[webkit-changes] [217616] trunk

Wed, 31 May 2017 12:12:03 -0700

Title: [217616] trunk
Revision
217616
Author
[email protected]
Date
2017-05-31 12:11:24 -0700 (Wed, 31 May 2017)

Log Message

CrashTracer: Regression : com.apple.WebKit.WebContent at STP responsible :: com.apple.WebCore: WebCore::SharedBuffer::data const + 11
https://bugs.webkit.org/show_bug.cgi?id=172747
<rdar://problem/32275314>

Reviewed by Andreas Kling.

Source/WebCore:

Test: http/tests/subresource-integrity/empty-stylesheet-integrity-crash.html

* loader/SubresourceIntegrity.cpp:
(WebCore::matchIntegrityMetadata):

    If the resource body is empty CachedResource::resourceBuffer() may be null.

LayoutTests:

* http/tests/css/empty-stylesheet-integrity-crash-expected.txt: Added.
* http/tests/css/empty-stylesheet-integrity-crash.html: Added.

Modified Paths

Added Paths

Diff

Modified: trunk/LayoutTests/ChangeLog (217615 => 217616)


--- trunk/LayoutTests/ChangeLog	2017-05-31 19:04:44 UTC (rev 217615)
+++ trunk/LayoutTests/ChangeLog	2017-05-31 19:11:24 UTC (rev 217616)
@@ -1,3 +1,14 @@
+2017-05-31  Antti Koivisto  <[email protected]>
+
+        CrashTracer: Regression : com.apple.WebKit.WebContent at STP responsible :: com.apple.WebCore: WebCore::SharedBuffer::data const + 11
+        https://bugs.webkit.org/show_bug.cgi?id=172747
+        <rdar://problem/32275314>
+
+        Reviewed by Andreas Kling.
+
+        * http/tests/css/empty-stylesheet-integrity-crash-expected.txt: Added.
+        * http/tests/css/empty-stylesheet-integrity-crash.html: Added.
+
 2017-05-31  Matt Lewis  <[email protected]>
 
         Marked http/tests/preload/viewport/meta-viewport-link-headers.php as flaky.

Added: trunk/LayoutTests/http/tests/subresource-integrity/empty-stylesheet-integrity-crash-expected.txt (0 => 217616)


--- trunk/LayoutTests/http/tests/subresource-integrity/empty-stylesheet-integrity-crash-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/empty-stylesheet-integrity-crash-expected.txt	2017-05-31 19:11:24 UTC (rev 217616)
@@ -0,0 +1 @@
+This test passes if it doesn't crash.

Added: trunk/LayoutTests/http/tests/subresource-integrity/empty-stylesheet-integrity-crash.html (0 => 217616)


--- trunk/LayoutTests/http/tests/subresource-integrity/empty-stylesheet-integrity-crash.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/subresource-integrity/empty-stylesheet-integrity-crash.html	2017-05-31 19:11:24 UTC (rev 217616)
@@ -0,0 +1,7 @@
+<script>
+if (window.testRunner)
+    testRunner.dumpAsText();
+const defeatCaching = Math.random() * 100000000;
+document.write(`<link rel=stylesheet href="" integrity="sha384-OLBgp1GsljhM2TJ+sbHjaiH9txEUvgdDTAzHv2P24donTt6/529l+9Ua0vFImLlb">`);
+</script>
+This test passes if it doesn't crash.

Modified: trunk/Source/WebCore/ChangeLog (217615 => 217616)


--- trunk/Source/WebCore/ChangeLog	2017-05-31 19:04:44 UTC (rev 217615)
+++ trunk/Source/WebCore/ChangeLog	2017-05-31 19:11:24 UTC (rev 217616)
@@ -1,3 +1,18 @@
+2017-05-31  Antti Koivisto  <[email protected]>
+
+        CrashTracer: Regression : com.apple.WebKit.WebContent at STP responsible :: com.apple.WebCore: WebCore::SharedBuffer::data const + 11
+        https://bugs.webkit.org/show_bug.cgi?id=172747
+        <rdar://problem/32275314>
+
+        Reviewed by Andreas Kling.
+
+        Test: http/tests/subresource-integrity/empty-stylesheet-integrity-crash.html
+
+        * loader/SubresourceIntegrity.cpp:
+        (WebCore::matchIntegrityMetadata):
+
+            If the resource body is empty CachedResource::resourceBuffer() may be null.
+
 2017-05-31  Frederic Wang  <[email protected]>
 
         ScrollingStateScrollingNode::ChangedProperty::NumScrollingStateNodeBits is wrongly set

Modified: trunk/Source/WebCore/loader/SubresourceIntegrity.cpp (217615 => 217616)


--- trunk/Source/WebCore/loader/SubresourceIntegrity.cpp	2017-05-31 19:04:44 UTC (rev 217615)
+++ trunk/Source/WebCore/loader/SubresourceIntegrity.cpp	2017-05-31 19:11:24 UTC (rev 217616)
@@ -187,7 +187,7 @@
     // 5. Let metadata be the result of getting the strongest metadata from parsedMetadata.
     auto metadata = strongestMetadataFromSet(WTFMove(*parsedMetadata));
 
-    const auto& sharedBuffer = *resource.resourceBuffer();
+    const auto* sharedBuffer = resource.resourceBuffer();
     
     // 6. For each item in metadata:
     for (auto& item : metadata) {
@@ -198,7 +198,7 @@
         auto expectedValue = decodeEncodedResourceCryptographicDigest(item);
 
         // 3. Let actualValue be the result of applying algorithm to response.
-        auto actualValue = cryptographicDigestForBytes(algorithm, sharedBuffer.data(), sharedBuffer.size());
+        auto actualValue = cryptographicDigestForBytes(algorithm, sharedBuffer ? sharedBuffer->data() : nullptr, sharedBuffer ? sharedBuffer->size() : 0);
 
         // 4. If actualValue is a case-sensitive match for expectedValue, return true.
         if (expectedValue && actualValue.value == expectedValue->value)

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to