Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(11)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: third_party/WebKit/Source/modules/serviceworkers/NavigatorServiceWorker.cpp

Issue 2358993003: Service worker creation from <link> leads to nullptr dereference (Closed)
Patch Set: Formatting Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html ('k') | third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerLinkResource.cpp » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "modules/serviceworkers/NavigatorServiceWorker.h" 5 #include "modules/serviceworkers/NavigatorServiceWorker.h"
6 6
7 #include "core/dom/Document.h" 7 #include "core/dom/Document.h"
8 #include "core/frame/LocalDOMWindow.h" 8 #include "core/frame/LocalDOMWindow.h"
9 #include "core/frame/LocalFrame.h" 9 #include "core/frame/LocalFrame.h"
10 #include "core/frame/Navigator.h" 10 #include "core/frame/Navigator.h"
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
53 { 53 {
54 DCHECK(!navigator.frame() || executionContext->getSecurityOrigin()->canAcces sCheckSuborigins(navigator.frame()->securityContext()->getSecurityOrigin())); 54 DCHECK(!navigator.frame() || executionContext->getSecurityOrigin()->canAcces sCheckSuborigins(navigator.frame()->securityContext()->getSecurityOrigin()));
55 return NavigatorServiceWorker::from(navigator).serviceWorker(navigator.frame (), exceptionState); 55 return NavigatorServiceWorker::from(navigator).serviceWorker(navigator.frame (), exceptionState);
56 } 56 }
57 57
58 ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(LocalFrame* frame, ExceptionState& exceptionState) 58 ServiceWorkerContainer* NavigatorServiceWorker::serviceWorker(LocalFrame* frame, ExceptionState& exceptionState)
59 { 59 {
60 if (frame && !frame->securityContext()->getSecurityOrigin()->canAccessServic eWorkers()) { 60 if (frame && !frame->securityContext()->getSecurityOrigin()->canAccessServic eWorkers()) {
61 if (frame->securityContext()->isSandboxed(SandboxOrigin)) 61 if (frame->securityContext()->isSandboxed(SandboxOrigin))
62 exceptionState.throwSecurityError("Service worker is disabled becaus e the context is sandboxed and lacks the 'allow-same-origin' flag."); 62 exceptionState.throwSecurityError("Service worker is disabled becaus e the context is sandboxed and lacks the 'allow-same-origin' flag.");
63 else if (frame->securityContext()->getSecurityOrigin()->hasSuborigin())
64 exceptionState.throwSecurityError("Service worker is disabled becaus e the context is in a suborigin.");
63 else 65 else
64 exceptionState.throwSecurityError("Access to service workers is deni ed in this document origin."); 66 exceptionState.throwSecurityError("Access to service workers is deni ed in this document origin.");
65 return nullptr; 67 return nullptr;
66 } 68 }
67 if (!m_serviceWorker && frame) { 69 if (!m_serviceWorker && frame) {
68 DCHECK(frame->domWindow()); 70 DCHECK(frame->domWindow());
69 m_serviceWorker = ServiceWorkerContainer::create(frame->domWindow()->get ExecutionContext()); 71 m_serviceWorker = ServiceWorkerContainer::create(frame->domWindow()->get ExecutionContext());
70 } 72 }
71 return m_serviceWorker.get(); 73 return m_serviceWorker.get();
72 } 74 }
73 75
74 void NavigatorServiceWorker::contextDestroyed() 76 void NavigatorServiceWorker::contextDestroyed()
75 { 77 {
76 m_serviceWorker = nullptr; 78 m_serviceWorker = nullptr;
77 } 79 }
78 80
79 DEFINE_TRACE(NavigatorServiceWorker) 81 DEFINE_TRACE(NavigatorServiceWorker)
80 { 82 {
81 visitor->trace(m_serviceWorker); 83 visitor->trace(m_serviceWorker);
82 Supplement<Navigator>::trace(visitor); 84 Supplement<Navigator>::trace(visitor);
83 ContextLifecycleObserver::trace(visitor); 85 ContextLifecycleObserver::trace(visitor);
84 } 86 }
85 87
86 } // namespace blink 88 } // namespace blink
OLDNEW
« no previous file with comments | « third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html ('k') | third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerLinkResource.cpp » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698