| Index: content/shell/renderer/test_runner/TestRunner.cpp
|
| diff --git a/content/shell/renderer/test_runner/TestRunner.cpp b/content/shell/renderer/test_runner/TestRunner.cpp
|
| index a25a06de90eafbf16b911b3440949a535a374d0a..c8c790512a383f8f41b726b28734c2548a8b072c 100644
|
| --- a/content/shell/renderer/test_runner/TestRunner.cpp
|
| +++ b/content/shell/renderer/test_runner/TestRunner.cpp
|
| @@ -1332,7 +1332,7 @@ void TestRunner::injectStyleSheet(const CppArgumentList& arguments, CppVariant*
|
| void TestRunner::startSpeechInput(const CppArgumentList& arguments, CppVariant* result)
|
| {
|
| result->setNull();
|
| - if (arguments.size() != 1)
|
| + if (arguments.size() != 1 || !arguments[0].isObject())
|
| return;
|
|
|
| WebElement element;
|
| @@ -1387,7 +1387,7 @@ void TestRunner::findString(const CppArgumentList& arguments, CppVariant* result
|
| void TestRunner::setValueForUser(const CppArgumentList& arguments, CppVariant* result)
|
| {
|
| result->setNull();
|
| - if (arguments.size() != 2)
|
| + if (arguments.size() != 2 || !arguments[0].isObject() || !arguments[0].isString())
|
| return;
|
|
|
| WebElement element;
|
|
|
Chromium Code Reviews
Issue 171423004:
Fix uninit read in TestRunner. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src