Changeset 245009 in webkit


Ignore:
Timestamp:
May 7, 2019 7:39:10 AM (5 years ago)
Author:
Wenson Hsieh
Message:

[macOS] Avoid crashing the UI process when writing empty data to the pasteboard
https://bugs.webkit.org/show_bug.cgi?id=197644
<rdar://problem/50526364>

Reviewed by Tim Horton.

Source/WebKit:

Test: WebKit.WKWebProcessPlugInDoNotCrashWhenCopyingEmptyClientData

  • WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:

(WebKit::WebPlatformStrategies::setBufferForType):

Make this function robust by not attempting to create a shared memory buffer in the case where the given data
buffer is empty.

Tools:

Add a new API test to exercise a possible scenario where we may crash while writing data to the pasteboard.

  • TestWebKitAPI/Tests/WebKitCocoa/BundleEditingDelegate.mm:
  • TestWebKitAPI/Tests/WebKitCocoa/BundleEditingDelegatePlugIn.mm:

(-[BundleEditingDelegatePlugIn webProcessPlugIn:didCreateBrowserContextController:]):
(-[BundleEditingDelegatePlugIn _webProcessPlugInBrowserContextController:pasteboardDataForRange:]):

Location:
trunk
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r245008 r245009  
     12019-05-07  Wenson Hsieh  <wenson_hsieh@apple.com>
     2
     3        [macOS] Avoid crashing the UI process when writing empty data to the pasteboard
     4        https://bugs.webkit.org/show_bug.cgi?id=197644
     5        <rdar://problem/50526364>
     6
     7        Reviewed by Tim Horton.
     8
     9        Test: WebKit.WKWebProcessPlugInDoNotCrashWhenCopyingEmptyClientData
     10
     11        * WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
     12        (WebKit::WebPlatformStrategies::setBufferForType):
     13
     14        Make this function robust by not attempting to create a shared memory buffer in the case where the given data
     15        buffer is empty.
     16
    1172019-05-07  Carlos Garcia Campos  <cgarcia@igalia.com>
    218
  • trunk/Source/WebKit/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp

    r241749 r245009  
    203203{
    204204    SharedMemory::Handle handle;
    205     if (buffer) {
     205    if (buffer && buffer->size()) {
    206206        RefPtr<SharedMemory> sharedMemoryBuffer = SharedMemory::allocate(buffer->size());
    207207        // FIXME: Null check prevents crashing, but it is not great that we will have empty pasteboard content for this type,
  • trunk/Tools/ChangeLog

    r245007 r245009  
     12019-05-07  Wenson Hsieh  <wenson_hsieh@apple.com>
     2
     3        [macOS] Avoid crashing the UI process when writing empty data to the pasteboard
     4        https://bugs.webkit.org/show_bug.cgi?id=197644
     5        <rdar://problem/50526364>
     6
     7        Reviewed by Tim Horton.
     8
     9        Add a new API test to exercise a possible scenario where we may crash while writing data to the pasteboard.
     10
     11        * TestWebKitAPI/Tests/WebKitCocoa/BundleEditingDelegate.mm:
     12        * TestWebKitAPI/Tests/WebKitCocoa/BundleEditingDelegatePlugIn.mm:
     13        (-[BundleEditingDelegatePlugIn webProcessPlugIn:didCreateBrowserContextController:]):
     14        (-[BundleEditingDelegatePlugIn _webProcessPlugInBrowserContextController:pasteboardDataForRange:]):
     15
    1162019-05-07  Carlos Garcia Campos  <cgarcia@igalia.com>
    217
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/BundleEditingDelegate.mm

    r242339 r245009  
    116116}
    117117
    118 #endif
     118TEST(WebKit, WKWebProcessPlugInDoNotCrashWhenCopyingEmptyClientData)
     119{
     120    auto configuration = retainPtr([WKWebViewConfiguration _test_configurationWithTestPlugInClassName:@"BundleEditingDelegatePlugIn"]);
     121    [[configuration processPool] _setObject:@YES forBundleParameter:@"EditingDelegateShouldWriteEmptyData"];
     122
     123    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
     124    [webView loadHTMLString:@"<body style='-webkit-user-modify: read-write-plaintext-only'>Just something to copy <script> var textNode = document.body.firstChild; document.getSelection().setBaseAndExtent(textNode, 5, textNode, 14) </script>" baseURL:nil];
     125    [webView _test_waitForDidFinishNavigation];
     126
     127    auto object = adoptNS([[BundleEditingDelegateRemoteObject alloc] init]);
     128    _WKRemoteObjectInterface *interface = [_WKRemoteObjectInterface remoteObjectInterfaceWithProtocol:@protocol(BundleEditingDelegateProtocol)];
     129    [[webView _remoteObjectRegistry] registerExportedObject:object.get() interface:interface];
     130
     131    [webView performSelector:@selector(copy:) withObject:nil];
     132    TestWebKitAPI::Util::run(&didWriteToPasteboard);
     133}
     134
     135#endif // PLATFORM(MAC)
  • trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/BundleEditingDelegatePlugIn.mm

    r242339 r245009  
    4646    BOOL _editingDelegateShouldInsertText;
    4747    BOOL _shouldOverridePerformTwoStepDrop;
     48    BOOL _shouldWriteEmptyData;
    4849}
    4950
     
    6162        _editingDelegateShouldInsertText = YES;
    6263
     64    _shouldWriteEmptyData = [[plugInController.parameters valueForKey:@"EditingDelegateShouldWriteEmptyData"] boolValue];
    6365    _shouldOverridePerformTwoStepDrop = [[plugInController.parameters valueForKey:@"BundleOverridePerformTwoStepDrop"] boolValue];
    6466
     
    8486- (NSDictionary<NSString *, NSData *> *)_webProcessPlugInBrowserContextController:(WKWebProcessPlugInBrowserContextController *)controller pasteboardDataForRange:(WKWebProcessPlugInRangeHandle *)range
    8587{
    86     return @{ @"org.webkit.data" : [NSData dataWithBytesNoCopy:(void*)"hello" length:5 freeWhenDone:NO] };
     88    return @{ @"org.webkit.data" : _shouldWriteEmptyData ? NSData.data : [NSData dataWithBytesNoCopy:(void*)"hello" length:5 freeWhenDone:NO] };
    8789}
    8890
Note: See TracChangeset for help on using the changeset viewer.