync@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/f9435c50f12d [wpt PR 26921] - Fix nullptr dereference accessing PolicyContainer in Blink, a=testonly
Comment 4•3 years ago
|
||
bugherder |
Description
•