Changeset 228713 in webkit


Ignore:
Timestamp:
Feb 19, 2018 2:50:35 PM (6 years ago)
Author:
dbates@webkit.org
Message:

Null pointer dereference in WebPageProxy::urlSchemeHandlerForScheme()
https://bugs.webkit.org/show_bug.cgi?id=182905
<rdar://problem/37676775>

Reviewed by Alex Christensen.

Return nullptr when querying for the scheme handler of the null string.

Before a navigation is performed WebKit checks if the destination URL is associated with an app
unless the embedding client overrides the WKNavigationDelegate delegate callback -webView:decidePolicyForNavigationAction:decisionHandler.
If the URL is not associated with an app then WebKit may fall back to checking if the embedding
client registered a scheme handler for it. Currently we assume that the scheme is a non-null
string when checking the scheme handler registry. However the scheme can be a null string if
it is part of a malformed URL. And this leads to bad news bears when we try to use it to look
for a scheme handler. Instead check that the scheme is a non-null string before checking to see
if it is in the scheme handler registry.

  • UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::urlSchemeHandlerForScheme):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r228712 r228713  
     12018-02-19  Daniel Bates  <dabates@apple.com>
     2
     3        Null pointer dereference in WebPageProxy::urlSchemeHandlerForScheme()
     4        https://bugs.webkit.org/show_bug.cgi?id=182905
     5        <rdar://problem/37676775>
     6
     7        Reviewed by Alex Christensen.
     8
     9        Return nullptr when querying for the scheme handler of the null string.
     10
     11        Before a navigation is performed WebKit checks if the destination URL is associated with an app
     12        unless the embedding client overrides the WKNavigationDelegate delegate callback -webView:decidePolicyForNavigationAction:decisionHandler.
     13        If the URL is not associated with an app then WebKit may fall back to checking if the embedding
     14        client registered a scheme handler for it. Currently we assume that the scheme is a non-null
     15        string when checking the scheme handler registry. However the scheme can be a null string if
     16        it is part of a malformed URL. And this leads to bad news bears when we try to use it to look
     17        for a scheme handler. Instead check that the scheme is a non-null string before checking to see
     18        if it is in the scheme handler registry.
     19
     20        * UIProcess/WebPageProxy.cpp:
     21        (WebKit::WebPageProxy::urlSchemeHandlerForScheme):
     22
    1232018-02-19  Eric Carlson  <eric.carlson@apple.com>
    224

  • trunk/Source/WebKit/UIProcess/WebPageProxy.cpp

    r228711 r228713  
    72007200WebURLSchemeHandler* WebPageProxy::urlSchemeHandlerForScheme(const String& scheme)
    72017201{
    7202     return m_urlSchemeHandlersByScheme.get(scheme);
     7202    return scheme.isNull() ? nullptr : m_urlSchemeHandlersByScheme.get(scheme);
    72037203}
    72047204
Note: See TracChangeset for help on using the changeset viewer.