Changeset 242352 in webkit

Timestamp:

Mar 4, 2019 6:30:46 AM (5 years ago)

Author:

commit-queue@webkit.org

Message:

WebDriver: fix String not terminated with null caracter
​https://bugs.webkit.org/show_bug.cgi?id=195274

Patch by Karl Leplat <​karl.leplat_ext@softathome.com> on 2019-03-04
Reviewed by Carlos Garcia Campos.

This has been detected by an exception returned by the function
evaluateJavaScriptFunction with the message :
[native code]: JS ERROR SyntaxError: Unexpected keyword 'function'. Expected ')' to end a compound expression.
keyword 'function' has been initialized with a string that come from char array, not a null-terminated string.

• Session.cpp:

(WebDriver::Session::fullscreenWindow):
(WebDriver::Session::findElements):
(WebDriver::Session::isElementSelected):
(WebDriver::Session::isElementDisplayed):
(WebDriver::Session::getElementAttribute):
(WebDriver::Session::elementClear):

Location:

trunk/Source/WebDriver

Files:

• ChangeLog (modified) (1 diff)
• Session.cpp (modified) (6 diffs)

trunk/Source/WebDriver/ChangeLog

@@ +1 @@
+2019-03-04  Karl Leplat  <karl.leplat_ext@softathome.com>
+
+        WebDriver: fix String not terminated with null caracter
+        https://bugs.webkit.org/show_bug.cgi?id=195274
+
+        Reviewed by Carlos Garcia Campos.
+
+        This has been detected by an exception returned by the function
+        evaluateJavaScriptFunction with the message :
+        [native code]: JS ERROR SyntaxError: Unexpected keyword 'function'. Expected ')' to end a compound expression.
+        keyword 'function' has been initialized with a string that come from char array, not a null-terminated string.
+
+        * Session.cpp:
+        (WebDriver::Session::fullscreenWindow):
+        (WebDriver::Session::findElements):
+        (WebDriver::Session::isElementSelected):
+        (WebDriver::Session::isElementDisplayed):
+        (WebDriver::Session::getElementAttribute):
+        (WebDriver::Session::elementClear):
+
 2019-01-31  Zan Dobersek  <zdobersek@igalia.com>
 

trunk/Source/WebDriver/Session.cpp

@@ -840 +840 @@
         RefPtr<JSON::Object> parameters = JSON::Object::create();
         parameters->setString("browsingContextHandle"_s, m_toplevelBrowsingContext.value());
-        parameters->setString("function"_s, EnterFullscreenJavaScript);
+        parameters->setString("function"_s, String(EnterFullscreenJavaScript, sizeof(EnterFullscreenJavaScript)));
         parameters->setArray("arguments"_s, JSON::Array::create());
         parameters->setBoolean("expectsImplicitCallbackArgument"_s, true);
@@ -1003 +1003 @@
         if (m_currentBrowsingContext)
             parameters->setString("frameHandle"_s, m_currentBrowsingContext.value());
-        parameters->setString("function"_s, FindNodesJavaScript);
+        parameters->setString("function"_s, String(FindNodesJavaScript, sizeof(FindNodesJavaScript)));
         parameters->setArray("arguments"_s, WTFMove(arguments));
         parameters->setBoolean("expectsImplicitCallbackArgument"_s, true);
@@ -1117 +1117 @@
         if (m_currentBrowsingContext)
             parameters->setString("frameHandle"_s, m_currentBrowsingContext.value());
-        parameters->setString("function"_s, ElementAttributeJavaScript);
+        parameters->setString("function"_s, String(ElementAttributeJavaScript, sizeof(ElementAttributeJavaScript)));
         parameters->setArray("arguments"_s, WTFMove(arguments));
         m_host->sendCommandToBackend("evaluateJavaScriptFunction"_s, WTFMove(parameters), [protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)](SessionHost::CommandResponse&& response) {
@@ -1318 +1318 @@
         if (m_currentBrowsingContext)
             parameters->setString("frameHandle"_s, m_currentBrowsingContext.value());
-        parameters->setString("function"_s, ElementDisplayedJavaScript);
+        parameters->setString("function"_s, String(ElementDisplayedJavaScript, sizeof(ElementDisplayedJavaScript)));
         parameters->setArray("arguments"_s, WTFMove(arguments));
         m_host->sendCommandToBackend("evaluateJavaScriptFunction"_s, WTFMove(parameters), [protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)](SessionHost::CommandResponse&& response) {
@@ -1360 +1360 @@
         if (m_currentBrowsingContext)
             parameters->setString("frameHandle"_s, m_currentBrowsingContext.value());
-        parameters->setString("function"_s, ElementAttributeJavaScript);
+        parameters->setString("function"_s, String(ElementAttributeJavaScript, sizeof(ElementAttributeJavaScript)));
         parameters->setArray("arguments"_s, WTFMove(arguments));
         m_host->sendCommandToBackend("evaluateJavaScriptFunction"_s, WTFMove(parameters), [protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)](SessionHost::CommandResponse&& response) {
@@ -1586 +1586 @@
         if (m_currentBrowsingContext)
             parameters->setString("frameHandle"_s, m_currentBrowsingContext.value());
-        parameters->setString("function"_s, FormElementClearJavaScript);
+        parameters->setString("function"_s, String(FormElementClearJavaScript, sizeof(FormElementClearJavaScript)));
         parameters->setArray("arguments"_s, WTFMove(arguments));
         m_host->sendCommandToBackend("evaluateJavaScriptFunction"_s, WTFMove(parameters), [protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)](SessionHost::CommandResponse&& response) {