Changeset 141562 in webkit


Ignore:
Timestamp:
Feb 1, 2013 2:06:06 AM (11 years ago)
Author:
Simon Hausmann
Message:

[EFL][WK2] MiniBrowser segfaults on loading google.com
https://bugs.webkit.org/show_bug.cgi?id=108597

Patch by Gwang Yoon Hwang <ryumiel@company100.net> on 2013-02-01
Reviewed by Andreas Kling.

  • Platform/CoreIPC/unix/ConnectionUnix.cpp:

(CoreIPC::Connection::processMessage):
oolMessageBody should be properly initialized before it is used.

This patch also adds omitted break statement.

Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r141546 r141562  
     12013-02-01  Gwang Yoon Hwang  <ryumiel@company100.net>
     2
     3        [EFL][WK2] MiniBrowser segfaults on loading google.com
     4        https://bugs.webkit.org/show_bug.cgi?id=108597
     5
     6        Reviewed by Andreas Kling.
     7
     8        * Platform/CoreIPC/unix/ConnectionUnix.cpp:
     9        (CoreIPC::Connection::processMessage):
     10        oolMessageBody should be properly initialized before it is used.
     11
     12        This patch also adds omitted break statement.
     13
    1142013-01-31  Jae Hyun Park  <jae.park@company100.net>
    215

  • trunk/Source/WebKit2/Platform/CoreIPC/unix/ConnectionUnix.cpp

    r141528 r141562  
    223223                if (!attachmentInfo[i].isNull())
    224224                    attachmentFileDescriptorCount++;
     225                break;
    225226            case Attachment::Uninitialized:
    226227            default:
     
    238239    RefPtr<WebKit::SharedMemory> oolMessageBody;
    239240
    240     if (attachmentCount) {
    241         size_t fdIndex = 0;
    242         for (size_t i = 0; i < attachmentCount; ++i) {
    243             int fd = -1;
    244             switch (attachmentInfo[i].getType()) {
    245             case Attachment::MappedMemoryType:
    246                 if (!attachmentInfo[i].isNull())
    247                     fd = m_fileDescriptors[fdIndex++];
    248                 attachments[attachmentCount - i - 1] = Attachment(fd, attachmentInfo[i].getSize());
    249                 break;
    250             case Attachment::SocketType:
    251                 if (!attachmentInfo[i].isNull())
    252                     fd = m_fileDescriptors[fdIndex++];
    253                 attachments[attachmentCount - i - 1] = Attachment(fd);
    254                 break;
    255             case Attachment::Uninitialized:
    256                 attachments[attachmentCount - i - 1] = Attachment();
    257             default:
    258                 break;
    259             }
    260         }
    261 
    262         if (messageInfo.isMessageBodyIsOutOfLine()) {
    263             ASSERT(messageInfo.bodySize());
    264 
    265             if (attachmentInfo[attachmentCount].isNull()) {
    266                 ASSERT_NOT_REACHED();
    267                 return false;
    268             }
    269 
    270             WebKit::SharedMemory::Handle handle;
    271             handle.adoptFromAttachment(m_fileDescriptors[attachmentFileDescriptorCount - 1], attachmentInfo[attachmentCount].getSize());
    272 
    273             oolMessageBody = WebKit::SharedMemory::create(handle, WebKit::SharedMemory::ReadOnly);
    274             if (!oolMessageBody) {
    275                 ASSERT_NOT_REACHED();
    276                 return false;
    277             }
    278         }
    279     }
    280 
    281     ASSERT(attachments.size() == messageInfo.isMessageBodyIsOutOfLine() ? messageInfo.attachmentCount() - 1 : messageInfo.attachmentCount());
     241    size_t fdIndex = 0;
     242    for (size_t i = 0; i < attachmentCount; ++i) {
     243        int fd = -1;
     244        switch (attachmentInfo[i].getType()) {
     245        case Attachment::MappedMemoryType:
     246            if (!attachmentInfo[i].isNull())
     247                fd = m_fileDescriptors[fdIndex++];
     248            attachments[attachmentCount - i - 1] = Attachment(fd, attachmentInfo[i].getSize());
     249            break;
     250        case Attachment::SocketType:
     251            if (!attachmentInfo[i].isNull())
     252                fd = m_fileDescriptors[fdIndex++];
     253            attachments[attachmentCount - i - 1] = Attachment(fd);
     254            break;
     255        case Attachment::Uninitialized:
     256            attachments[attachmentCount - i - 1] = Attachment();
     257        default:
     258            break;
     259        }
     260    }
     261
     262    if (messageInfo.isMessageBodyIsOutOfLine()) {
     263        ASSERT(messageInfo.bodySize());
     264
     265        if (attachmentInfo[attachmentCount].isNull()) {
     266            ASSERT_NOT_REACHED();
     267            return false;
     268        }
     269
     270        WebKit::SharedMemory::Handle handle;
     271        handle.adoptFromAttachment(m_fileDescriptors[attachmentFileDescriptorCount - 1], attachmentInfo[attachmentCount].getSize());
     272
     273        oolMessageBody = WebKit::SharedMemory::create(handle, WebKit::SharedMemory::ReadOnly);
     274        if (!oolMessageBody) {
     275            ASSERT_NOT_REACHED();
     276            return false;
     277        }
     278    }
     279
     280    ASSERT(attachments.size() == (messageInfo.isMessageBodyIsOutOfLine() ? messageInfo.attachmentCount() - 1 : messageInfo.attachmentCount()));
    282281
    283282    uint8_t* messageBody = messageData;
Note: See TracChangeset for help on using the changeset viewer.