Title: [88510] trunk
- Revision
- 88510
- Author
- [email protected]
- Date
- 2011-06-09 18:09:11 -0700 (Thu, 09 Jun 2011)
Log Message
Calling WebKitBlobBuilder.append with null argument should not crash
https://bugs.webkit.org/show_bug.cgi?id=62419
Reviewed by David Levin.
Source/WebCore:
Test: fast/files/blob-builder-crash.html
* fileapi/WebKitBlobBuilder.cpp:
(WebCore::WebKitBlobBuilder::append):
LayoutTests:
* fast/files/blob-builder-crash-expected.txt: Added.
* fast/files/blob-builder-crash.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (88509 => 88510)
--- trunk/LayoutTests/ChangeLog 2011-06-10 01:08:15 UTC (rev 88509)
+++ trunk/LayoutTests/ChangeLog 2011-06-10 01:09:11 UTC (rev 88510)
@@ -1,3 +1,13 @@
+2011-06-09 Jian Li <[email protected]>
+
+ Reviewed by David Levin.
+
+ Calling WebKitBlobBuilder.append with null argument should not crash
+ https://bugs.webkit.org/show_bug.cgi?id=62419
+
+ * fast/files/blob-builder-crash-expected.txt: Added.
+ * fast/files/blob-builder-crash.html: Added.
+
2011-06-09 James Kozianski <[email protected]>
[Chromium] Unreviewed. Remove expectations for passing tests.
Added: trunk/LayoutTests/fast/files/blob-builder-crash-expected.txt (0 => 88510)
--- trunk/LayoutTests/fast/files/blob-builder-crash-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/files/blob-builder-crash-expected.txt 2011-06-10 01:09:11 UTC (rev 88510)
@@ -0,0 +1,3 @@
+Test that calling WebKitBlobBuilder.append with null value should not cause crash.
+DONE
+
Added: trunk/LayoutTests/fast/files/blob-builder-crash.html (0 => 88510)
--- trunk/LayoutTests/fast/files/blob-builder-crash.html (rev 0)
+++ trunk/LayoutTests/fast/files/blob-builder-crash.html 2011-06-10 01:09:11 UTC (rev 88510)
@@ -0,0 +1,26 @@
+<!DOCTYPE html>
+<html>
+<head>
+<script>
+function log(message)
+{
+ document.getElementById('console').appendChild(document.createTextNode(message + "\n"));
+}
+
+function test()
+{
+ log("Test that calling WebKitBlobBuilder.append with null value should not cause crash.");
+ var builder = new WebKitBlobBuilder();
+ builder.append(null);
+
+ log("DONE");
+}
+
+if (window.layoutTestController)
+ layoutTestController.dumpAsText();
+</script>
+</head>
+<body _onload_="test()">
+<pre id='console'></pre>
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (88509 => 88510)
--- trunk/Source/WebCore/ChangeLog 2011-06-10 01:08:15 UTC (rev 88509)
+++ trunk/Source/WebCore/ChangeLog 2011-06-10 01:09:11 UTC (rev 88510)
@@ -1,3 +1,15 @@
+2011-06-09 Jian Li <[email protected]>
+
+ Reviewed by David Levin.
+
+ Calling WebKitBlobBuilder.append with null argument should not crash
+ https://bugs.webkit.org/show_bug.cgi?id=62419
+
+ Test: fast/files/blob-builder-crash.html
+
+ * fileapi/WebKitBlobBuilder.cpp:
+ (WebCore::WebKitBlobBuilder::append):
+
2011-06-09 Jer Noble <[email protected]>
Reviewed by David Hyatt.
Modified: trunk/Source/WebCore/fileapi/WebKitBlobBuilder.cpp (88509 => 88510)
--- trunk/Source/WebCore/fileapi/WebKitBlobBuilder.cpp 2011-06-10 01:08:15 UTC (rev 88509)
+++ trunk/Source/WebCore/fileapi/WebKitBlobBuilder.cpp 2011-06-10 01:09:11 UTC (rev 88510)
@@ -88,6 +88,8 @@
#if ENABLE(BLOB)
void WebKitBlobBuilder::append(ArrayBuffer* arrayBuffer)
{
+ if (!arrayBuffer)
+ return;
Vector<char>& buffer = getBuffer();
size_t oldSize = buffer.size();
buffer.append(static_cast<const char*>(arrayBuffer->data()), arrayBuffer->byteLength());
@@ -97,6 +99,8 @@
void WebKitBlobBuilder::append(Blob* blob)
{
+ if (!blob)
+ return;
if (blob->isFile()) {
// If the blob is file that is not snapshoted, capture the snapshot now.
// FIXME: This involves synchronous file operation. We need to figure out how to make it asynchronous.
_______________________________________________
webkit-changes mailing list
[email protected]
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes
