Changeset 207443 in webkit
- Timestamp:
- Oct 17, 2016 5:28:34 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 6 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit2/ChangeLog
r207441 r207443 1 2016-10-17 Andy Estes <aestes@apple.com> 2 3 Crash in ASCIICaseInsensitiveHash::hash() when a response has a null MIME type 4 https://bugs.webkit.org/show_bug.cgi?id=163476 5 <rdar://problem/26941395> 6 7 Reviewed by Tim Horton. 8 9 When custom content providers are registered and a response has a null MIME type, WebPage 10 will pass a null String to HashSet::contains(). This results in a null pointer dereference, 11 since the String hash functions do not support null Strings and unconditionally dereference 12 their StringImpls. Fixed by checking that Strings are non-null before calling 13 HashSet::contains() on m_mimeTypesWithCustomContentProviders. 14 15 Rearranging WebPage::shouldUseCustomContentProviderForResponse() to call 16 canPluginHandleResponse() before checking m_mimeTypesWithCustomContentProviders uncovered a 17 crash in existing layout tests where WebPage::m_mainFrame can be NULL during WebPage 18 construction (m_mainFrame isn't yet initialized). Fixed this by passing the main Frame to 19 canPluginHandleResponseInFrame() instead of relying on m_mainFrame. 20 21 New API test: WebKit2.LoadDataWithNilMIMEType. 22 23 * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp: 24 (WebKit::WebFrameLoaderClient::transitionToCommittedFromCachedFrame): Passed 25 m_frame->coreFrame() to shouldUseCustomContentProviderForResponse(). 26 (WebKit::WebFrameLoaderClient::transitionToCommittedForNewPage): Ditto. 27 * WebProcess/WebPage/WebPage.cpp: 28 (WebKit::WebPage::canPluginHandleResponse): Added a mainFrame parameter and used it instead 29 of m_mainFrame->coreFrame(). 30 (WebKit::WebPage::shouldUseCustomContentProviderForResponse): Passed mainFrame to 31 canPluginHandleResponse(), and checked if mimeType is null before calling 32 m_mimeTypesWithCustomContentProviders.contains(). 33 (WebKit::WebPage::canShowMIMEType): Checked if MIMEType is null before calling 34 m_mimeTypesWithCustomContentProviders.contains(). 35 * WebProcess/WebPage/WebPage.h: Made canPluginHandleResponse() a private declaration. 36 1 37 2016-10-17 Chris Dumez <cdumez@apple.com> 2 38 -
trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp
r206006 r207443 1295 1295 void WebFrameLoaderClient::transitionToCommittedFromCachedFrame(CachedFrame*) 1296 1296 { 1297 const ResourceResponse& response = m_frame->coreFrame()->loader().documentLoader()->response(); 1298 m_frameHasCustomContentProvider = m_frame->isMainFrame() && m_frame->page()->shouldUseCustomContentProviderForResponse(response); 1297 auto& coreFrame = *m_frame->coreFrame(); 1298 const ResourceResponse& response = coreFrame.loader().documentLoader()->response(); 1299 m_frameHasCustomContentProvider = m_frame->isMainFrame() && m_frame->page()->shouldUseCustomContentProviderForResponse(response, coreFrame); 1299 1300 m_frameCameFromPageCache = true; 1300 1301 } … … 1311 1312 bool shouldHideScrollbars = shouldDisableScrolling; 1312 1313 IntRect fixedVisibleContentRect; 1314 auto& coreFrame = *m_frame->coreFrame(); 1313 1315 1314 1316 #if USE(COORDINATED_GRAPHICS) 1315 if ( m_frame->coreFrame()->view())1316 fixedVisibleContentRect = m_frame->coreFrame()->view()->fixedVisibleContentRect();1317 if (FrameView* frameView = coreFrame.view()) 1318 fixedVisibleContentRect = frameView->fixedVisibleContentRect(); 1317 1319 if (shouldUseFixedLayout) 1318 1320 shouldHideScrollbars = true; 1319 1321 #endif 1320 1322 1321 const ResourceResponse& response = m_frame->coreFrame()->loader().documentLoader()->response();1322 m_frameHasCustomContentProvider = isMainFrame && webPage->shouldUseCustomContentProviderForResponse(response );1323 const ResourceResponse& response = coreFrame.loader().documentLoader()->response(); 1324 m_frameHasCustomContentProvider = isMainFrame && webPage->shouldUseCustomContentProviderForResponse(response, coreFrame); 1323 1325 m_frameCameFromPageCache = false; 1324 1326 1325 1327 ScrollbarMode defaultScrollbarMode = shouldHideScrollbars ? ScrollbarAlwaysOff : ScrollbarAuto; 1326 1328 1327 m_frame->coreFrame()->createView(webPage->size(), backgroundColor, isTransparent,1329 coreFrame.createView(webPage->size(), backgroundColor, isTransparent, 1328 1330 webPage->fixedLayoutSize(), fixedVisibleContentRect, shouldUseFixedLayout, 1329 1331 defaultScrollbarMode, /* lock */ shouldHideScrollbars, defaultScrollbarMode, /* lock */ shouldHideScrollbars); 1330 1332 1333 FrameView* frameView = coreFrame.view(); 1331 1334 if (int minimumLayoutWidth = webPage->minimumLayoutSize().width()) { 1332 1335 int minimumLayoutHeight = std::max(webPage->minimumLayoutSize().height(), 1); 1333 1336 int maximumSize = std::numeric_limits<int>::max(); 1334 m_frame->coreFrame()->view()->enableAutoSizeMode(true, IntSize(minimumLayoutWidth, minimumLayoutHeight), IntSize(maximumSize, maximumSize));1337 frameView->enableAutoSizeMode(true, IntSize(minimumLayoutWidth, minimumLayoutHeight), IntSize(maximumSize, maximumSize)); 1335 1338 1336 1339 if (webPage->autoSizingShouldExpandToViewHeight()) 1337 m_frame->coreFrame()->view()->setAutoSizeFixedMinimumHeight(webPage->size().height());1338 } 1339 1340 m_frame->coreFrame()->view()->setProhibitsScrolling(shouldDisableScrolling);1341 m_frame->coreFrame()->view()->setVisualUpdatesAllowedByClient(!webPage->shouldExtendIncrementalRenderingSuppression());1340 frameView->setAutoSizeFixedMinimumHeight(webPage->size().height()); 1341 } 1342 1343 frameView->setProhibitsScrolling(shouldDisableScrolling); 1344 frameView->setVisualUpdatesAllowedByClient(!webPage->shouldExtendIncrementalRenderingSuppression()); 1342 1345 #if PLATFORM(COCOA) 1343 m_frame->coreFrame()->view()->setViewExposedRect(webPage->drawingArea()->viewExposedRect());1346 frameView->setViewExposedRect(webPage->drawingArea()->viewExposedRect()); 1344 1347 #endif 1345 1348 #if PLATFORM(IOS) 1346 m_frame->coreFrame()->view()->setDelegatesScrolling(true);1349 frameView->setDelegatesScrolling(true); 1347 1350 #endif 1348 1351 1349 1352 if (webPage->scrollPinningBehavior() != DoNotPin) 1350 m_frame->coreFrame()->view()->setScrollPinningBehavior(webPage->scrollPinningBehavior());1353 frameView->setScrollPinningBehavior(webPage->scrollPinningBehavior()); 1351 1354 1352 1355 #if USE(COORDINATED_GRAPHICS) 1353 1356 if (shouldUseFixedLayout) { 1354 m_frame->coreFrame()->view()->setDelegatesScrolling(shouldUseFixedLayout);1355 m_frame->coreFrame()->view()->setPaintsEntireContents(shouldUseFixedLayout);1357 frameView->setDelegatesScrolling(shouldUseFixedLayout); 1358 frameView->setPaintsEntireContents(shouldUseFixedLayout); 1356 1359 return; 1357 1360 } -
trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp
r207426 r207443 4573 4573 } 4574 4574 4575 bool WebPage::canPluginHandleResponse(const ResourceResponse& response )4575 bool WebPage::canPluginHandleResponse(const ResourceResponse& response, const Frame& mainFrame) 4576 4576 { 4577 4577 #if ENABLE(NETSCAPE_PLUGIN_API) 4578 ASSERT(mainFrame.isMainFrame()); 4578 4579 uint32_t pluginLoadPolicy; 4579 bool allowOnlyApplicationPlugins = !m _mainFrame->coreFrame()->loader().subframeLoader().allowPlugins();4580 bool allowOnlyApplicationPlugins = !mainFrame.loader().subframeLoader().allowPlugins(); 4580 4581 4581 4582 uint64_t pluginProcessToken; … … 4589 4590 #else 4590 4591 UNUSED_PARAM(response); 4592 UNUSED_PARAM(mainFrame); 4591 4593 return false; 4592 4594 #endif 4593 4595 } 4594 4596 4595 bool WebPage::shouldUseCustomContentProviderForResponse(const ResourceResponse& response )4597 bool WebPage::shouldUseCustomContentProviderForResponse(const ResourceResponse& response, const Frame& mainFrame) 4596 4598 { 4597 4599 // If a plug-in exists that claims to support this response, it should take precedence over the custom content provider. 4598 return m_mimeTypesWithCustomContentProviders.contains(response.mimeType()) && !canPluginHandleResponse(response); 4600 if (canPluginHandleResponse(response, mainFrame)) 4601 return false; 4602 4603 auto& mimeType = response.mimeType(); 4604 return mimeType.isNull() ? false : m_mimeTypesWithCustomContentProviders.contains(mimeType); 4599 4605 } 4600 4606 … … 5021 5027 return true; 5022 5028 5023 if ( m_mimeTypesWithCustomContentProviders.contains(MIMEType))5029 if (!MIMEType.isNull() && m_mimeTypesWithCustomContentProviders.contains(MIMEType)) 5024 5030 return true; 5025 5031 -
trunk/Source/WebKit2/WebProcess/WebPage/WebPage.h
r207424 r207443 845 845 #endif 846 846 847 bool shouldUseCustomContentProviderForResponse(const WebCore::ResourceResponse&); 848 bool canPluginHandleResponse(const WebCore::ResourceResponse& response); 847 bool shouldUseCustomContentProviderForResponse(const WebCore::ResourceResponse&, const WebCore::Frame& mainFrame); 849 848 850 849 bool asynchronousPluginInitializationEnabled() const { return m_asynchronousPluginInitializationEnabled; } … … 1226 1225 void setUserInterfaceLayoutDirection(uint32_t); 1227 1226 1227 bool canPluginHandleResponse(const WebCore::ResourceResponse&, const WebCore::Frame& mainFrame); 1228 1228 1229 uint64_t m_pageID; 1229 1230 -
trunk/Tools/ChangeLog
r207442 r207443 1 2016-10-17 Andy Estes <aestes@apple.com> 2 3 Crash in ASCIICaseInsensitiveHash::hash() when a response has a null MIME type 4 https://bugs.webkit.org/show_bug.cgi?id=163476 5 <rdar://problem/26941395> 6 7 Reviewed by Tim Horton. 8 9 * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: 10 * TestWebKitAPI/Tests/WebKit2Cocoa/LoadDataWithNilMIMEType.mm: Added. 11 (TEST): Added an API test that passes a nil MIMEType to 12 -[WKWebView loadData:MIMEType:characterEncodingName:baseURL:]. 13 1 14 2016-10-17 Dean Jackson <dino@apple.com> 2 15 -
trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
r207442 r207443 426 426 9C64DC321D76198A004B598E /* YouTubePluginReplacement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 9C64DC311D76198A004B598E /* YouTubePluginReplacement.cpp */; }; 427 427 A1146A8D1D2D7115000FE710 /* ContentFiltering.mm in Sources */ = {isa = PBXBuildFile; fileRef = A1146A8A1D2D704F000FE710 /* ContentFiltering.mm */; }; 428 A125478F1DB18B9400358564 /* LoadDataWithNilMIMEType.mm in Sources */ = {isa = PBXBuildFile; fileRef = A125478D1DB18B9400358564 /* LoadDataWithNilMIMEType.mm */; }; 428 429 A13EBBAA1B87428D00097110 /* WebProcessPlugIn.mm in Sources */ = {isa = PBXBuildFile; fileRef = A13EBBA91B87428D00097110 /* WebProcessPlugIn.mm */; }; 429 430 A13EBBAB1B87434600097110 /* PlatformUtilitiesCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 0F139E721A423A2B00F590F5 /* PlatformUtilitiesCocoa.mm */; }; … … 1055 1056 9C64DC311D76198A004B598E /* YouTubePluginReplacement.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = YouTubePluginReplacement.cpp; sourceTree = "<group>"; }; 1056 1057 A1146A8A1D2D704F000FE710 /* ContentFiltering.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ContentFiltering.mm; sourceTree = "<group>"; }; 1058 A125478D1DB18B9400358564 /* LoadDataWithNilMIMEType.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LoadDataWithNilMIMEType.mm; sourceTree = "<group>"; }; 1057 1059 A13EBB491B87339E00097110 /* TestWebKitAPI.wkbundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = TestWebKitAPI.wkbundle; sourceTree = BUILT_PRODUCTS_DIR; }; 1058 1060 A13EBB521B87346600097110 /* WebProcessPlugIn.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = WebProcessPlugIn.xcconfig; sourceTree = "<group>"; }; … … 1428 1430 0F3B94A51A77266C00DE3272 /* WKWebViewEvaluateJavaScript.mm */, 1429 1431 9984FACA1CFFAEEE008D198C /* WKWebViewTextInput.mm */, 1432 A125478D1DB18B9400358564 /* LoadDataWithNilMIMEType.mm */, 1430 1433 ); 1431 1434 name = "WebKit2 Cocoa"; … … 2396 2399 7CCE7EC01A411A7E00447C4C /* FragmentNavigation.mm in Sources */, 2397 2400 7CCE7EF61A411AE600447C4C /* FrameMIMETypeHTML.cpp in Sources */, 2401 A125478F1DB18B9400358564 /* LoadDataWithNilMIMEType.mm in Sources */, 2398 2402 7CCE7EF71A411AE600447C4C /* FrameMIMETypePNG.cpp in Sources */, 2399 2403 7C83E0BD1D0A650C00FEBCF3 /* FullscreenTopContentInset.mm in Sources */,
Note: See TracChangeset
for help on using the changeset viewer.