From 9925d30065afa1c0723d58f20282c66764553734 Mon Sep 17 00:00:00 2001
From: "commit-queue@webkit.org"
 <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri, 23 Sep 2011 22:34:17 +0000
Subject: [PATCH] [Chromium] Crash in WebCore::DatabaseObserver
 https://bugs.webkit.org/show_bug.cgi?id=67805

Patch by Stephen Chenney <schenney@chromium.org> on 2011-09-23
Reviewed by David Levin.

* src/DatabaseObserver.cpp:
(WebCore::DatabaseObserver::canEstablishDatabase): Added a check for a
null frame or page, and return false if null. Investigated
changing the fall-through return value to false but decided against
it given the way the code is used and existing default values for
related code. Reproduction and testing depends on having a document
with no frame or no page, which sometimes happens in practice but is
hard to construct explicitly.

git-svn-id: http://svn.webkit.org/repository/webkit/trunk@95871 268f45cc-cd09-0410-ab3c-d52691b4dbfc
---
 Source/WebKit/chromium/ChangeLog                | 16 ++++++++++++++++
 Source/WebKit/chromium/src/DatabaseObserver.cpp |  4 ++++
 2 files changed, 20 insertions(+)

diff --git a/Source/WebKit/chromium/ChangeLog b/Source/WebKit/chromium/ChangeLog
index 8f48602..31a11bb 100644
--- a/Source/WebKit/chromium/ChangeLog
+++ b/Source/WebKit/chromium/ChangeLog
@@ -1,3 +1,19 @@
+2011-09-23  Stephen Chenney  <schenney@chromium.org>
+
+        [Chromium] Crash in WebCore::DatabaseObserver
+        https://bugs.webkit.org/show_bug.cgi?id=67805
+
+        Reviewed by David Levin.
+
+        * src/DatabaseObserver.cpp:
+        (WebCore::DatabaseObserver::canEstablishDatabase): Added a check for a
+        null frame or page, and return false if null. Investigated
+        changing the fall-through return value to false but decided against
+        it given the way the code is used and existing default values for
+        related code. Reproduction and testing depends on having a document
+        with no frame or no page, which sometimes happens in practice but is
+        hard to construct explicitly.
+
 2011-09-23  Scott Graham  <scottmg@chromium.org>
 
         occasional crash in Chromium in dispatching keyEvent
diff --git a/Source/WebKit/chromium/src/DatabaseObserver.cpp b/Source/WebKit/chromium/src/DatabaseObserver.cpp
index cc8f22d..b891510 100644
--- a/Source/WebKit/chromium/src/DatabaseObserver.cpp
+++ b/Source/WebKit/chromium/src/DatabaseObserver.cpp
@@ -158,7 +158,11 @@ bool DatabaseObserver::canEstablishDatabase(ScriptExecutionContext* scriptExecut
     if (scriptExecutionContext->isDocument()) {
         Document* document = static_cast<Document*>(scriptExecutionContext);
         WebFrameImpl* webFrame = WebFrameImpl::fromFrame(document->frame());
+        if (!webFrame)
+            return false;
         WebViewImpl* webView = webFrame->viewImpl();
+        if (!webView)
+            return false;
         if (webView->permissionClient())
             return webView->permissionClient()->allowDatabase(webFrame, name, displayName, estimatedSize);
     } else {
-- 
2.7.4