Changeset 180565 in webkit


Ignore:
Timestamp:
Feb 24, 2015 9:11:27 AM (9 years ago)
Author:
commit-queue@webkit.org
Message:

Crash loading local file with WebPageProxy::loadAlternateHTMLString
https://bugs.webkit.org/show_bug.cgi?id=141867

Patch by Michael Catanzaro <Michael Catanzaro> on 2015-02-24
Reviewed by Anders Carlsson.

Source/WebKit2:

WebPageProxy::loadAlternateHTMLString needs to assume read access to unreachableURL as well
as baseURL, because unreachableURL will get added to the back/forward list, causing us to
crash later on when we notice the unexpected URL received in checkURLReceivedFromWebProcess.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::loadAlternateHTMLString):

Tools:

  • TestWebKitAPI/Tests/WebKit2/LoadAlternateHTMLStringWithNonDirectoryURL.cpp:

(TestWebKitAPI::loadAlternateHTMLString): Split most of this test into a function so it can
be shared with the new test.
(TestWebKitAPI::TEST): Add a cross-platform test for this crash.

  • TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp: Add a GTK+ test for this crash.

(testLoadAlternateHTMLForLocalPage):
(beforeAll):

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit2/ChangeLog

    r180553 r180565  
     12015-02-24  Michael Catanzaro  <mcatanzaro@igalia.com>
     2
     3        Crash loading local file with WebPageProxy::loadAlternateHTMLString
     4        https://bugs.webkit.org/show_bug.cgi?id=141867
     5
     6        Reviewed by Anders Carlsson.
     7
     8        WebPageProxy::loadAlternateHTMLString needs to assume read access to unreachableURL as well
     9        as baseURL, because unreachableURL will get added to the back/forward list, causing us to
     10        crash later on when we notice the unexpected URL received in checkURLReceivedFromWebProcess.
     11
     12        * UIProcess/WebPageProxy.cpp:
     13        (WebKit::WebPageProxy::loadAlternateHTMLString):
     14
    1152015-02-24  Ryuan Choi  <ryuan.choi@navercorp.com>
    216
  • trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp

    r180517 r180565  
    920920
    921921    m_process->assumeReadAccessToBaseURL(baseURL);
     922    m_process->assumeReadAccessToBaseURL(unreachableURL);
    922923    m_process->send(Messages::WebPage::LoadAlternateHTMLString(htmlString, baseURL, unreachableURL, UserData(process().transformObjectsToHandles(userData).get())), m_pageID);
    923924    m_process->responsivenessTimer()->start();
  • trunk/Tools/ChangeLog

    r180557 r180565  
     12015-02-24  Michael Catanzaro  <mcatanzaro@igalia.com>
     2
     3        Crash loading local file with WebPageProxy::loadAlternateHTMLString
     4        https://bugs.webkit.org/show_bug.cgi?id=141867
     5
     6        Reviewed by Anders Carlsson.
     7
     8        * TestWebKitAPI/Tests/WebKit2/LoadAlternateHTMLStringWithNonDirectoryURL.cpp:
     9        (TestWebKitAPI::loadAlternateHTMLString): Split most of this test into a function so it can
     10        be shared with the new test.
     11        (TestWebKitAPI::TEST): Add a cross-platform test for this crash.
     12        * TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp: Add a GTK+ test for this crash.
     13        (testLoadAlternateHTMLForLocalPage):
     14        (beforeAll):
     15
    1162015-02-24  David Kilzer  <ddkilzer@apple.com>
    217
  • trunk/Tools/TestWebKitAPI/Tests/WebKit2/LoadAlternateHTMLStringWithNonDirectoryURL.cpp

    r177506 r180565  
    11/*
    22 * Copyright (C) 2011 Apple Inc. All rights reserved.
     3 * Copyright (C) 2015 Igalia S.L.
    34 *
    45 * Redistribution and use in source and binary forms, with or without
     
    4546}
    4647
    47 TEST(WebKit2, LoadAlternateHTMLStringWithNonDirectoryURL)
     48static void loadAlternateHTMLString(WKURLRef baseURL, WKURLRef unreachableURL)
    4849{
    4950    WKRetainPtr<WKContextRef> context(AdoptWK, WKContextCreate());
     
    5758    WKPageSetPageLoaderClient(webView.page(), &loaderClient.base);
    5859
    59     WKRetainPtr<WKURLRef> fileURL(AdoptWK, Util::createURLForResource("simple", "html"));
    6060    WKRetainPtr<WKStringRef> alternateHTMLString(AdoptWK, WKStringCreateWithUTF8CString("<html><body><img src='icon.png'></body></html>"));
    61    
    62     // Call WKPageLoadAlternateHTMLString() with fileURL which does not point to a directory
    63     WKPageLoadAlternateHTMLString(webView.page(), alternateHTMLString.get(), fileURL.get(), fileURL.get());
    64    
     61    WKPageLoadAlternateHTMLString(webView.page(), alternateHTMLString.get(), baseURL, unreachableURL);
     62
    6563    // If we can finish loading the html without resulting in an invalid message being sent from the WebProcess, this test passes.
    6664    Util::run(&didFinishLoad);
     65}
     66
     67TEST(WebKit2, LoadAlternateHTMLStringWithNonDirectoryURL)
     68{
     69    // Call WKPageLoadAlternateHTMLString() with fileURL which does not point to a directory.
     70    WKRetainPtr<WKURLRef> fileURL(AdoptWK, Util::createURLForResource("simple", "html"));
     71    loadAlternateHTMLString(fileURL.get(), fileURL.get());
     72}
     73
     74TEST(WebKit2, LoadAlternateHTMLStringWithEmptyBaseURL)
     75{
     76    // Call WKPageLoadAlternateHTMLString() with empty baseURL to make sure this test works
     77    // when baseURL does not grant read access to the unreachableURL. We use a separate test
     78    // to ensure the previous test does not pollute the result.
     79    WKRetainPtr<WKURLRef> unreachableURL(AdoptWK, Util::URLForNonExistentResource());
     80    loadAlternateHTMLString(nullptr, unreachableURL.get());
    6781}
    6882
  • trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestLoaderClient.cpp

    r176256 r180565  
    7979{
    8080    test->loadAlternateHTML("<html><body>Alternate page</body></html>", "http://error-page.foo/", 0);
     81    test->waitUntilLoadFinished();
     82    assertNormalLoadHappened(test->m_loadEvents);
     83}
     84
     85static void testLoadAlternateHTMLForLocalPage(LoadTrackingTest* test, gconstpointer)
     86{
     87    test->loadAlternateHTML("<html><body>Alternate page</body></html>", "file:///not/actually/loaded.html", 0);
    8188    test->waitUntilLoadFinished();
    8289    assertNormalLoadHappened(test->m_loadEvents);
     
    478485    LoadTrackingTest::add("WebKitWebView", "load-html", testLoadHtml);
    479486    LoadTrackingTest::add("WebKitWebView", "load-alternate-html", testLoadAlternateHTML);
     487    LoadTrackingTest::add("WebKitWebView", "load-alternate-html-for-local-page", testLoadAlternateHTMLForLocalPage);
    480488    LoadTrackingTest::add("WebKitWebView", "load-plain-text", testLoadPlainText);
    481489    LoadTrackingTest::add("WebKitWebView", "load-bytes", testLoadBytes);
Note: See TracChangeset for help on using the changeset viewer.