Changeset 195166 in webkit


Ignore:
Timestamp:
Jan 16, 2016 1:36:44 AM (8 years ago)
Author:
Carlos Garcia Campos
Message:

[GTK] GVariant runtime critical errors when encoding session data
https://bugs.webkit.org/show_bug.cgi?id=153130

Reviewed by Michael Catanzaro.

It happens when the FrameState has children, because the recursive
serialization is wrong. Also fix serialization of
documentSequenceNumber and itemSequenceNumber that are gint64, not
guint64.

  • UIProcess/API/gtk/WebKitWebViewSessionState.cpp:

(encodeFrameState): Let the caller open/init the given
builder. Use a new builder to encode child states recursively.
(encodePageState): Do the builder open/close for the FrameState encoding.
(decodeFrameState): Get the variant of every child.

Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r195155 r195166  
     12016-01-16  Carlos Garcia Campos  <cgarcia@igalia.com>
     2
     3        [GTK] GVariant runtime critical errors when encoding session data
     4        https://bugs.webkit.org/show_bug.cgi?id=153130
     5
     6        Reviewed by Michael Catanzaro.
     7
     8        It happens when the FrameState has children, because the recursive
     9        serialization is wrong. Also fix serialization of
     10        documentSequenceNumber and itemSequenceNumber that are gint64, not
     11        guint64.
     12
     13        * UIProcess/API/gtk/WebKitWebViewSessionState.cpp:
     14        (encodeFrameState): Let the caller open/init the given
     15        builder. Use a new builder to encode child states recursively.
     16        (encodePageState): Do the builder open/close for the FrameState encoding.
     17        (decodeFrameState): Get the variant of every child.
     18
    1192016-01-15  Michael Catanzaro  <mcatanzaro@igalia.com>
    220

  • trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebViewSessionState.cpp

    r194579 r195166  
    4545#define HTTP_BODY_TYPE_STRING_V1 "m(sa" HTTP_BODY_ELEMENT_TYPE_STRING_V1 ")"
    4646#define HTTP_BODY_FORMAT_STRING_V1 "m(&sa" HTTP_BODY_ELEMENT_TYPE_STRING_V1 ")"
    47 #define FRAME_STATE_TYPE_STRING_V1  "(ssssasmaytt(ii)d" HTTP_BODY_TYPE_STRING_V1 "av)"
    48 #define FRAME_STATE_FORMAT_STRING_V1  "(&s&s&s&sasmaytt(ii)d@" HTTP_BODY_TYPE_STRING_V1 "av)"
     47#define FRAME_STATE_TYPE_STRING_V1  "(ssssasmayxx(ii)d" HTTP_BODY_TYPE_STRING_V1 "av)"
     48#define FRAME_STATE_FORMAT_STRING_V1  "(&s&s&s&sasmayxx(ii)d@" HTTP_BODY_TYPE_STRING_V1 "av)"
    4949#define BACK_FORWARD_LIST_ITEM_TYPE_STRING_V1  "(ts" FRAME_STATE_TYPE_STRING_V1 "u)"
    5050#define BACK_FORWARD_LIST_ITEM_FORMAT_STRING_V1  "(t&s@" FRAME_STATE_TYPE_STRING_V1 "u)"
     
    151151static inline void encodeFrameState(GVariantBuilder* sessionBuilder, const FrameState& frameState)
    152152{
    153     g_variant_builder_open(sessionBuilder, G_VARIANT_TYPE(FRAME_STATE_TYPE_STRING_V1));
    154153    g_variant_builder_add(sessionBuilder, "s", frameState.urlString.utf8().data());
    155154    g_variant_builder_add(sessionBuilder, "s", frameState.originalURLString.utf8().data());
     
    170169        g_variant_builder_close(sessionBuilder);
    171170    }
    172     g_variant_builder_add(sessionBuilder, "t", frameState.documentSequenceNumber);
    173     g_variant_builder_add(sessionBuilder, "t", frameState.itemSequenceNumber);
     171    g_variant_builder_add(sessionBuilder, "x", frameState.documentSequenceNumber);
     172    g_variant_builder_add(sessionBuilder, "x", frameState.itemSequenceNumber);
    174173    g_variant_builder_add(sessionBuilder, "(ii)", frameState.scrollPosition.x(), frameState.scrollPosition.y());
    175174    g_variant_builder_add(sessionBuilder, "d", frameState.pageScaleFactor);
     
    182181    }
    183182    g_variant_builder_open(sessionBuilder, G_VARIANT_TYPE("av"));
    184     for (const auto& child : frameState.children)
    185         encodeFrameState(sessionBuilder, child);
    186     g_variant_builder_close(sessionBuilder);
     183    for (const auto& child : frameState.children) {
     184        GVariantBuilder frameStateBuilder;
     185        g_variant_builder_init(&frameStateBuilder, G_VARIANT_TYPE(FRAME_STATE_TYPE_STRING_V1));
     186        encodeFrameState(&frameStateBuilder, child);
     187        g_variant_builder_add(sessionBuilder, "v", g_variant_builder_end(&frameStateBuilder));
     188    }
    187189    g_variant_builder_close(sessionBuilder);
    188190}
     
    191193{
    192194    g_variant_builder_add(sessionBuilder, "s", pageState.title.utf8().data());
     195    g_variant_builder_open(sessionBuilder, G_VARIANT_TYPE(FRAME_STATE_TYPE_STRING_V1));
    193196    encodeFrameState(sessionBuilder, pageState.mainFrameState);
     197    g_variant_builder_close(sessionBuilder);
    194198    g_variant_builder_add(sessionBuilder, "u", toExternalURLsPolicy(pageState.shouldOpenExternalURLsPolicy));
    195199}
     
    279283    GUniqueOutPtr<GVariantIter> documentStateIter;
    280284    GUniqueOutPtr<GVariantIter> stateObjectDataIter;
    281     guint64 documentSequenceNumber;
    282     guint64 itemSequenceNumber;
     285    gint64 documentSequenceNumber;
     286    gint64 itemSequenceNumber;
    283287    gint32 scrollPositionX, scrollPositionY;
    284288    gdouble pageScaleFactor;
     
    319323    while (GRefPtr<GVariant> child = adoptGRef(g_variant_iter_next_value(childrenIter.get()))) {
    320324        FrameState childFrameState;
    321         decodeFrameState(child.get(), childFrameState);
     325        GRefPtr<GVariant> childVariant = adoptGRef(g_variant_get_variant(child.get()));
     326        decodeFrameState(childVariant.get(), childFrameState);
    322327        frameState.children.append(WTFMove(childFrameState));
    323328    }
Note: See TracChangeset for help on using the changeset viewer.