widthMediaFeatureEval ends up with null FrameView during iframe unload.

[Title] widthMediaFeatureEval ends up with null FrameView during iframe unload.
[Issue#] N_SE-51174
[Problem] Crash while loading mashable.com
[Cause] While frames are being unloaded, the Frame object does not necessarily have valid
        FrameView anymore. Layout on the main frame can end up querying media values on such child
        frames, while detaching.
[Solution] Manually cherry-picked from https://bugs.webkit.org/show_bug.cgi?id=117754

Change-Id: Ia591e5c978279ac58c1e4cc4fa900a6ef4ba7d77

diff --git a/Source/WebCore/css/MediaQueryEvaluator.cpp b/Source/WebCore/css/MediaQueryEvaluator.cpp
index 777b08e..9198c98 100644 (file)
--- a/Source/WebCore/css/MediaQueryEvaluator.cpp
+++ b/Source/WebCore/css/MediaQueryEvaluator.cpp
@@ -248,6 +248,9 @@ static bool orientationMediaFeatureEval(CSSValue* value, RenderStyle*, Frame* fr
         return false;
 
     FrameView* view = frame->view();
+    if (!view)
+        return false;
+
     int width = view->layoutWidth();
     int height = view->layoutHeight();
     if (width > height) // Square viewport is portrait
@@ -259,6 +262,9 @@ static bool aspect_ratioMediaFeatureEval(CSSValue* value, RenderStyle*, Frame* f
 {
     if (value) {
         FrameView* view = frame->view();
+        if (!view)
+            return true;
+
         int width = view->layoutWidth();
         int height = view->layoutHeight();
         int h = 0;
@@ -324,7 +330,11 @@ static bool resolutionMediaFeatureEval(CSSValue* value, RenderStyle*, Frame* fra
     // this method only got called if this media type matches the one defined
     // in the query. Thus, if if the document's media type is "print", the
     // media type of the query will either be "print" or "all".
-    String mediaType = frame->view()->mediaType();
+    FrameView* view = frame->view();
+    if (!view)
+        return false;
+
+    String mediaType = view->mediaType();
     if (equalIgnoringCase(mediaType, "screen")) {
         Screen* screen = frame->document()->domWindow()->screen();
         horiDPI = screen->horizontalDPI();
@@ -461,6 +471,8 @@ static bool device_widthMediaFeatureEval(CSSValue* value, RenderStyle* style, Fr
 static bool heightMediaFeatureEval(CSSValue* value, RenderStyle* style, Frame* frame, MediaFeaturePrefix op)
 {
     FrameView* view = frame->view();
+    if (!view)
+        return false;
 
     if (value) {
         RenderStyle* rootStyle = frame->document()->documentElement()->renderStyle();
@@ -474,6 +486,8 @@ static bool heightMediaFeatureEval(CSSValue* value, RenderStyle* style, Frame* f
 static bool widthMediaFeatureEval(CSSValue* value, RenderStyle* style, Frame* frame, MediaFeaturePrefix op)
 {
     FrameView* view = frame->view();
+    if (!view)
+        return false;
 
     if (value) {
         RenderStyle* rootStyle = frame->document()->documentElement()->renderStyle();
@@ -729,7 +743,7 @@ static void createFunctionMap()
 
 bool MediaQueryEvaluator::eval(const MediaQueryExp* expr) const
 {
-    if (!m_frame || !m_style)
+    if (!m_frame || !m_frame->view() || !m_style)
         return m_expResult;
 
     if (!expr->isValid())