Title: [98970] trunk/Source/WebKit/mac
- Revision
- 98970
- Author
- da...@apple.com
- Date
- 2011-11-01 09:28:18 -0700 (Tue, 01 Nov 2011)
Log Message
Crash in PDF code when script has illegal UTF-8 or UTF-16 sequences
https://bugs.webkit.org/show_bug.cgi?id=71289
Reviewed by Dan Bernstein.
Just adding a null check. I don't have access to an actual PDF with
this problem but crashes from the field indicate they exist.
* WebView/WebPDFDocumentExtras.mm:
(allScriptsInPDFDocument): Skip the code to add the script text
to an array when the script is null.
Modified Paths
Diff
Modified: trunk/Source/WebKit/mac/ChangeLog (98969 => 98970)
--- trunk/Source/WebKit/mac/ChangeLog 2011-11-01 15:59:08 UTC (rev 98969)
+++ trunk/Source/WebKit/mac/ChangeLog 2011-11-01 16:28:18 UTC (rev 98970)
@@ -1,3 +1,17 @@
+2011-11-01 Darin Adler <da...@apple.com>
+
+ Crash in PDF code when script has illegal UTF-8 or UTF-16 sequences
+ https://bugs.webkit.org/show_bug.cgi?id=71289
+
+ Reviewed by Dan Bernstein.
+
+ Just adding a null check. I don't have access to an actual PDF with
+ this problem but crashes from the field indicate they exist.
+
+ * WebView/WebPDFDocumentExtras.mm:
+ (allScriptsInPDFDocument): Skip the code to add the script text
+ to an array when the script is null.
+
2011-10-28 John Sullivan <sulli...@apple.com>
WebKit part of:
Modified: trunk/Source/WebKit/mac/WebView/WebPDFDocumentExtras.mm (98969 => 98970)
--- trunk/Source/WebKit/mac/WebView/WebPDFDocumentExtras.mm 2011-11-01 15:59:08 UTC (rev 98969)
+++ trunk/Source/WebKit/mac/WebView/WebPDFDocumentExtras.mm 2011-11-01 16:28:18 UTC (rev 98970)
@@ -89,7 +89,7 @@
if (!CGPDFDictionaryGetDictionary(namesDictionary, "_javascript_", &_javascript_NameTree))
return scripts;
- // The names are aribtrary. We are only interested in the values.
+ // The names are arbitrary. We are only interested in the values.
Vector<CGPDFObjectRef> objects;
getAllValuesInPDFNameTree(_javascript_NameTree, objects);
size_t objectCount = objects.size();
@@ -125,6 +125,9 @@
NSStringEncoding encoding = (length > 1 && bytes[0] == 0xFE && bytes[1] == 0xFF) ? NSUnicodeStringEncoding : NSUTF8StringEncoding;
NSString *script = [[NSString alloc] initWithBytes:bytes length:length encoding:encoding];
+ if (!script)
+ continue;
+
[scripts addObject:script];
[script release];
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
http://lists.webkit.org/mailman/listinfo.cgi/webkit-changes