Title: [219385] trunk/Source/WebCore
- Revision
- 219385
- Author
- [email protected]
- Date
- 2017-07-12 00:02:25 -0700 (Wed, 12 Jul 2017)
Log Message
[GTK] Crashes in WebCore::PasteboardHelper::fillSelectionData when source file of drag is unavailable
https://bugs.webkit.org/show_bug.cgi?id=174161
Reviewed by Michael Catanzaro.
It seems selection data could contain an empty string, in which case gtk_selection_data_get_data() returns a
valid pointer, but gtk_selection_data_get_length() returns 0. When this happens we end up trying to split an
empty string resulting in an empty vector, but we unconditionally access the first element of the vector.
* platform/gtk/PasteboardHelper.cpp:
(WebCore::selectionDataToUTF8String): Return a null string in case selection data length is 0.
(WebCore::PasteboardHelper::fillSelectionData): Return early if selection data length is 0, instead of checking
the selection data pointer.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (219384 => 219385)
--- trunk/Source/WebCore/ChangeLog 2017-07-12 06:59:15 UTC (rev 219384)
+++ trunk/Source/WebCore/ChangeLog 2017-07-12 07:02:25 UTC (rev 219385)
@@ -1,3 +1,19 @@
+2017-07-12 Carlos Garcia Campos <[email protected]>
+
+ [GTK] Crashes in WebCore::PasteboardHelper::fillSelectionData when source file of drag is unavailable
+ https://bugs.webkit.org/show_bug.cgi?id=174161
+
+ Reviewed by Michael Catanzaro.
+
+ It seems selection data could contain an empty string, in which case gtk_selection_data_get_data() returns a
+ valid pointer, but gtk_selection_data_get_length() returns 0. When this happens we end up trying to split an
+ empty string resulting in an empty vector, but we unconditionally access the first element of the vector.
+
+ * platform/gtk/PasteboardHelper.cpp:
+ (WebCore::selectionDataToUTF8String): Return a null string in case selection data length is 0.
+ (WebCore::PasteboardHelper::fillSelectionData): Return early if selection data length is 0, instead of checking
+ the selection data pointer.
+
2017-07-11 Carlos Garcia Campos <[email protected]>
[GTK][WPE] Enable FILE_LOCK and implement lockFile and unlockFile
Modified: trunk/Source/WebCore/platform/gtk/PasteboardHelper.cpp (219384 => 219385)
--- trunk/Source/WebCore/platform/gtk/PasteboardHelper.cpp 2017-07-12 06:59:15 UTC (rev 219384)
+++ trunk/Source/WebCore/platform/gtk/PasteboardHelper.cpp 2017-07-12 07:02:25 UTC (rev 219385)
@@ -85,6 +85,9 @@
static String selectionDataToUTF8String(GtkSelectionData* data)
{
+ if (!gtk_selection_data_get_length(data))
+ return String();
+
// g_strndup guards against selection data that is not null-terminated.
GUniquePtr<gchar> markupString(g_strndup(reinterpret_cast<const char*>(gtk_selection_data_get_data(data)), gtk_selection_data_get_length(data)));
return String::fromUTF8(markupString.get());
@@ -206,7 +209,7 @@
void PasteboardHelper::fillSelectionData(GtkSelectionData* data, unsigned /* info */, SelectionData& selection)
{
- if (!gtk_selection_data_get_data(data))
+ if (!gtk_selection_data_get_length(data))
return;
GdkAtom target = gtk_selection_data_get_target(data);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
