Changeset 245847 in webkit


Ignore:
Timestamp:
May 28, 2019 9:40:00 PM (5 years ago)
Author:
Fujii Hironori
Message:

[WinCairo] REGRESSION(r245186) Crash in NetworkCache::IOChannel::read in http/tests/IndexedDB some tests
https://bugs.webkit.org/show_bug.cgi?id=197941

Reviewed by Don Olmstead.

http/tests/IndexedDB some tests were crashing in
NetworkCache::IOChannel::read in order to allocate a buffer with
std::numeric_limits<size_t>::max() as the size.

IOChannel::read should check the file size, and calculate the read
size.

  • NetworkProcess/cache/NetworkCacheIOChannelCurl.cpp:

(WebKit::NetworkCache::IOChannel::read): Limit the read buffer
size by calling FileSystem::getFileSize.

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r245835 r245847  
     12019-05-28  Fujii Hironori  <Hironori.Fujii@sony.com>
     2
     3        [WinCairo] REGRESSION(r245186) Crash in NetworkCache::IOChannel::read in http/tests/IndexedDB some tests
     4        https://bugs.webkit.org/show_bug.cgi?id=197941
     5
     6        Reviewed by Don Olmstead.
     7
     8        http/tests/IndexedDB some tests were crashing in
     9        NetworkCache::IOChannel::read in order to allocate a buffer with
     10        std::numeric_limits<size_t>::max() as the size.
     11
     12        IOChannel::read should check the file size, and calculate the read
     13        size.
     14
     15        * NetworkProcess/cache/NetworkCacheIOChannelCurl.cpp:
     16        (WebKit::NetworkCache::IOChannel::read): Limit the read buffer
     17        size by calling FileSystem::getFileSize.
     18
    1192019-05-28  Brent Fulgham  <bfulgham@apple.com>
    220
  • trunk/Source/WebKit/NetworkProcess/cache/NetworkCacheIOChannelCurl.cpp

    r245186 r245847  
    7575{
    7676    runTaskInQueue([this, protectedThis = makeRef(*this), offset, size, completionHandler = WTFMove(completionHandler)] {
    77         Vector<uint8_t> buffer(size);
     77        long long fileSize;
     78        if (!FileSystem::getFileSize(m_fileDescriptor, fileSize) || fileSize > std::numeric_limits<size_t>::max()) {
     79            Data data;
     80            completionHandler(data, -1);
     81            return;
     82        }
     83        size_t readSize = fileSize;
     84        readSize = std::min(size, readSize);
     85        Vector<uint8_t> buffer(readSize);
    7886        FileSystem::seekFile(m_fileDescriptor, offset, FileSystem::FileSeekOrigin::Beginning);
    79         int err = FileSystem::readFromFile(m_fileDescriptor, reinterpret_cast<char*>(buffer.data()), size);
     87        int err = FileSystem::readFromFile(m_fileDescriptor, reinterpret_cast<char*>(buffer.data()), readSize);
    8088        err = err < 0 ? err : 0;
    8189        auto data = Data(WTFMove(buffer));
Note: See TracChangeset for help on using the changeset viewer.