- Revision
- 205744
- Author
- [email protected]
- Date
- 2016-09-09 09:17:19 -0700 (Fri, 09 Sep 2016)
Log Message
Regression(r186020): Null dereference in getStartDate()
https://bugs.webkit.org/show_bug.cgi?id=161733
Reviewed by Eric Carlson.
Source/WebCore:
Update HTMLMediaElement::getStartDate() to return NaN if m_player is null,
instead of crashing.
Test: fast/media/getStartDate-NaN.html
* bindings/js/IDBBindingUtilities.cpp:
(WebCore::toJS):
Add a FIXME comment as this code is using jsDateOrNull() but should
probably be using jsDate() as per:
- http://w3c.github.io/IndexedDB/#request-convert-a-key-to-a-value
* bindings/js/JSDOMBinding.cpp:
(WebCore::jsDate):
(WebCore::jsDateOrNull):
* bindings/js/JSDOMBinding.h:
- Rename jsDateOrNaN() to jsDate() as this is the default behavior. Also,
return new Date(NaN) instead of NaN if the implementation returns NaN.
The IDL says we should return a Date, not a number.
- Update jsDateOrNull() to only return jsNull() if the native value is
NaN, instead of doing so for every value that is not finite. Our
convention is to use NaN as special value to represent null in JS.
* bindings/scripts/CodeGeneratorJS.pm:
(NativeToJSValue):
When converting a native value (double) into a Date, rely on the fact
that the type is nullable when deciding if we should call jsDate() or
jsDateOrNull() to convert. This way, we no longe need a WebKit specific
[TreatReturnedDateAs=Null|NaN] IDL extended attribute.
* bindings/scripts/IDLAttributes.txt:
* html/HTMLInputElement.idl:
Mark valueAsDate attribute as nullable, as per the specification:
- https://html.spec.whatwg.org/#htmlinputelement
* html/HTMLMediaElement.cpp:
(WebCore::HTMLMediaElement::getStartDate):
Return NaN if m_player is null instead of crashing. The reason I decided
to return NaN is because the specification [1] says to return a new Date
object representing the current timeline offset. The spec of timeline
offset [2] says that the initial timeline offset value is NaN.
[1] https://html.spec.whatwg.org/#dom-media-getstartdate
[2] https://html.spec.whatwg.org/#timeline-offset
* bindings/scripts/IDLAttributes.txt:
* html/HTMLMediaElement.idl:
Drop [TreatReturnedDateAs] attribute as it is no longer supported.
LayoutTests:
Add layout test coverage.
* fast/media/getStartDate-NaN-expected.txt: Added.
* fast/media/getStartDate-NaN.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (205743 => 205744)
--- trunk/LayoutTests/ChangeLog 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/LayoutTests/ChangeLog 2016-09-09 16:17:19 UTC (rev 205744)
@@ -1,3 +1,15 @@
+2016-09-09 Chris Dumez <[email protected]>
+
+ Regression(r186020): Null dereference in getStartDate()
+ https://bugs.webkit.org/show_bug.cgi?id=161733
+
+ Reviewed by Eric Carlson.
+
+ Add layout test coverage.
+
+ * fast/media/getStartDate-NaN-expected.txt: Added.
+ * fast/media/getStartDate-NaN.html: Added.
+
2016-09-09 Youenn Fablet <[email protected]>
Sync web-platform-tests up to revision 6d9c836
Added: trunk/LayoutTests/fast/media/getStartDate-NaN-expected.txt (0 => 205744)
--- trunk/LayoutTests/fast/media/getStartDate-NaN-expected.txt (rev 0)
+++ trunk/LayoutTests/fast/media/getStartDate-NaN-expected.txt 2016-09-09 16:17:19 UTC (rev 205744)
@@ -0,0 +1,13 @@
+Tests that calling media.getStartDate() returns NaN when no start date is available.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS isNaN(document.createElement('audio').getStartDate()) is true
+PASS isNaN(document.createElement('video').getStartDate()) is true
+PASS document.createElement('audio').getStartDate() is an instance of Date
+PASS document.createElement('video').getStartDate() is an instance of Date
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: trunk/LayoutTests/fast/media/getStartDate-NaN.html (0 => 205744)
--- trunk/LayoutTests/fast/media/getStartDate-NaN.html (rev 0)
+++ trunk/LayoutTests/fast/media/getStartDate-NaN.html 2016-09-09 16:17:19 UTC (rev 205744)
@@ -0,0 +1,15 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("Tests that calling media.getStartDate() returns NaN when no start date is available.");
+
+shouldBeTrue("isNaN(document.createElement('audio').getStartDate())");
+shouldBeTrue("isNaN(document.createElement('video').getStartDate())");
+shouldBeType("document.createElement('audio').getStartDate()", "Date");
+shouldBeType("document.createElement('video').getStartDate()", "Date");
+</script>
+<script src=""
+</body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (205743 => 205744)
--- trunk/Source/WebCore/ChangeLog 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/Source/WebCore/ChangeLog 2016-09-09 16:17:19 UTC (rev 205744)
@@ -1,3 +1,57 @@
+2016-09-09 Chris Dumez <[email protected]>
+
+ Regression(r186020): Null dereference in getStartDate()
+ https://bugs.webkit.org/show_bug.cgi?id=161733
+
+ Reviewed by Eric Carlson.
+
+ Update HTMLMediaElement::getStartDate() to return NaN if m_player is null,
+ instead of crashing.
+
+ Test: fast/media/getStartDate-NaN.html
+
+ * bindings/js/IDBBindingUtilities.cpp:
+ (WebCore::toJS):
+ Add a FIXME comment as this code is using jsDateOrNull() but should
+ probably be using jsDate() as per:
+ - http://w3c.github.io/IndexedDB/#request-convert-a-key-to-a-value
+
+ * bindings/js/JSDOMBinding.cpp:
+ (WebCore::jsDate):
+ (WebCore::jsDateOrNull):
+ * bindings/js/JSDOMBinding.h:
+ - Rename jsDateOrNaN() to jsDate() as this is the default behavior. Also,
+ return new Date(NaN) instead of NaN if the implementation returns NaN.
+ The IDL says we should return a Date, not a number.
+ - Update jsDateOrNull() to only return jsNull() if the native value is
+ NaN, instead of doing so for every value that is not finite. Our
+ convention is to use NaN as special value to represent null in JS.
+
+ * bindings/scripts/CodeGeneratorJS.pm:
+ (NativeToJSValue):
+ When converting a native value (double) into a Date, rely on the fact
+ that the type is nullable when deciding if we should call jsDate() or
+ jsDateOrNull() to convert. This way, we no longe need a WebKit specific
+ [TreatReturnedDateAs=Null|NaN] IDL extended attribute.
+
+ * bindings/scripts/IDLAttributes.txt:
+ * html/HTMLInputElement.idl:
+ Mark valueAsDate attribute as nullable, as per the specification:
+ - https://html.spec.whatwg.org/#htmlinputelement
+
+ * html/HTMLMediaElement.cpp:
+ (WebCore::HTMLMediaElement::getStartDate):
+ Return NaN if m_player is null instead of crashing. The reason I decided
+ to return NaN is because the specification [1] says to return a new Date
+ object representing the current timeline offset. The spec of timeline
+ offset [2] says that the initial timeline offset value is NaN.
+ [1] https://html.spec.whatwg.org/#dom-media-getstartdate
+ [2] https://html.spec.whatwg.org/#timeline-offset
+
+ * bindings/scripts/IDLAttributes.txt:
+ * html/HTMLMediaElement.idl:
+ Drop [TreatReturnedDateAs] attribute as it is no longer supported.
+
2016-09-09 Youenn Fablet <[email protected]>
ASSERTION FAILED: promise.inherits(JSPromise::info())
Modified: trunk/Source/WebCore/bindings/js/IDBBindingUtilities.cpp (205743 => 205744)
--- trunk/Source/WebCore/bindings/js/IDBBindingUtilities.cpp 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/Source/WebCore/bindings/js/IDBBindingUtilities.cpp 2016-09-09 16:17:19 UTC (rev 205744)
@@ -106,6 +106,8 @@
case KeyType::String:
return jsStringWithCache(&state, key->string());
case KeyType::Date:
+ // FIXME: This should probably be jsDate() as per:
+ // http://w3c.github.io/IndexedDB/#request-convert-a-key-to-a-value
return jsDateOrNull(&state, key->date());
case KeyType::Number:
return jsNumber(key->number());
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp (205743 => 205744)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.cpp 2016-09-09 16:17:19 UTC (rev 205744)
@@ -165,16 +165,15 @@
return value.isUndefinedOrNull() ? String() : valueToUSVString(exec, value);
}
-JSValue jsDateOrNaN(ExecState* exec, double value)
+JSValue jsDate(ExecState* exec, double value)
{
- if (std::isnan(value))
- return jsDoubleNumber(value);
- return jsDateOrNull(exec, value);
+ return DateInstance::create(exec->vm(), exec->lexicalGlobalObject()->dateStructure(), value);
}
JSValue jsDateOrNull(ExecState* exec, double value)
{
- if (!std::isfinite(value))
+ // For nullable Date types, we use NaN as null value.
+ if (std::isnan(value))
return jsNull();
return DateInstance::create(exec->vm(), exec->lexicalGlobalObject()->dateStructure(), value);
}
Modified: trunk/Source/WebCore/bindings/js/JSDOMBinding.h (205743 => 205744)
--- trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/Source/WebCore/bindings/js/JSDOMBinding.h 2016-09-09 16:17:19 UTC (rev 205744)
@@ -249,12 +249,9 @@
WEBCORE_EXPORT int64_t toInt64(JSC::ExecState&, JSC::JSValue);
WEBCORE_EXPORT uint64_t toUInt64(JSC::ExecState&, JSC::JSValue);
-// Returns a Date instance for the specified value, or NaN if the date is not a number.
-JSC::JSValue jsDateOrNaN(JSC::ExecState*, double);
+JSC::JSValue jsDate(JSC::ExecState*, double value);
+JSC::JSValue jsDateOrNull(JSC::ExecState*, double value);
-// Returns a Date instance for the specified value, or null if the value is NaN or infinity.
-JSC::JSValue jsDateOrNull(JSC::ExecState*, double);
-
// NaN if the value can't be converted to a date.
double valueToDate(JSC::ExecState*, JSC::JSValue);
Modified: trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm (205743 => 205744)
--- trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/Source/WebCore/bindings/scripts/CodeGeneratorJS.pm 2016-09-09 16:17:19 UTC (rev 205744)
@@ -4802,10 +4802,8 @@
return "jsBoolean($value)" if $type eq "boolean";
if ($type eq "Date") {
- my $handlingForNaN = $signature->extendedAttributes->{"TreatReturnedNaNDateAs"};
- return "jsDateOrNull(state, $value)" if !defined $handlingForNaN || $handlingForNaN eq "Null";
- return "jsDateOrNaN(state, $value)" if $handlingForNaN eq "NaN";
- die "Unknown value for TreatReturnedNaNDateAs extended attribute";
+ return "jsDateOrNull(state, $value)" if $signature->isNullable;
+ return "jsDate(state, $value)";
}
if ($codeGenerator->IsNumericType($type) or $type eq "DOMTimeStamp") {
Modified: trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt (205743 => 205744)
--- trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/Source/WebCore/bindings/scripts/IDLAttributes.txt 2016-09-09 16:17:19 UTC (rev 205744)
@@ -119,7 +119,6 @@
SkipVTableValidation
SuppressToJSObject
TreatNullAs=EmptyString
-TreatReturnedNaNDateAs=Null|NaN
TypedArray=*
URL
Unforgeable
Modified: trunk/Source/WebCore/html/HTMLInputElement.idl (205743 => 205744)
--- trunk/Source/WebCore/html/HTMLInputElement.idl 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/Source/WebCore/html/HTMLInputElement.idl 2016-09-09 16:17:19 UTC (rev 205744)
@@ -60,7 +60,7 @@
attribute DOMString defaultValue;
// See the discussion in https://bugs.webkit.org/show_bug.cgi?id=100085
[TreatNullAs=EmptyString, SetterRaisesException] attribute DOMString value;
- [SetterRaisesException] attribute Date valueAsDate;
+ [SetterRaisesException] attribute Date? valueAsDate;
[SetterRaisesException] attribute unrestricted double valueAsNumber;
[RaisesException] void stepUp(optional long n = 1);
Modified: trunk/Source/WebCore/html/HTMLMediaElement.cpp (205743 => 205744)
--- trunk/Source/WebCore/html/HTMLMediaElement.cpp 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/Source/WebCore/html/HTMLMediaElement.cpp 2016-09-09 16:17:19 UTC (rev 205744)
@@ -1138,6 +1138,8 @@
double HTMLMediaElement::getStartDate() const
{
+ if (!m_player)
+ return std::numeric_limits<double>::quiet_NaN();
return m_player->getStartDate().toDouble();
}
Modified: trunk/Source/WebCore/html/HTMLMediaElement.idl (205743 => 205744)
--- trunk/Source/WebCore/html/HTMLMediaElement.idl 2016-09-09 15:42:13 UTC (rev 205743)
+++ trunk/Source/WebCore/html/HTMLMediaElement.idl 2016-09-09 16:17:19 UTC (rev 205744)
@@ -66,7 +66,7 @@
// playback state
[SetterRaisesException] attribute unrestricted double currentTime;
readonly attribute unrestricted double duration;
- [TreatReturnedNaNDateAs=NaN] Date getStartDate();
+ Date getStartDate();
readonly attribute boolean paused;
attribute unrestricted double defaultPlaybackRate;
attribute unrestricted double playbackRate;
