Diff
Modified: trunk/Source/WebKit2/ChangeLog (203128 => 203129)
--- trunk/Source/WebKit2/ChangeLog 2016-07-12 21:09:35 UTC (rev 203128)
+++ trunk/Source/WebKit2/ChangeLog 2016-07-12 21:51:19 UTC (rev 203129)
@@ -1,3 +1,21 @@
+2016-07-12 Chris Dumez <[email protected]>
+
+ [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
+ https://bugs.webkit.org/show_bug.cgi?id=159663
+ <rdar://problem/18995873>
+
+ Reviewed by Benjamin Poulain.
+
+ Protect against bad database data in LocalStorageDatabase::importItems(). We
+ crash if the database contains a null key or a null value so protect against
+ it given that we have evidence it can happen.
+
+ With this change, I can no longer reproduce the UIProcess crash on evernote.com
+ that is documented at <rdar://problem/18995873>.
+
+ * UIProcess/Storage/LocalStorageDatabase.cpp:
+ (WebKit::LocalStorageDatabase::importItems):
+
2016-07-12 Gyuyoung Kim <[email protected]>
Remove ENABLE_CSS3_TEXT_LINE_BREAK flag
Modified: trunk/Source/WebKit2/UIProcess/Storage/LocalStorageDatabase.cpp (203128 => 203129)
--- trunk/Source/WebKit2/UIProcess/Storage/LocalStorageDatabase.cpp 2016-07-12 21:09:35 UTC (rev 203128)
+++ trunk/Source/WebKit2/UIProcess/Storage/LocalStorageDatabase.cpp 2016-07-12 21:51:19 UTC (rev 203129)
@@ -181,7 +181,10 @@
int result = query.step();
while (result == SQLITE_ROW) {
- items.set(query.getColumnText(0), query.getColumnBlobAsString(1));
+ String key = query.getColumnText(0);
+ String value = query.getColumnBlobAsString(1);
+ if (!key.isNull() && !value.isNull())
+ items.set(key, value);
result = query.step();
}
Modified: trunk/Tools/ChangeLog (203128 => 203129)
--- trunk/Tools/ChangeLog 2016-07-12 21:09:35 UTC (rev 203128)
+++ trunk/Tools/ChangeLog 2016-07-12 21:51:19 UTC (rev 203129)
@@ -1,3 +1,21 @@
+2016-07-12 Chris Dumez <[email protected]>
+
+ [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
+ https://bugs.webkit.org/show_bug.cgi?id=159663
+ <rdar://problem/18995873>
+
+ Reviewed by Benjamin Poulain.
+
+ Add API test coverage.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.html: Added.
+ * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage: Added.
+ * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage-shm: Added.
+ * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm: Added.
+ (-[LocalStorageNullEntriesMessageHandler userContentController:didReceiveScriptMessage:]):
+ (TEST):
+
2016-07-12 Myles C. Maxfield <[email protected]>
Relax ordering requirements on StringView::CodePoints iterator
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (203128 => 203129)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2016-07-12 21:09:35 UTC (rev 203128)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2016-07-12 21:51:19 UTC (rev 203129)
@@ -64,6 +64,10 @@
37D36ED71AF42ECD00BAF5D9 /* LoadAlternateHTMLString.mm in Sources */ = {isa = PBXBuildFile; fileRef = 37D36ED61AF42ECD00BAF5D9 /* LoadAlternateHTMLString.mm */; };
37DC6791140D7D7600ABCCDB /* DOMRangeOfString.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37DC678F140D7D3A00ABCCDB /* DOMRangeOfString.html */; };
37E1064C1697681800B78BD0 /* DOMHTMLTableCellElementCellAbove.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 37E1064B169767F700B78BD0 /* DOMHTMLTableCellElementCellAbove.html */; };
+ 46C519DA1D355AB200DAA51A /* LocalStorageNullEntries.mm in Sources */ = {isa = PBXBuildFile; fileRef = 46C519D81D355A7300DAA51A /* LocalStorageNullEntries.mm */; };
+ 46C519E61D3563FD00DAA51A /* LocalStorageNullEntries.html in Copy Resources */ = {isa = PBXBuildFile; fileRef = 46C519E21D35629600DAA51A /* LocalStorageNullEntries.html */; };
+ 46C519E71D3563FD00DAA51A /* LocalStorageNullEntries.localstorage in Copy Resources */ = {isa = PBXBuildFile; fileRef = 46C519E31D35629600DAA51A /* LocalStorageNullEntries.localstorage */; };
+ 46C519E81D3563FD00DAA51A /* LocalStorageNullEntries.localstorage-shm in Copy Resources */ = {isa = PBXBuildFile; fileRef = 46C519E41D35629600DAA51A /* LocalStorageNullEntries.localstorage-shm */; };
4BFDFFA71314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 4BFDFFA61314776C0061F24B /* HitTestResultNodeHandle_Bundle.cpp */; };
510477721D298DDD009747EB /* IDBDeleteRecovery.sqlite3 in Copy Resources */ = {isa = PBXBuildFile; fileRef = 5104776F1D298D85009747EB /* IDBDeleteRecovery.sqlite3 */; };
510477731D298DDD009747EB /* IDBDeleteRecovery.sqlite3-shm in Copy Resources */ = {isa = PBXBuildFile; fileRef = 510477701D298D85009747EB /* IDBDeleteRecovery.sqlite3-shm */; };
@@ -481,6 +485,9 @@
dstPath = TestWebKitAPI.resources;
dstSubfolderSpec = 7;
files = (
+ 46C519E61D3563FD00DAA51A /* LocalStorageNullEntries.html in Copy Resources */,
+ 46C519E71D3563FD00DAA51A /* LocalStorageNullEntries.localstorage in Copy Resources */,
+ 46C519E81D3563FD00DAA51A /* LocalStorageNullEntries.localstorage-shm in Copy Resources */,
51E6A8961D2F1CA700C004B6 /* LocalStorageClear.html in Copy Resources */,
51A587851D2739E3004BA9AF /* IndexedDBDatabaseProcessKill-1.html in Copy Resources */,
510477771D298E72009747EB /* IDBDeleteRecovery.html in Copy Resources */,
@@ -701,6 +708,10 @@
440A1D3814A0103A008A66F2 /* URL.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = URL.cpp; sourceTree = "<group>"; };
442BBF681C91CAD90017087F /* RefLogger.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = RefLogger.cpp; sourceTree = "<group>"; };
44A622C114A0E2B60048515B /* WTFStringUtilities.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = WTFStringUtilities.h; sourceTree = "<group>"; };
+ 46C519D81D355A7300DAA51A /* LocalStorageNullEntries.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = LocalStorageNullEntries.mm; sourceTree = "<group>"; };
+ 46C519E21D35629600DAA51A /* LocalStorageNullEntries.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = LocalStorageNullEntries.html; sourceTree = "<group>"; };
+ 46C519E31D35629600DAA51A /* LocalStorageNullEntries.localstorage */ = {isa = PBXFileReference; lastKnownFileType = file; path = LocalStorageNullEntries.localstorage; sourceTree = "<group>"; };
+ 46C519E41D35629600DAA51A /* LocalStorageNullEntries.localstorage-shm */ = {isa = PBXFileReference; lastKnownFileType = file; path = "LocalStorageNullEntries.localstorage-shm"; sourceTree = "<group>"; };
4A410F4B19AF7BD6002EBAB5 /* UserMedia.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = UserMedia.cpp; sourceTree = "<group>"; };
4A410F4D19AF7BEF002EBAB5 /* getUserMedia.html */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.html; path = getUserMedia.html; sourceTree = "<group>"; };
4BB4160116815B2600824238 /* JSWrapperForNodeInWebFrame.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = JSWrapperForNodeInWebFrame.mm; sourceTree = "<group>"; };
@@ -1187,6 +1198,7 @@
37D36ED61AF42ECD00BAF5D9 /* LoadAlternateHTMLString.mm */,
57901FAC1CAF12C200ED64F9 /* LoadInvalidURLRequest.mm */,
51E6A8921D2F1BEC00C004B6 /* LocalStorageClear.mm */,
+ 46C519D81D355A7300DAA51A /* LocalStorageNullEntries.mm */,
51CD1C6A1B38CE3600142CA5 /* ModalAlerts.mm */,
1ABC3DED1899BE6D004F0626 /* Navigation.mm */,
CEA6CF2219CCF5BD0064F5A7 /* OpenAndCloseWindow.mm */,
@@ -1300,6 +1312,9 @@
51B1EE941C80FADD0064FB98 /* IndexedDBPersistence-1.html */,
51B1EE951C80FADD0064FB98 /* IndexedDBPersistence-2.html */,
51E6A8951D2F1C7700C004B6 /* LocalStorageClear.html */,
+ 46C519E21D35629600DAA51A /* LocalStorageNullEntries.html */,
+ 46C519E31D35629600DAA51A /* LocalStorageNullEntries.localstorage */,
+ 46C519E41D35629600DAA51A /* LocalStorageNullEntries.localstorage-shm */,
51714EB21CF8C761004723C4 /* WebProcessKillIDBCleanup-1.html */,
51714EB31CF8C761004723C4 /* WebProcessKillIDBCleanup-2.html */,
93CFA8661CEB9DE1000565A8 /* autofocused-text-input.html */,
@@ -2164,6 +2179,7 @@
7CCE7F0C1A411AE600447C4C /* PrivateBrowsingPushStateNoHistoryCallback.cpp in Sources */,
7CCE7EC81A411A7E00447C4C /* PublicSuffix.mm in Sources */,
7C83E0511D0A641800FEBCF3 /* ParsedContentRange.cpp in Sources */,
+ 46C519DA1D355AB200DAA51A /* LocalStorageNullEntries.mm in Sources */,
7C3965061CDD74F90094DBB8 /* Color.cpp in Sources */,
7CCE7F0D1A411AE600447C4C /* ReloadPageAfterCrash.cpp in Sources */,
7CCE7EC91A411A7E00447C4C /* RenderedImageFromDOMNode.mm in Sources */,
Added: trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.html (0 => 203129)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.html (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.html 2016-07-12 21:51:19 UTC (rev 203129)
@@ -0,0 +1,6 @@
+<script>
+
+window.localStorage.key(0);
+window.webkit.messageHandlers.testHandler.postMessage('DONE');
+
+</script>
Added: trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage (0 => 203129)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage 2016-07-12 21:51:19 UTC (rev 203129)
@@ -0,0 +1,7 @@
+SQLite format 3���@ ������-\xF9\x88+�\xF8��A�A�\xC5
\x81�������\x81QtableItemT
ableItemTable�CREATE TABLE ItemTable (key TEXT UNIQUE ON CONFLICT REPLACE, value BLOB NOT NULL ON CONFLICT FAIL)1���E��indexsqlite_autoindex_ItemTable_1ItemTable��++v��\xDB�����+\xD1�>���g�\xDB�S+\xAA�\xBA+
\ No newline at end of file
Added: trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage-shm (0 => 203129)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage-shm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage-shm 2016-07-12 21:51:19 UTC (rev 203129)
@@ -0,0 +1 @@
+�\xE2-�8���5\x93\xDB �\xE2-�8���5\x93\xDB \xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF
\ No newline at end of file
Added: trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm (0 => 203129)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm 2016-07-12 21:51:19 UTC (rev 203129)
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "PlatformUtilities.h"
+#import "Test.h"
+#import <WebKit/WKProcessPoolPrivate.h>
+#import <WebKit/WKUserContentControllerPrivate.h>
+#import <WebKit/WKWebViewConfigurationPrivate.h>
+#import <WebKit/WebKit.h>
+#import <WebKit/_WKProcessPoolConfiguration.h>
+#import <WebKit/_WKUserStyleSheet.h>
+#import <wtf/RetainPtr.h>
+
+#if WK_API_ENABLED
+
+static bool readyToContinue;
+
+@interface LocalStorageNullEntriesMessageHandler : NSObject <WKScriptMessageHandler>
+@end
+
+@implementation LocalStorageNullEntriesMessageHandler
+
+- (void)userContentController:(WKUserContentController *)userContentController didReceiveScriptMessage:(WKScriptMessage *)message
+{
+ readyToContinue = true;
+}
+
+@end
+
+TEST(WKWebView, LocalStorageNullEntries)
+{
+ RetainPtr<LocalStorageNullEntriesMessageHandler> handler = adoptNS([[LocalStorageNullEntriesMessageHandler alloc] init]);
+ RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ [[configuration userContentController] addScriptMessageHandler:handler.get() name:@"testHandler"];
+
+ [configuration _setAllowUniversalAccessFromFileURLs:YES];
+
+ // Copy the inconsistent database files to the LocalStorage directory
+ NSURL *url1 = [[NSBundle mainBundle] URLForResource:@"LocalStorageNullEntries" withExtension:@"localstorage" subdirectory:@"TestWebKitAPI.resources"];
+ NSURL *url2 = [[NSBundle mainBundle] URLForResource:@"LocalStorageNullEntries" withExtension:@"localstorage-shm" subdirectory:@"TestWebKitAPI.resources"];
+
+ NSURL *targetURL = [NSURL fileURLWithPath:[@"~/Library/WebKit/TestWebKitAPI/WebsiteData/LocalStorage/" stringByExpandingTildeInPath]];
+ [[NSFileManager defaultManager] createDirectoryAtURL:targetURL withIntermediateDirectories:YES attributes:nil error:nil];
+
+ [[NSFileManager defaultManager] copyItemAtURL:url1 toURL:[targetURL URLByAppendingPathComponent:@"file__0.localstorage"] error:nil];
+ [[NSFileManager defaultManager] copyItemAtURL:url2 toURL:[targetURL URLByAppendingPathComponent:@"file__0.localstorage-shm"] error:nil];
+
+ RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+
+ NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"LocalStorageNullEntries" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+ [webView loadRequest:request];
+
+ readyToContinue = false;
+ TestWebKitAPI::Util::run(&readyToContinue);
+
+ webView = nil;
+
+ // Clean up.
+ [[NSFileManager defaultManager] removeItemAtURL:[targetURL URLByAppendingPathComponent:@"file__0.localstorage"] error:nil];
+ [[NSFileManager defaultManager] removeItemAtURL:[targetURL URLByAppendingPathComponent:@"file__0.localstorage-shm"] error:nil];
+}
+
+#endif
