Title: [88656] branches/chromium/742
- Revision
- 88656
- Author
- jia...@chromium.org
- Date
- 2011-06-13 11:10:54 -0700 (Mon, 13 Jun 2011)
Log Message
Merge 88510 - Calling WebKitBlobBuilder.append with null argument should not crash
https://bugs.webkit.org/show_bug.cgi?id=62419
Reviewed by David Levin.
Source/WebCore:
Test: fast/files/blob-builder-crash.html
* fileapi/WebKitBlobBuilder.cpp:
(WebCore::WebKitBlobBuilder::append):
LayoutTests:
* fast/files/blob-builder-crash-expected.txt: Added.
* fast/files/blob-builder-crash.html: Added.
TBR=jia...@chromium.org
BUG=85659
Review URL: http://codereview.chromium.org/7134095
Modified Paths
Added Paths
Property Changed
Diff
Copied: branches/chromium/742/LayoutTests/fast/files/blob-builder-crash-expected.txt (from rev 88510, trunk/LayoutTests/fast/files/blob-builder-crash-expected.txt) (0 => 88656)
--- branches/chromium/742/LayoutTests/fast/files/blob-builder-crash-expected.txt (rev 0)
+++ branches/chromium/742/LayoutTests/fast/files/blob-builder-crash-expected.txt 2011-06-13 18:10:54 UTC (rev 88656)
@@ -0,0 +1,3 @@
+Test that calling WebKitBlobBuilder.append with null value should not cause crash.
+DONE
+
Copied: branches/chromium/742/LayoutTests/fast/files/blob-builder-crash.html (from rev 88510, trunk/LayoutTests/fast/files/blob-builder-crash.html) (0 => 88656)
--- branches/chromium/742/LayoutTests/fast/files/blob-builder-crash.html (rev 0)
+++ branches/chromium/742/LayoutTests/fast/files/blob-builder-crash.html 2011-06-13 18:10:54 UTC (rev 88656)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+function test()
+{
+ log("Test that calling WebKitBlobBuilder.append with null value should not cause crash.");
+ var builder = new WebKitBlobBuilder();
+ builder.append(null);
+
+ log("DONE");
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+</head>
+<body _onload_="test()">
+<pre id='console'></pre>
+</body>
+</html>
Modified: branches/chromium/742/Source/WebCore/fileapi/WebKitBlobBuilder.cpp (88655 => 88656)
--- branches/chromium/742/Source/WebCore/fileapi/WebKitBlobBuilder.cpp 2011-06-13 18:09:45 UTC (rev 88655)
+++ branches/chromium/742/Source/WebCore/fileapi/WebKitBlobBuilder.cpp 2011-06-13 18:10:54 UTC (rev 88656)
@@ -88,6 +88,8 @@
#if ENABLE(BLOB)
void WebKitBlobBuilder::append(ArrayBuffer* arrayBuffer)
{
+ if (!arrayBuffer)
+ return;
Vector<char>& buffer = getBuffer();
size_t oldSize = buffer.size();
buffer.append(static_cast<const char*>(arrayBuffer->data()), arrayBuffer->byteLength());
@@ -97,6 +99,8 @@
void WebKitBlobBuilder::append(Blob* blob)
{
+ if (!blob)
+ return;
if (blob->isFile()) {
// If the blob is file that is not snapshoted, capture the snapshot now.
// FIXME: This involves synchronous file operation. We need to figure out how to make it asynchronous.
Property changes on: branches/chromium/742/Source/WebCore/fileapi/WebKitBlobBuilder.cpp
___________________________________________________________________
Added: svn:mergeinfo
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
