Changeset 214800 in webkit

Timestamp:

Apr 3, 2017 9:22:16 AM (7 years ago)

Author:

Carlos Garcia Campos

Message:

Merge r214375 - A null compound index value crashes the Databases process.
<rdar://problem/30499831> and ​https://bugs.webkit.org/show_bug.cgi?id=170000

Reviewed by Alex Christensen.

Source/WebCore:

Test: storage/indexeddb/modern/single-entry-index-invalid-key-crash.html

• bindings/js/IDBBindingUtilities.cpp:

(WebCore::createKeyPathArray): Fix the bug by rejecting arrays with any invalid keys in them.

Add some logging:

• Modules/indexeddb/IDBKeyPath.cpp:

(WebCore::loggingString):

• Modules/indexeddb/IDBKeyPath.h:
• Modules/indexeddb/IDBObjectStore.cpp:

(WebCore::IDBObjectStore::createIndex):

• Modules/indexeddb/shared/IDBIndexInfo.cpp:

(WebCore::IDBIndexInfo::loggingString):

LayoutTests:

• storage/indexeddb/modern/resources/single-entry-index-invalid-key-crash.js: Added.
• storage/indexeddb/modern/single-entry-index-invalid-key-crash-expected.txt: Added.
• storage/indexeddb/modern/single-entry-index-invalid-key-crash-private-expected.txt: Added.
• storage/indexeddb/modern/single-entry-index-invalid-key-crash-private.html: Added.
• storage/indexeddb/modern/single-entry-index-invalid-key-crash.html: Added.

Location:

releases/WebKitGTK/webkit-2.16

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/storage/indexeddb/modern/resources/single-entry-index-invalid-key-crash.js (added)
• LayoutTests/storage/indexeddb/modern/single-entry-index-invalid-key-crash-expected.txt (added)
• LayoutTests/storage/indexeddb/modern/single-entry-index-invalid-key-crash-private-expected.txt (added)
• LayoutTests/storage/indexeddb/modern/single-entry-index-invalid-key-crash-private.html (added)
• LayoutTests/storage/indexeddb/modern/single-entry-index-invalid-key-crash.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/Modules/indexeddb/IDBKeyPath.cpp (modified) (3 diffs)
• Source/WebCore/Modules/indexeddb/IDBKeyPath.h (modified) (2 diffs)
• Source/WebCore/Modules/indexeddb/IDBObjectStore.cpp (modified) (1 diff)
• Source/WebCore/Modules/indexeddb/shared/IDBIndexInfo.cpp (modified) (1 diff)
• Source/WebCore/bindings/js/IDBBindingUtilities.cpp (modified) (1 diff)

releases/WebKitGTK/webkit-2.16/LayoutTests/ChangeLog

@@ +1 @@
+2017-03-24  Brady Eidson  <beidson@apple.com>
+
+        A null compound index value crashes the Databases process.
+        <rdar://problem/30499831> and https://bugs.webkit.org/show_bug.cgi?id=170000
+
+        Reviewed by Alex Christensen.
+
+        * storage/indexeddb/modern/resources/single-entry-index-invalid-key-crash.js: Added.
+        * storage/indexeddb/modern/single-entry-index-invalid-key-crash-expected.txt: Added.
+        * storage/indexeddb/modern/single-entry-index-invalid-key-crash-private-expected.txt: Added.
+        * storage/indexeddb/modern/single-entry-index-invalid-key-crash-private.html: Added.
+        * storage/indexeddb/modern/single-entry-index-invalid-key-crash.html: Added.
+
 2017-03-24  Daniel Bates  <dabates@apple.com>
 

releases/WebKitGTK/webkit-2.16/Source/WebCore/ChangeLog

@@ +1 @@
+2017-03-24  Brady Eidson  <beidson@apple.com>
+
+        A null compound index value crashes the Databases process.
+        <rdar://problem/30499831> and https://bugs.webkit.org/show_bug.cgi?id=170000
+
+        Reviewed by Alex Christensen.
+
+        Test: storage/indexeddb/modern/single-entry-index-invalid-key-crash.html
+
+        * bindings/js/IDBBindingUtilities.cpp:
+        (WebCore::createKeyPathArray): Fix the bug by rejecting arrays with any invalid keys in them.
+        
+        Add some logging:
+        * Modules/indexeddb/IDBKeyPath.cpp:
+        (WebCore::loggingString):
+        * Modules/indexeddb/IDBKeyPath.h:
+        * Modules/indexeddb/IDBObjectStore.cpp:
+        (WebCore::IDBObjectStore::createIndex):
+        * Modules/indexeddb/shared/IDBIndexInfo.cpp:
+        (WebCore::IDBIndexInfo::loggingString):
+
 2017-03-24  Daniel Bates  <dabates@apple.com>
 

releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBKeyPath.cpp

@@ -1 +1 @@
 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
+ * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -31 +32 @@
 #include <wtf/ASCIICType.h>
 #include <wtf/dtoa.h>
+#include <wtf/text/StringBuilder.h>
 
 namespace WebCore {
@@ -222 +224 @@
 }
 
+#ifndef NDEBUG
+String loggingString(const IDBKeyPath& path)
+{
+    auto visitor = WTF::makeVisitor([](const String& string) {
+        return makeString("< ", string, " >");
+    }, [](const Vector<String>& strings) {
+        if (strings.isEmpty())
+            return String("< >");
+
+        StringBuilder builder;
+        builder.append("< ");
+        for (size_t i = 0; i < strings.size() - 1; ++i) {
+            builder.append(strings[i]);
+            builder.append(", ");
+        }
+        builder.append(strings.last());
+        builder.append(" >");
+
+        return builder.toString();
+    });
+
+    return WTF::visit(visitor, path);
+}
+#endif
+
 } // namespace WebCore
 

releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBKeyPath.h

@@ -1 +1 @@
 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
+ * Copyright (C) 2016-2017 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -53 +54 @@
 }
 
+#ifndef NDEBUG
+String loggingString(const IDBKeyPath&);
+#endif
+
 } // namespace WebCore
 

releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/IDBObjectStore.cpp

@@ -425 +425 @@
 ExceptionOr<Ref<IDBIndex>> IDBObjectStore::createIndex(ExecState&, const String& name, IDBKeyPath&& keyPath, const IndexParameters& parameters)
 {
-    LOG(IndexedDB, "IDBObjectStore::createIndex %s", name.utf8().data());
+    LOG(IndexedDB, "IDBObjectStore::createIndex %s (keyPath: %s, unique: %i, multiEntry: %i)", name.utf8().data(), loggingString(keyPath).utf8().data(), parameters.unique, parameters.multiEntry);
     ASSERT(currentThread() == m_transaction.database().originThreadID());
 

releases/WebKitGTK/webkit-2.16/Source/WebCore/Modules/indexeddb/shared/IDBIndexInfo.cpp

@@ -57 +57 @@
         indentString.append(" ");
 
-    return makeString(indentString, "Index: ", m_name, String::format(" (%" PRIu64 ") \n", m_identifier));
+    return makeString(indentString, "Index: ", m_name, String::format(" (%" PRIu64 ") keyPath: %s\n", m_identifier, WebCore::loggingString(m_keyPath).utf8().data()));
 }
 

releases/WebKitGTK/webkit-2.16/Source/WebCore/bindings/js/IDBBindingUtilities.cpp

@@ -394 +394 @@
         for (auto& entry : vector) {
             auto key = internalCreateIDBKeyFromScriptValueAndKeyPath(exec, value, entry);
-            if (!key)
+            if (!key || !key->isValid())
                 return { };
             keys.append(key.get());