[go: up one dir, main page]
Google Git
Sign in
chromium / chromium / src / bda2173fcbab04a8b5e31bd25b4e223289207a7e^! / .
commitbda2173fcbab04a8b5e31bd25b4e223289207a7e[log] [tgz]
authorAaron Tagliaboschi <aarontag@chromium.org>Mon Jun 17 19:01:04 2019
committerAvi Drissman <avi@chromium.org>Mon Jun 17 19:01:04 2019
tree554140715fecc3638e8daec08eadcba1bbfb7527
parent1a20732d21b70efea8af306a6aa5a124b952373b [diff]
Add null check to main frame check in samesite deprecation messages

There seems to be a race condition where cookies are called to be
stored or sent on a page that somehow navigates to a interstitial page,
causing WebContents::FromRenderFrameHost to return a null pointer that
is then dereferenced. Because we definitely don't need messages from
interstitial pages (and console messages shouldn't be sent after the
page has navigated away anyways), simply returning early would be
expected behaviour anyways.

(cherry picked from commit 0485879974204691438021c15bf7e7df9ba03edc)

Bug: 973574
Change-Id: I4777e36baf7737bcd4d73d36840fa671e34a2ed5
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1658688
Commit-Queue: Aaron Tagliaboschi <aarontag@chromium.org>
Reviewed-by: John Abd-El-Malek <jam@chromium.org>
Cr-Original-Commit-Position: refs/heads/master@{#669331}
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1662729
Reviewed-by: Avi Drissman <avi@chromium.org>
Cr-Commit-Position: refs/branch-heads/3809@{#364}
Cr-Branched-From: d82dec1a818f378c464ba307ddd9c92133eac355-refs/heads/master@{#665002}

diff --git a/content/browser/frame_host/render_frame_message_filter.cc b/content/browser/frame_host/render_frame_message_filter.cc
index 8702473..a76f403 100644
--- a/content/browser/frame_host/render_frame_message_filter.cc
+++ b/content/browser/frame_host/render_frame_message_filter.cc

@@ -215,6 +215,12 @@
   // Return early if the frame has already been navigated away from.
   content::WebContents* web_contents =
       content::WebContents::FromRenderFrameHost(render_frame_host);
+
+  // |web_contents| will be null on interstitial pages, which means
+  // the frame has been navigated away from and it's safe to return early
+  if (!web_contents)
+    return;
+
   RenderFrameHostImpl* root_frame_host = render_frame_host;
   while (root_frame_host->GetParent() != nullptr)
     root_frame_host = root_frame_host->GetParent();

diff --git a/content/browser/network_service_client.cc b/content/browser/network_service_client.cc
index 489c857..25afd100 100644
--- a/content/browser/network_service_client.cc
+++ b/content/browser/network_service_client.cc

@@ -388,6 +388,11 @@
   // returning early should this be the case.
   WebContents* web_contents = WebContents::FromRenderFrameHost(frame);
 
+  // |web_contents| will be null on interstitial pages, which means the frame
+  // has been navigated away from and the function should return early.
+  if (!web_contents)
+    return;
+
   RenderFrameHostImpl* root_frame_host = frame;
   while (root_frame_host->GetParent() != nullptr)
     root_frame_host = root_frame_host->GetParent();