Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1194)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: third_party/WebKit/Source/web/tests/WebFrameTest.cpp

Issue 2783743002: Fix nullptr deref in maybeRenderFallbackContent() (Closed)
Patch Set: Fix comments Created 3 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « third_party/WebKit/Source/web/WebLocalFrameImpl.cpp ('k') | third_party/WebKit/Source/web/tests/data/fallback.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: third_party/WebKit/Source/web/tests/WebFrameTest.cpp
diff --git a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
index f7aacb487e992e16d962e63d99e49e3c09ac5862..81fb1ba4ceef6003b6be9e5f67b6283fc0d15b46 100644
--- a/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
+++ b/third_party/WebKit/Source/web/tests/WebFrameTest.cpp
@@ -11885,4 +11885,67 @@ TEST_F(WebFrameTest, LocalFrameWithRemoteParentIsTransparent) {
view->Close();
}
+class TestFallbackWebFrameClient : public FrameTestHelpers::TestWebFrameClient {
+ public:
+ explicit TestFallbackWebFrameClient() : child_client_(nullptr) {}
+
+ void SetChildWebFrameClient(TestFallbackWebFrameClient* client) {
+ child_client_ = client;
+ }
+
+ WebLocalFrame* CreateChildFrame(
+ WebLocalFrame* parent,
+ WebTreeScopeType scope,
+ const WebString&,
+ const WebString&,
+ WebSandboxFlags,
+ const WebFrameOwnerProperties& frameOwnerProperties) override {
+ DCHECK(child_client_);
+ WebLocalFrame* frame =
+ WebLocalFrame::Create(scope, child_client_, nullptr, nullptr);
+ parent->AppendChild(frame);
+ return frame;
+ }
+
+ WebNavigationPolicy DecidePolicyForNavigation(
+ const NavigationPolicyInfo& info) override {
+ if (child_client_ || KURL(info.url_request.Url()) == BlankURL())
+ return kWebNavigationPolicyCurrentTab;
+ return kWebNavigationPolicyHandledByClient;
+ }
+
+ private:
+ TestFallbackWebFrameClient* child_client_;
+};
+
+TEST_F(WebFrameTest, FallbackForNonexistentProvisionalNavigation) {
+ RegisterMockedHttpURLLoad("fallback.html");
+ TestFallbackWebFrameClient mainClient;
+ TestFallbackWebFrameClient childClient;
+ mainClient.SetChildWebFrameClient(&childClient);
+
+ FrameTestHelpers::WebViewHelper webViewHelper;
+ webViewHelper.Initialize(true, &mainClient);
+
+ WebLocalFrameImpl* main_frame = webViewHelper.WebView()->MainFrameImpl();
+ WebURLRequest request(ToKURL(base_url_ + "fallback.html"));
+ main_frame->LoadRequest(request);
+
+ // Because the child frame will be HandledByClient, the main frame will not
+ // finish loading, so we cant use
+ // FrameTestHelpers::pumpPendingRequestsForFrameToLoad.
+ Platform::Current()->GetURLLoaderMockFactory()->ServeAsynchronousRequests();
+
+ // Overwrite the client-handled child frame navigation with about:blank.
+ WebLocalFrame* child = main_frame->FirstChild()->ToWebLocalFrame();
+ child->LoadRequest(WebURLRequest(BlankURL()));
+
+ // Failing the original child frame navigation and trying to render fallback
+ // content shouldn't crash. It should return NoLoadInProgress. This is so the
+ // caller won't attempt to replace the correctly empty frame with an error
+ // page.
+ EXPECT_EQ(WebLocalFrame::NoLoadInProgress,
+ child->MaybeRenderFallbackContent(WebURLError()));
+}
+
} // namespace blink
« no previous file with comments | « third_party/WebKit/Source/web/WebLocalFrameImpl.cpp ('k') | third_party/WebKit/Source/web/tests/data/fallback.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698