Changeset 30236 in webkit

Timestamp:

Feb 14, 2008 4:30:24 PM (16 years ago)

Author:

alp@webkit.org

Message:

2008-02-14 Alp Toker <​alp@atoker.com>

Reviewed by Darin.

​http://bugs.webkit.org/show_bug.cgi?id=17353
XMLTokenizer installs global libxml2 callbacks that can break client applications

Patch by Mark Rowe (with a few changes).

The xmlRegisterInputCallbacks/xmlRegisterOutputCallbacks done at
init are global so we need to make sure these callbacks only get used
by XMLTokenizer and never by libxml2 calls in user applications.

This patch modifies the match and open functions to only apply when we
are certain the caller is XMLTokenizer by checking globalDocLoader and
ensuring we're on the correct thread.

Some possible issues remain. See the bug report for details.

• dom/XMLTokenizer.cpp: (WebCore::matchFunc): (WebCore::openFunc): (WebCore::createStringParser):

Location:

trunk/WebCore

Files:

• ChangeLog (modified) (1 diff)
• dom/XMLTokenizer.cpp (modified) (5 diffs)

trunk/WebCore/ChangeLog

@@ +1 @@
+2008-02-14  Alp Toker  <alp@atoker.com>
+
+        Reviewed by Darin.
+
+        http://bugs.webkit.org/show_bug.cgi?id=17353
+        XMLTokenizer installs global libxml2 callbacks that can break client applications
+
+        Patch by Mark Rowe (with a few changes).
+
+        The xmlRegisterInputCallbacks/xmlRegisterOutputCallbacks done at
+        init are global so we need to make sure these callbacks only get used
+        by XMLTokenizer and never by libxml2 calls in user applications.
+
+        This patch modifies the match and open functions to only apply when we
+        are certain the caller is XMLTokenizer by checking globalDocLoader and
+        ensuring we're on the correct thread.
+
+        Some possible issues remain. See the bug report for details.
+
+        * dom/XMLTokenizer.cpp:
+        (WebCore::matchFunc):
+        (WebCore::openFunc):
+        (WebCore::createStringParser):
+
 2008-02-14  Timothy Hatcher  <timothy@apple.com>
 

trunk/WebCore/dom/XMLTokenizer.cpp

@@ -48 +48 @@
 #include "ResourceRequest.h"
 #include "ResourceResponse.h"
+#include "Threading.h"
 #ifndef USE_QXMLSTREAM
 #include <libxml/parser.h>
@@ -341 +342 @@
 
 static int globalDescriptor = 0;
+static DocLoader* globalDocLoader = 0;
+static ThreadIdentifier libxmlLoaderThread = 0;
 
 static int matchFunc(const char* uri)
 {
-    return 1; // Match everything.
-}
-
-static DocLoader* globalDocLoader = 0;
+    // Only match loads initiated due to uses of libxml2 from within XMLTokenizer to avoid
+    // interfering with client applications that also use libxml2.  http://bugs.webkit.org/show_bug.cgi?id=17353
+    return globalDocLoader && currentThread() == libxmlLoaderThread;
+}
 
 class OffsetBuffer {
@@ -378 +381 @@
 static void* openFunc(const char* uri)
 {
-    if (!globalDocLoader || !shouldAllowExternalLoad(uri))
+    ASSERT(globalDocLoader);
+    ASSERT(currentThread() == libxmlLoaderThread);
+
+    if (!shouldAllowExternalLoad(uri))
         return &globalDescriptor;
 
@@ -385 +391 @@
     Vector<char> data;
     
-    if (globalDocLoader->frame()) 
-        globalDocLoader->frame()->loader()->loadResourceSynchronously(KURL(uri), error, response, data);
+    DocLoader* docLoader = globalDocLoader;
+    globalDocLoader = 0;
+    // FIXME: We should restore the original global error handler as well.
+
+    if (docLoader->frame()) 
+        docLoader->frame()->loader()->loadResourceSynchronously(KURL(uri), error, response, data);
+
+    globalDocLoader = docLoader;
 
     return new OffsetBuffer(data);
@@ -433 +445 @@
         xmlRegisterInputCallbacks(matchFunc, openFunc, readFunc, closeFunc);
         xmlRegisterOutputCallbacks(matchFunc, openFunc, writeFunc, closeFunc);
+        libxmlLoaderThread = currentThread();
         didInit = true;
     }