Fix a potential null deref in XSSAuditorDelegate.

The ASAN bots say this causes a crash; I can't replicate it locally, but I believe that the combination of `document.write` and synchronous `javascript:` URL navigation could cause the auditor to trigger while the document is detaching. This patch adds a small check. BUG=668772 Review-Url: https://codereview.chromium.org/2531253002 Cr-Commit-Position: refs/heads/master@{#434927}

Fix a potential null deref in XSSAuditorDelegate.
The ASAN bots say this causes a crash; I can't replicate it locally, but I believe that the combination of `document.write` and synchronous `javascript:` URL navigation could cause the auditor to trigger while the document is detaching. This patch adds a small check. BUG=668772 Review-Url: https://codereview.chromium.org/2531253002 Cr-Commit-Position: refs/heads/master@{#434927}
1d7a2e8d · mkwst · Commit bot · 59c7989e · 1d7a2e8d
Commit 1d7a2e8d authored Nov 28, 2016 by mkwst Committed by Commit bot Nov 29, 2016
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

third_party/WebKit/Source/core/html/parser/XSSAuditorDelegate.cpp ...rty/WebKit/Source/core/html/parser/XSSAuditorDelegate.cpp +1 -1

No files found.
--- a/third_party/WebKit/Source/core/html/parser/XSSAuditorDelegate.cpp
+++ b/third_party/WebKit/Source/core/html/parser/XSSAuditorDelegate.cpp
@@ -115,7 +115,7 @@ void XSSAuditorDelegate::didBlockScript(const XSSInfo& xssInfo) {
  if (xssInfo.m_didBlockEntirePage)
    frameLoader.stopAllLoaders();
-  if (!m_didSendNotifications) {
+  if (!m_didSendNotifications && frameLoader.client()) {
    m_didSendNotifications = true;
    frameLoader.client()->didDetectXSS(m_document->url(),