Diff
Modified: releases/WebKitGTK/webkit-2.12/Source/WebKit2/ChangeLog (204805 => 204806)
--- releases/WebKitGTK/webkit-2.12/Source/WebKit2/ChangeLog 2016-08-23 11:11:24 UTC (rev 204805)
+++ releases/WebKitGTK/webkit-2.12/Source/WebKit2/ChangeLog 2016-08-23 11:14:49 UTC (rev 204806)
@@ -1,3 +1,21 @@
+2016-07-12 Chris Dumez <[email protected]>
+
+ [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
+ https://bugs.webkit.org/show_bug.cgi?id=159663
+ <rdar://problem/18995873>
+
+ Reviewed by Benjamin Poulain.
+
+ Protect against bad database data in LocalStorageDatabase::importItems(). We
+ crash if the database contains a null key or a null value so protect against
+ it given that we have evidence it can happen.
+
+ With this change, I can no longer reproduce the UIProcess crash on evernote.com
+ that is documented at <rdar://problem/18995873>.
+
+ * UIProcess/Storage/LocalStorageDatabase.cpp:
+ (WebKit::LocalStorageDatabase::importItems):
+
2016-05-24 Carlos Garcia Campos <[email protected]>
Unreviewed. Update OptionsGTK.cmake and NEWS for 2.12.3 release.
Modified: releases/WebKitGTK/webkit-2.12/Source/WebKit2/UIProcess/Storage/LocalStorageDatabase.cpp (204805 => 204806)
--- releases/WebKitGTK/webkit-2.12/Source/WebKit2/UIProcess/Storage/LocalStorageDatabase.cpp 2016-08-23 11:11:24 UTC (rev 204805)
+++ releases/WebKitGTK/webkit-2.12/Source/WebKit2/UIProcess/Storage/LocalStorageDatabase.cpp 2016-08-23 11:14:49 UTC (rev 204806)
@@ -181,7 +181,10 @@
int result = query.step();
while (result == SQLITE_ROW) {
- items.set(query.getColumnText(0), query.getColumnBlobAsString(1));
+ String key = query.getColumnText(0);
+ String value = query.getColumnBlobAsString(1);
+ if (!key.isNull() && !value.isNull())
+ items.set(key, value);
result = query.step();
}
Modified: releases/WebKitGTK/webkit-2.12/Tools/ChangeLog (204805 => 204806)
--- releases/WebKitGTK/webkit-2.12/Tools/ChangeLog 2016-08-23 11:11:24 UTC (rev 204805)
+++ releases/WebKitGTK/webkit-2.12/Tools/ChangeLog 2016-08-23 11:14:49 UTC (rev 204806)
@@ -1,3 +1,21 @@
+2016-07-12 Chris Dumez <[email protected]>
+
+ [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
+ https://bugs.webkit.org/show_bug.cgi?id=159663
+ <rdar://problem/18995873>
+
+ Reviewed by Benjamin Poulain.
+
+ Add API test coverage.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.html: Added.
+ * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage: Added.
+ * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage-shm: Added.
+ * TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm: Added.
+ (-[LocalStorageNullEntriesMessageHandler userContentController:didReceiveScriptMessage:]):
+ (TEST):
+
2016-05-25 Joanmarie Diggs <[email protected]>
[GTK] accessibility/meter-element.html is failing
Added: releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.html (0 => 204806)
--- releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.html (rev 0)
+++ releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.html 2016-08-23 11:14:49 UTC (rev 204806)
@@ -0,0 +1,6 @@
+<script>
+
+window.localStorage.key(0);
+window.webkit.messageHandlers.testHandler.postMessage('DONE');
+
+</script>
Added: releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage (0 => 204806)
--- releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage (rev 0)
+++ releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage 2016-08-23 11:14:49 UTC (rev 204806)
@@ -0,0 +1,7 @@
+SQLite format 3���@ ������-\xF9\x88+�\xF8��A�A�\xC5
\x81�������\x81QtableItemT
ableItemTable�CREATE TABLE ItemTable (key TEXT UNIQUE ON CONFLICT REPLACE, value BLOB NOT NULL ON CONFLICT FAIL)1���E��indexsqlite_autoindex_ItemTable_1ItemTable��++v��\xDB�����+\xD1�>���g�\xDB�S+\xAA�\xBA+
\ No newline at end of file
Added: releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage-shm (0 => 204806)
--- releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage-shm (rev 0)
+++ releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.localstorage-shm 2016-08-23 11:14:49 UTC (rev 204806)
@@ -0,0 +1 @@
+�\xE2-�8���5\x93\xDB �\xE2-�8���5\x93\xDB \xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF
\ No newline at end of file
Added: releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm (0 => 204806)
--- releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm (rev 0)
+++ releases/WebKitGTK/webkit-2.12/Tools/TestWebKitAPI/Tests/WebKit2Cocoa/LocalStorageNullEntries.mm 2016-08-23 11:14:49 UTC (rev 204806)
@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2016 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "PlatformUtilities.h"
+#import "Test.h"
+#import <WebKit/WKProcessPoolPrivate.h>
+#import <WebKit/WKUserContentControllerPrivate.h>
+#import <WebKit/WKWebViewConfigurationPrivate.h>
+#import <WebKit/WebKit.h>
+#import <WebKit/_WKProcessPoolConfiguration.h>
+#import <WebKit/_WKUserStyleSheet.h>
+#import <wtf/RetainPtr.h>
+
+#if WK_API_ENABLED
+
+static bool readyToContinue;
+
+@interface LocalStorageNullEntriesMessageHandler : NSObject <WKScriptMessageHandler>
+@end
+
+@implementation LocalStorageNullEntriesMessageHandler
+
+- (void)userContentController:(WKUserContentController *)userContentController didReceiveScriptMessage:(WKScriptMessage *)message
+{
+ readyToContinue = true;
+}
+
+@end
+
+TEST(WKWebView, LocalStorageNullEntries)
+{
+ RetainPtr<LocalStorageNullEntriesMessageHandler> handler = adoptNS([[LocalStorageNullEntriesMessageHandler alloc] init]);
+ RetainPtr<WKWebViewConfiguration> configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ [[configuration userContentController] addScriptMessageHandler:handler.get() name:@"testHandler"];
+
+ [configuration _setAllowUniversalAccessFromFileURLs:YES];
+
+ // Copy the inconsistent database files to the LocalStorage directory
+ NSURL *url1 = [[NSBundle mainBundle] URLForResource:@"LocalStorageNullEntries" withExtension:@"localstorage" subdirectory:@"TestWebKitAPI.resources"];
+ NSURL *url2 = [[NSBundle mainBundle] URLForResource:@"LocalStorageNullEntries" withExtension:@"localstorage-shm" subdirectory:@"TestWebKitAPI.resources"];
+
+ NSURL *targetURL = [NSURL fileURLWithPath:[@"~/Library/WebKit/TestWebKitAPI/WebsiteData/LocalStorage/" stringByExpandingTildeInPath]];
+ [[NSFileManager defaultManager] createDirectoryAtURL:targetURL withIntermediateDirectories:YES attributes:nil error:nil];
+
+ [[NSFileManager defaultManager] copyItemAtURL:url1 toURL:[targetURL URLByAppendingPathComponent:@"file__0.localstorage"] error:nil];
+ [[NSFileManager defaultManager] copyItemAtURL:url2 toURL:[targetURL URLByAppendingPathComponent:@"file__0.localstorage-shm"] error:nil];
+
+ RetainPtr<WKWebView> webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:configuration.get()]);
+
+ NSURLRequest *request = [NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"LocalStorageNullEntries" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]];
+ [webView loadRequest:request];
+
+ readyToContinue = false;
+ TestWebKitAPI::Util::run(&readyToContinue);
+
+ webView = nil;
+
+ // Clean up.
+ [[NSFileManager defaultManager] removeItemAtURL:[targetURL URLByAppendingPathComponent:@"file__0.localstorage"] error:nil];
+ [[NSFileManager defaultManager] removeItemAtURL:[targetURL URLByAppendingPathComponent:@"file__0.localstorage-shm"] error:nil];
+}
+
+#endif
