diff options
Diffstat (limited to 'www-client/chromium/files/chromium-114-sigsegv-dom.patch')
-rw-r--r-- | www-client/chromium/files/chromium-114-sigsegv-dom.patch | 73 |
1 files changed, 73 insertions, 0 deletions
diff --git a/www-client/chromium/files/chromium-114-sigsegv-dom.patch b/www-client/chromium/files/chromium-114-sigsegv-dom.patch new file mode 100644 index 000000000000..fe4c2809693c --- /dev/null +++ b/www-client/chromium/files/chromium-114-sigsegv-dom.patch @@ -0,0 +1,73 @@ +https://chromium.googlesource.com/chromium/src.git/+/2af2d08972d14d5bdd91e0515eb5b15b4444aee9 +blink::HTMLMediaElement::ShouldReusePlayer: avoid dereferencing a potentally NULL domWindow + +The domWindow() method of the Document class can potentially return nullptr +as noted in renderer/core/dom/document.h + +> // A document may or may not have a browsing context +> // (https://html.spec.whatwg.org/#browsing-context). A document with a browsing +> // context is created by navigation, and has a non-null domWindow(), GetFrame(), +> // Loader(), etc., and is visible to the user. It will have a valid +> // GetExecutionContext(), which will be equal to domWindow(). If the Document +> // constructor receives a DocumentInit created WithDocumentLoader(), it will +> // have a browsing context. +> // Documents created by all other APIs do not have a browsing context. These +> // Documents still have a valid GetExecutionContext() (i.e., the domWindow() of +> // the Document in which they were created), so they can still access +> // script, but return null for domWindow(), GetFrame() and Loader(). Generally, +> // they should not downcast the ExecutionContext to a LocalDOMWindow and access +> // the properties of the window directly. + +Upon checking further, the offending document returns null for GetFrame() and +Loader() aswell so this was likely just an oversight and no invariants are being +violated + +Introduced in https://chromium-review.googlesource.com/c/chromium/src/+/4202152 + +More details https://bugs.chromium.org/p/chromium/issues/detail?id=1447388 + +Fixed: 1447388 +Change-Id: I85a6ef52baaac0ec7f5ec188d5d5bb2c518a8ecd +Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4546610 +Reviewed-by: Fredrik Söderquist <fs@opera.com> +Commit-Queue: Fredrik Söderquist <fs@opera.com> +Cr-Commit-Position: refs/heads/main@{#1147184} + +--- a/AUTHORS ++++ b/AUTHORS + +@@ -1012,6 +1012,7 @@ + Prashant Hiremath <prashhir@cisco.com> + Prashant Nevase <prashant.n@samsung.com> + Prashant Patil <prashant.patil@imgtec.com> ++Pratham <prathamIN@proton.me> + Praveen Akkiraju <praveen.anp@samsung.com> + Preeti Nayak <preeti.nayak@samsung.com> + Pritam Nikam <pritam.nikam@samsung.com> + +--- a/third_party/blink/renderer/core/html/media/html_media_element.cc ++++ b/third_party/blink/renderer/core/html/media/html_media_element.cc + +@@ -648,6 +648,11 @@ + + bool HTMLMediaElement::ShouldReusePlayer(Document& old_document, + Document& new_document) const { ++ // A NULL frame implies a NULL domWindow, so just check one of them ++ if (!old_document.GetFrame() || !new_document.GetFrame()) { ++ return false; ++ } ++ + // Don't reuse player if the Document Picture-in-Picture API is disabled for + // both documents. + if (!RuntimeEnabledFeatures::DocumentPictureInPictureAPIEnabled( +@@ -657,10 +662,6 @@ + return false; + } + +- if (!old_document.GetFrame() || !new_document.GetFrame()) { +- return false; +- } +- + auto* new_origin = new_document.GetFrame() + ->LocalFrameRoot() + .GetSecurityContext() |