Changeset 150853 in webkit

Timestamp:

May 28, 2013 4:26:48 PM (11 years ago)

Author:

ap@apple.com

Message:

Freeze when loading a particular page on washingtonpost.com with NetworkProcess enabled
​https://bugs.webkit.org/show_bug.cgi?id=116887
<rdar://problem/12965959>

Reviewed by Darin Adler.

• Shared/cf/ArgumentCodersCF.cpp: (CoreIPC::encode): (CoreIPC::decode): Fix for the bug: use good shared WebCore code to manipulate CFURLs. Also, added a FIXME about empty URLs.

• Shared/API/c/cf/WKURLCF.cpp: (WKURLCreateWithCFURL): Fixed to not use CFURLGetString, as that could prevent loading certain resources, like ones with curly braces in resource specifiers. We want KURL normalization, not CFURL one.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/http/tests/uri/curly-braces-escaping-expected.txt (added)
• LayoutTests/http/tests/uri/curly-braces-escaping.html (added)
• LayoutTests/http/tests/uri/resources/echo-uri.php (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/WebCore.exp.in (modified) (2 diffs)
• Source/WebCore/WebCore.vcproj/WebCore.vcproj (modified) (1 diff)
• Source/WebCore/WebCore.vcxproj/WebCore.vcxproj (modified) (2 diffs)
• Source/WebCore/WebCore.vcxproj/WebCore.vcxproj.filters (modified) (2 diffs)
• Source/WebCore/WebCore.xcodeproj/project.pbxproj (modified) (5 diffs)
• Source/WebCore/platform/KURL.cpp (modified) (1 diff)
• Source/WebCore/platform/cf/CFURLExtras.cpp (added)
• Source/WebCore/platform/cf/CFURLExtras.h (added)
• Source/WebCore/platform/cf/KURLCFNet.cpp (modified) (3 diffs)
• Source/WebCore/platform/mac/KURLMac.mm (modified) (3 diffs)
• Source/WebCore/platform/network/cf/ResourceErrorCF.cpp (modified) (1 diff)
• Source/WebKit2/ChangeLog (modified) (1 diff)
• Source/WebKit2/Shared/API/c/cf/WKURLCF.cpp (modified) (2 diffs)
• Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp (modified) (5 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2013-05-28  Alexey Proskuryakov  <ap@apple.com>
+
+        Freeze when loading a particular page on washingtonpost.com with NetworkProcess enabled
+        https://bugs.webkit.org/show_bug.cgi?id=116887
+        <rdar://problem/12965959>
+
+        Reviewed by Darin Adler.
+
+        * http/tests/uri/curly-braces-escaping-expected.txt: Added.
+        * http/tests/uri/curly-braces-escaping.html: Added.
+        * http/tests/uri/resources/echo-uri.php: Added.
+
 2013-05-28  Brent Fulgham  <bfulgham@apple.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-05-28  Alexey Proskuryakov  <ap@apple.com>
+
+        Freeze when loading a particular page on washingtonpost.com with NetworkProcess enabled
+        https://bugs.webkit.org/show_bug.cgi?id=116887
+        <rdar://problem/12965959>
+
+        Reviewed by Darin Adler.
+
+        Test: http/tests/uri/curly-braces-escaping.html
+
+        The issue was that WebKit used an incorrect accessor to get a string out of CFURL,
+        unlike WebCore.
+
+        Centralized code for converting between CFURLs and strings in a place that WebKit
+        can use directly.
+
+        * WebCore.exp.in:
+        * WebCore.vcproj/WebCore.vcproj:
+        * WebCore.vcxproj/WebCore.vcxproj:
+        * WebCore.vcxproj/WebCore.vcxproj.filters:
+        * WebCore.xcodeproj/project.pbxproj:
+        Keeping things building.
+
+        * platform/KURL.cpp: (WebCore::KURL::copyToBuffer):
+        * platform/KURL.h:
+        Updated for a new typedef name. The code was using Vector<char, 512> and CharBuffer
+        inconsistently, and now URLs use URLCharBuffer.
+
+        * platform/cf/CFURLExtras.cpp: Added.
+        (WebCore::createCFURLFromBuffer):
+        (WebCore::getURLBytes):
+        * platform/cf/CFURLExtras.h: Added.
+        * platform/cf/KURLCFNet.cpp:
+        (WebCore::KURL::KURL):
+        (WebCore::KURL::createCFURL):
+        Extracted code for CFURL string manipulation that is not logcally part of KURL.
+
+        * platform/mac/KURLMac.mm:
+        (WebCore::KURL::KURL): Use the new getURLBytes function.
+        (WebCore::KURL::operator NSURL *): Added a comment.
+        (WebCore::KURL::createCFURL): Added a comment, and updated for new names and
+        signatures.
+
+        * platform/network/cf/ResourceErrorCF.cpp: (WebCore::ResourceError::platformLazyInit):
+        Added a FIXME. We are still using CFURLGetString here. The difficulty is getting
+        encodings right.
+
 2013-05-28  Anders Carlsson  <andersca@apple.com>
 

trunk/Source/WebCore/WebCore.exp.in

@@ -168 +168 @@
 __ZN7WebCore11SQLResultOkE
 __ZN7WebCore11URLWithDataEP6NSDataP5NSURL
+__ZN7WebCore11getURLBytesEPK7__CFURLRN3WTF7CStringE
+__ZN7WebCore11getURLBytesEPK7__CFURLRN3WTF6VectorIcLm512ENS3_15CrashOnOverflowEEE
 __ZN7WebCore11iBeamCursorEv
 __ZN7WebCore11memoryCacheEv
@@ -718 +720 @@
 __ZN7WebCore21UserContentURLPattern5parseERKN3WTF6StringE
 __ZN7WebCore21WindowsLatin1EncodingEv
+__ZN7WebCore21createCFURLFromBufferEPKcmPK7__CFURL
 __ZN7WebCore21findEventWithKeyStateEPNS_5EventE
 __ZN7WebCore21getCachedDOMStructureEPNS_17JSDOMGlobalObjectEPKN3JSC9ClassInfoE

trunk/Source/WebCore/WebCore.vcproj/WebCore.vcproj

@@ -29723 +29723 @@
                                 >
                                 <File
+                                        RelativePath="..\platform\cf\CFURLExtras.cpp"
+                                        >
+                                </File>
+                                <File
+                                        RelativePath="..\platform\cf\CFURLExtras.h"
+                                        >
+                                </File>
+                                <File
                                         RelativePath="..\platform\cf\FileSystemCF.cpp"
                                         >

trunk/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj

@@ -4222 +4222 @@
     <ClCompile Include="..\platform\win\WidgetWin.cpp" />
     <ClCompile Include="..\platform\win\WindowMessageBroadcaster.cpp" />
+    <ClCompile Include="..\platform\cf\CFURLExtras.cpp" />
     <ClCompile Include="..\platform\cf\FileSystemCF.cpp" />
     <ClCompile Include="..\platform\cf\KURLCFNet.cpp" />
@@ -11609 +11610 @@
     <ClInclude Include="..\platform\win\WindowMessageListener.h" />
     <ClInclude Include="..\platform\win\WindowsTouch.h" />
+    <ClInclude Include="..\platform\cf\CFURLExtras.h" />
     <ClInclude Include="..\platform\cf\win\CertificateCFWin.h" />
     <ClInclude Include="..\platform\graphics\BitmapImage.h" />

trunk/Source/WebCore/WebCore.vcxproj/WebCore.vcxproj.filters

@@ -5179 +5179 @@
       <Filter>page</Filter>
     </ClCompile>
+    <ClCompile Include="..\platform\cf\CFURLExtras.cpp">
+      <Filter>platform\cf</Filter>
+    </ClCompile>
     <ClCompile Include="..\platform\cf\SharedBufferCF.cpp">
       <Filter>platform\cf</Filter>
@@ -12682 +12685 @@
     <ClInclude Include="..\svg\SVGAnimatedTypeAnimator.h">
       <Filter>rendering\svg</Filter>
+    </ClInclude>
+    <ClInclude Include="..\platform\cf\CFURLExtras.h">
+      <Filter>platform\cf</Filter>
     </ClInclude>
     <ClInclude Include="..\platform\cf\win\CertificateCFWin.h">

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -5420 +5420 @@
                 E1A643F20EC0972500779668 /* WorkerScriptController.h in Headers */ = {isa = PBXBuildFile; fileRef = E1A643F10EC0972500779668 /* WorkerScriptController.h */; };
                 E1A643FD0EC097A000779668 /* WorkerScriptController.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E1A643FC0EC097A000779668 /* WorkerScriptController.cpp */; };
+                E1A8E56617552B2A007488E7 /* CFURLExtras.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E1A8E56417552B2A007488E7 /* CFURLExtras.cpp */; };
+                E1A8E56717552B2A007488E7 /* CFURLExtras.h in Headers */ = {isa = PBXBuildFile; fileRef = E1A8E56517552B2A007488E7 /* CFURLExtras.h */; settings = {ATTRIBUTES = (Private, ); }; };
                 E1ACAF4C0E791AAF0087D12B /* DOMMessagePort.mm in Sources */ = {isa = PBXBuildFile; fileRef = E1ACAF4A0E791AAF0087D12B /* DOMMessagePort.mm */; };
                 E1ACAF4D0E791AAF0087D12B /* DOMMessagePort.h in Headers */ = {isa = PBXBuildFile; fileRef = E1ACAF4B0E791AAF0087D12B /* DOMMessagePort.h */; };
@@ -12202 +12204 @@
                 E1A643F10EC0972500779668 /* WorkerScriptController.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WorkerScriptController.h; sourceTree = "<group>"; };
                 E1A643FC0EC097A000779668 /* WorkerScriptController.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = WorkerScriptController.cpp; sourceTree = "<group>"; };
+                E1A8E56417552B2A007488E7 /* CFURLExtras.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CFURLExtras.cpp; sourceTree = "<group>"; };
+                E1A8E56517552B2A007488E7 /* CFURLExtras.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = CFURLExtras.h; sourceTree = "<group>"; };
                 E1AB1EA814E9E27D00449E13 /* FileList.idl */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text; name = FileList.idl; path = fileapi/FileList.idl; sourceTree = "<group>"; };
                 E1AB1EAB14E9E2EF00449E13 /* DirectoryEntry.idl */ = {isa = PBXFileReference; lastKnownFileType = text; name = DirectoryEntry.idl; path = Modules/filesystem/DirectoryEntry.idl; sourceTree = "<group>"; };
@@ -13405 +13409 @@
                         isa = PBXGroup;
                         children = (
+                                E1A8E56417552B2A007488E7 /* CFURLExtras.cpp */,
+                                E1A8E56517552B2A007488E7 /* CFURLExtras.h */,
                                 5160306B0CC4362300C8AC25 /* FileSystemCF.cpp */,
                                 1A98956A0AA78F80005EF5EF /* KURLCFNet.cpp */,
@@ -20917 +20923 @@
                                 29D7BCFA1444AF7D0070619C /* AccessibilitySpinButton.h in Headers */,
                                 AAC08CF315F941FD00F1E188 /* AccessibilitySVGRoot.h in Headers */,
+                                E1A8E56717552B2A007488E7 /* CFURLExtras.h in Headers */,
                                 29A8122B0FBB9C1D00510293 /* AccessibilityTable.h in Headers */,
                                 29A812320FBB9C1D00510293 /* AccessibilityTableCell.h in Headers */,
@@ -26200 +26207 @@
                                 1AF8E1C3125673E000230FF7 /* ProxyServerCFNet.cpp in Sources */,
                                 FF945ECB161F7F3600971BC8 /* PseudoElement.cpp in Sources */,
+                                E1A8E56617552B2A007488E7 /* CFURLExtras.cpp in Sources */,
                                 0081FEFF16B0A2B6008AAA7A /* PublicSuffixMac.mm in Sources */,
                                 E4D687770ED7AE3D006EA978 /* PurgeableBufferMac.cpp in Sources */,

trunk/Source/WebCore/platform/KURL.cpp

@@ -1696 +1696 @@
 }
 
-void KURL::copyToBuffer(CharBuffer& buffer) const
+void KURL::copyToBuffer(Vector<char, 512>& buffer) const
 {
     // FIXME: This throws away the high bytes of all the characters in the string!

trunk/Source/WebCore/platform/cf/KURLCFNet.cpp

@@ -27 +27 @@
 #include "KURL.h"
 
-#include <wtf/RetainPtr.h>
+#include "CFURLExtras.h"
 #include <CoreFoundation/CFURL.h>
+#include <wtf/text/CString.h>
 
 using namespace std;
 
 namespace WebCore {
-
-typedef Vector<char, 512> CharBuffer;
-
-RetainPtr<CFURLRef> createCFURLFromBuffer(const CharBuffer&);
 
 KURL::KURL(CFURLRef url)
@@ -45 +42 @@
     }
 
-    CFIndex bytesLength = CFURLGetBytes(url, 0, 0);
-    Vector<char, 512> buffer(bytesLength + 1);
-    char* bytes = &buffer[0];
-    CFURLGetBytes(url, reinterpret_cast<UInt8*>(bytes), bytesLength);
-    bytes[bytesLength] = '\0';
-    parse(bytes);
-}
-
-RetainPtr<CFURLRef> createCFURLFromBuffer(const CharBuffer& buffer)
-{
-    // NOTE: We use UTF-8 here since this encoding is used when computing strings when returning URL components
-    // (e.g calls to NSURL -path). However, this function is not tolerant of illegal UTF-8 sequences, which
-    // could either be a malformed string or bytes in a different encoding, like Shift-JIS, so we fall back
-    // onto using ISO Latin-1 in those cases.
-    RetainPtr<CFURLRef> result = adoptCF(CFURLCreateAbsoluteURLWithBytes(0, reinterpret_cast<const UInt8*>(buffer.data()), buffer.size(), kCFStringEncodingUTF8, 0, true));
-    if (!result)
-        result = adoptCF(CFURLCreateAbsoluteURLWithBytes(0, reinterpret_cast<const UInt8*>(buffer.data()), buffer.size(), kCFStringEncodingISOLatin1, 0, true));
-    return result;
+    // FIXME: Why is it OK to ignore base URL here?
+    CString urlBytes;
+    getURLBytes(url, urlBytes);
+    parse(urlBytes.data());
 }
 
@@ -71 +54 @@
     // Currently it throws away the high bytes of the characters in the string in that case,
     // which is clearly wrong.
-    CharBuffer buffer;
+    URLCharBuffer buffer;
     copyToBuffer(buffer);
     return createCFURLFromBuffer(buffer);

trunk/Source/WebCore/platform/mac/KURLMac.mm

@@ -27 +27 @@
 #import "KURL.h"
 
+#import "CFURLExtras.h"
 #import "FoundationExtras.h"
-#import <CoreFoundation/CFURL.h>
-
-using namespace WTF;
+#import <wtf/text/CString.h>
 
 namespace WebCore {
-
-typedef Vector<char, 512> CharBuffer;
-extern RetainPtr<CFURLRef> createCFURLFromBuffer(const CharBuffer& buffer);
 
 KURL::KURL(NSURL *url)
@@ -44 +40 @@
     }
 
-    CFIndex bytesLength = CFURLGetBytes(reinterpret_cast<CFURLRef>(url), 0, 0);
-    Vector<char, 512> buffer(bytesLength + 1);
-    char* bytes = &buffer[0];
-    CFURLGetBytes(reinterpret_cast<CFURLRef>(url), reinterpret_cast<UInt8*>(bytes), bytesLength);
-    bytes[bytesLength] = '\0';
-    parse(bytes);
+    // FIXME: Why is it OK to ignore base URL here?
+    CString urlBytes;
+    getURLBytes(reinterpret_cast<CFURLRef>(url), urlBytes);
+    parse(urlBytes.data());
 }
 
 KURL::operator NSURL *() const
 {
+    // Creating a toll-free bridged CFURL, because a real NSURL would not preserve the original string.
+    // We'll need fidelity when round-tripping via CFURLGetBytes().
     return HardAutorelease(createCFURL().leakRef());
 }
 
-// We use the toll-free bridge between NSURL and CFURL to
-// create a CFURLRef supporting both empty and null values.
 RetainPtr<CFURLRef> KURL::createCFURL() const
 {
@@ -65 +59 @@
 
     if (isEmpty()) {
+        // We use the toll-free bridge between NSURL and CFURL to
+        // create a CFURLRef supporting both empty and null values.
         RetainPtr<NSURL> emptyNSURL = adoptNS([[NSURL alloc] initWithString:@""]);
         return reinterpret_cast<CFURLRef>(emptyNSURL.get());
     }
 
-    CharBuffer buffer;
+    URLCharBuffer buffer;
     copyToBuffer(buffer);
-    return createCFURLFromBuffer(buffer);
+    return createCFURLFromBuffer(buffer.data(), buffer.size());
 }
 

trunk/Source/WebCore/platform/network/cf/ResourceErrorCF.cpp

@@ -108 +108 @@
                 RetainPtr<CFURLRef> absoluteURLRef = adoptCF(CFURLCopyAbsoluteURL(failingURL));
                 if (absoluteURLRef.get()) {
+                    // FIXME: CFURLGetString returns a normalized URL which is different from what is actually used by CFNetwork.
+                    // We should use CFURLGetBytes instead.
                     failingURLString = CFURLGetString(absoluteURLRef.get());
                     m_failingURL = String(failingURLString);

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2013-05-28  Alexey Proskuryakov  <ap@apple.com>
+
+        Freeze when loading a particular page on washingtonpost.com with NetworkProcess enabled
+        https://bugs.webkit.org/show_bug.cgi?id=116887
+        <rdar://problem/12965959>
+
+        Reviewed by Darin Adler.
+
+        * Shared/cf/ArgumentCodersCF.cpp:
+        (CoreIPC::encode):
+        (CoreIPC::decode):
+        Fix for the bug: use good shared WebCore code to manipulate CFURLs. Also, added
+        a FIXME about empty URLs.
+
+        * Shared/API/c/cf/WKURLCF.cpp: (WKURLCreateWithCFURL): Fixed to not use
+        CFURLGetString, as that could prevent loading certain resources, like ones with
+        curly braces in resource specifiers. We want KURL normalization, not CFURL one.
+
 2013-05-28  Tim Horton  <timothy_horton@apple.com>
 

trunk/Source/WebKit2/Shared/API/c/cf/WKURLCF.cpp

@@ -28 +28 @@
 
 #include "WKAPICast.h"
+#include <WebCore/CFURLExtras.h>
 #include <wtf/PassRefPtr.h>
 #include <wtf/RefPtr.h>
-#include <wtf/RetainPtr.h>
 #include <wtf/text/CString.h>
 #include <wtf/text/WTFString.h>
@@ -42 +42 @@
         return 0;
 
-    String urlString(CFURLGetString(cfURL));
-    return toCopiedURLAPI(urlString);
+    CString urlBytes;
+    getURLBytes(cfURL, urlBytes);
+
+    return toCopiedURLAPI(urlBytes.data());
 }
 

trunk/Source/WebKit2/Shared/cf/ArgumentCodersCF.cpp

@@ -30 +30 @@
 #include "ArgumentEncoder.h"
 #include "DataReference.h"
+#include <WebCore/CFURLExtras.h>
 #include <wtf/Vector.h>
 
@@ -35 +36 @@
 #import <Foundation/Foundation.h>
 #endif
+
+using namespace WebCore;
 
 namespace CoreIPC {
@@ -501 +504 @@
         encode(encoder, baseURL);
 
-    encode(encoder, CFURLGetString(url));
+    URLCharBuffer urlBytes;
+    getURLBytes(url, urlBytes);
+    CoreIPC::DataReference dataReference(reinterpret_cast<const uint8_t*>(urlBytes.data()), urlBytes.size());
+    encoder << dataReference;
 }
 
@@ -515 +521 @@
     }
 
-    RetainPtr<CFStringRef> string;
-    if (!decode(decoder, string))
+    CoreIPC::DataReference urlBytes;
+    if (!decoder.decode(urlBytes))
         return false;
 
@@ -522 +528 @@
     // FIXME: Move this to ArgumentCodersCFMac.mm and change this file back to be C++
     // instead of Objective-C++.
-    if (!CFStringGetLength(string.get())) {
+    if (urlBytes.isEmpty()) {
         // CFURL can't hold an empty URL, unlike NSURL.
+        // FIXME: This discards base URL, which seems incorrect.
         result = reinterpret_cast<CFURLRef>([NSURL URLWithString:@""]);
         return true;
     }
 #endif
-                    
-    CFURLRef url = CFURLCreateWithString(0, string.get(), baseURL.get());
-    if (!url)
-        return false;
-
-    result = adoptCF(url);
-    return true;
+
+    result = createCFURLFromBuffer(reinterpret_cast<const char*>(urlBytes.data()), urlBytes.size(), baseURL.get());
+    return result;
 }