Changeset 207563 in webkit
- Timestamp:
- Oct 19, 2016 1:30:27 PM (7 years ago)
- Location:
- trunk
- Files:
-
- 1 added
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit2/ChangeLog
r207562 r207563 1 2016-10-19 Andy Estes <aestes@apple.com> 2 3 Crash in ASCIICaseInsensitiveHash::hash() when a response has a null MIME type 4 https://bugs.webkit.org/show_bug.cgi?id=163476 5 <rdar://problem/26941395> 6 7 Reviewed by Andreas Kling. 8 9 When custom content providers are registered and a response has a null MIME type, WebPage 10 will pass a null String to HashSet::contains(). This results in a null pointer dereference, 11 since the String hash functions do not support null Strings and unconditionally dereference 12 their StringImpls. Fixed by checking that Strings are non-null before calling 13 HashSet::contains() on m_mimeTypesWithCustomContentProviders. 14 15 New API test: WebKit2.LoadDataWithNilMIMEType. 16 17 * WebProcess/WebPage/WebPage.cpp: 18 (WebKit::WebPage::shouldUseCustomContentProviderForResponse): Checked if mimeType is null 19 before calling m_mimeTypesWithCustomContentProviders.contains(). 20 (WebKit::WebPage::canShowMIMEType): Ditto. 21 * WebProcess/WebPage/WebPage.h: Made private the declaration of canPluginHandleResponse(). 22 1 23 2016-10-19 Chris Dumez <cdumez@apple.com> 2 24 -
trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp
r207484 r207563 4600 4600 bool WebPage::shouldUseCustomContentProviderForResponse(const ResourceResponse& response) 4601 4601 { 4602 auto& mimeType = response.mimeType(); 4603 if (mimeType.isNull()) 4604 return false; 4605 4602 4606 // If a plug-in exists that claims to support this response, it should take precedence over the custom content provider. 4603 return m_mimeTypesWithCustomContentProviders.contains(response.mimeType()) && !canPluginHandleResponse(response); 4607 // canPluginHandleResponse() is called last because it performs synchronous IPC. 4608 return m_mimeTypesWithCustomContentProviders.contains(mimeType) && !canPluginHandleResponse(response); 4604 4609 } 4605 4610 … … 5026 5031 return true; 5027 5032 5028 if ( m_mimeTypesWithCustomContentProviders.contains(MIMEType))5033 if (!MIMEType.isNull() && m_mimeTypesWithCustomContentProviders.contains(MIMEType)) 5029 5034 return true; 5030 5035 -
trunk/Source/WebKit2/WebProcess/WebPage/WebPage.h
r207484 r207563 846 846 847 847 bool shouldUseCustomContentProviderForResponse(const WebCore::ResourceResponse&); 848 bool canPluginHandleResponse(const WebCore::ResourceResponse& response);849 848 850 849 bool asynchronousPluginInitializationEnabled() const { return m_asynchronousPluginInitializationEnabled; } … … 1228 1227 void setUserInterfaceLayoutDirection(uint32_t); 1229 1228 1229 bool canPluginHandleResponse(const WebCore::ResourceResponse&); 1230 1230 1231 uint64_t m_pageID; 1231 1232 -
trunk/Tools/ChangeLog
r207561 r207563 1 2016-10-19 Andy Estes <aestes@apple.com> 2 3 Crash in ASCIICaseInsensitiveHash::hash() when a response has a null MIME type 4 https://bugs.webkit.org/show_bug.cgi?id=163476 5 <rdar://problem/26941395> 6 7 Reviewed by Andreas Kling. 8 9 * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj: 10 * TestWebKitAPI/Tests/WebKit2Cocoa/LoadDataWithNilMIMEType.mm: Added. 11 (TEST): Added an API test that passes a nil MIMEType to 12 -[WKWebView loadData:MIMEType:characterEncodingName:baseURL:]. 13 1 14 2016-10-19 Jer Noble <jer.noble@apple.com> 2 15 -
trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj
r207484 r207563 426 426 9C64DC321D76198A004B598E /* YouTubePluginReplacement.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 9C64DC311D76198A004B598E /* YouTubePluginReplacement.cpp */; }; 427 427 A1146A8D1D2D7115000FE710 /* ContentFiltering.mm in Sources */ = {isa = PBXBuildFile; fileRef = A1146A8A1D2D704F000FE710 /* ContentFiltering.mm */; }; 428 A125478F1DB18B9400358564 /* LoadDataWithNilMIMEType.mm in Sources */ = {isa = PBXBuildFile; fileRef = A125478D1DB18B9400358564 /* LoadDataWithNilMIMEType.mm */; }; 428 429 A13EBBAA1B87428D00097110 /* WebProcessPlugIn.mm in Sources */ = {isa = PBXBuildFile; fileRef = A13EBBA91B87428D00097110 /* WebProcessPlugIn.mm */; }; 429 430 A13EBBAB1B87434600097110 /* PlatformUtilitiesCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 0F139E721A423A2B00F590F5 /* PlatformUtilitiesCocoa.mm */; }; … … 1055 1056 9C64DC311D76198A004B598E /* YouTubePluginReplacement.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = YouTubePluginReplacement.cpp; sourceTree = "<group>"; }; 1056 1057 A1146A8A1D2D704F000FE710 /* ContentFiltering.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = ContentFiltering.mm; sourceTree = "<group>"; }; 1058 A125478D1DB18B9400358564 /* LoadDataWithNilMIMEType.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LoadDataWithNilMIMEType.mm; sourceTree = "<group>"; }; 1057 1059 A13EBB491B87339E00097110 /* TestWebKitAPI.wkbundle */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = TestWebKitAPI.wkbundle; sourceTree = BUILT_PRODUCTS_DIR; }; 1058 1060 A13EBB521B87346600097110 /* WebProcessPlugIn.xcconfig */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xcconfig; path = WebProcessPlugIn.xcconfig; sourceTree = "<group>"; }; … … 1428 1430 0F3B94A51A77266C00DE3272 /* WKWebViewEvaluateJavaScript.mm */, 1429 1431 9984FACA1CFFAEEE008D198C /* WKWebViewTextInput.mm */, 1432 A125478D1DB18B9400358564 /* LoadDataWithNilMIMEType.mm */, 1430 1433 ); 1431 1434 name = "WebKit2 Cocoa"; … … 2396 2399 7CCE7EC01A411A7E00447C4C /* FragmentNavigation.mm in Sources */, 2397 2400 7CCE7EF61A411AE600447C4C /* FrameMIMETypeHTML.cpp in Sources */, 2401 A125478F1DB18B9400358564 /* LoadDataWithNilMIMEType.mm in Sources */, 2398 2402 7CCE7EF71A411AE600447C4C /* FrameMIMETypePNG.cpp in Sources */, 2399 2403 7C83E0BD1D0A650C00FEBCF3 /* FullscreenTopContentInset.mm in Sources */,
Note: See TracChangeset
for help on using the changeset viewer.