Changeset 254971 in webkit

Timestamp:

Jan 23, 2020 2:58:48 AM (4 years ago)

Author:

commit-queue@webkit.org

Message:

KeyedDecoderGeneric crashes when it accesses a data with empty string key.
​https://bugs.webkit.org/show_bug.cgi?id=206572

Patch by Takashi Komori <​Takashi.Komori@sony.com> on 2020-01-23
Reviewed by Fujii Hironori.

Source/WebCore:

Changed null string which was used for HasMap key to empty string.

Test: TestWebKitAPI/Tests/WebCore/KeyedCoding.cpp

• platform/generic/KeyedDecoderGeneric.cpp:

(WebCore::readString):

Tools:

• TestWebKitAPI/Tests/WebCore/KeyedCoding.cpp:

(TestWebKitAPI::TEST):

Location:

trunk

Files:

• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/platform/generic/KeyedDecoderGeneric.cpp (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebCore/KeyedCoding.cpp (modified) (1 diff)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-01-23  Takashi Komori  <Takashi.Komori@sony.com>
+
+        KeyedDecoderGeneric crashes when it accesses a data with empty string key.
+        https://bugs.webkit.org/show_bug.cgi?id=206572
+
+        Reviewed by Fujii Hironori.
+
+        Changed null string which was used for HasMap key to empty string.
+
+        Test: TestWebKitAPI/Tests/WebCore/KeyedCoding.cpp
+
+        * platform/generic/KeyedDecoderGeneric.cpp:
+        (WebCore::readString):
+
 2020-01-23  Yusuke Suzuki  <ysuzuki@apple.com>
 

trunk/Source/WebCore/platform/generic/KeyedDecoderGeneric.cpp

@@ -54 +54 @@
     if (!decoder.decode(size))
         return false;
+    if (!size) {
+        result = emptyString();
+        return true;
+    }
+
     Vector<uint8_t> buffer(size);
     if (!decoder.decodeFixedLengthData(buffer.data(), size))
         return false;
     result = String::fromUTF8(buffer.data(), size);
+    if (result.isNull())
+        return false;
+
     return true;
 }

trunk/Tools/ChangeLog

@@ +1 @@
+2020-01-23  Takashi Komori  <Takashi.Komori@sony.com>
+
+        KeyedDecoderGeneric crashes when it accesses a data with empty string key.
+        https://bugs.webkit.org/show_bug.cgi?id=206572
+
+        Reviewed by Fujii Hironori.
+
+        * TestWebKitAPI/Tests/WebCore/KeyedCoding.cpp:
+        (TestWebKitAPI::TEST):
+
 2020-01-23  Tuomas Karkkainen  <tuomas.webkit@apple.com>
 

trunk/Tools/TestWebKitAPI/Tests/WebCore/KeyedCoding.cpp

@@ -276 +276 @@
     EXPECT_EQ(users, decodedUsers);
 }
-}
+
+TEST(KeyedCoding, SetAndGetWithEmptyKey)
+{
+    auto encoder = WebCore::KeyedEncoder::encoder();
+    encoder->encodeBool("", false);
+
+    auto encodedBuffer = encoder->finishEncoding();
+    auto decoder = WebCore::KeyedDecoder::decoder(reinterpret_cast<const uint8_t*>(encodedBuffer->data()), encodedBuffer->size());
+
+    bool success, boolValue;
+    success = decoder->decodeBool("", boolValue);
+
+    EXPECT_TRUE(success);
+    EXPECT_EQ(false, boolValue);
+}
+}