Title: [220525] trunk/Source/WebCore
Revision
220525
Author
carlo...@webkit.org
Date
2017-08-10 04:02:33 -0700 (Thu, 10 Aug 2017)

Log Message

[GTK] Crashes in WebCore::PasteboardHelper::fillSelectionData when source file of drag is unavailable
https://bugs.webkit.org/show_bug.cgi?id=174161

Reviewed by Xabier Rodriguez-Calvar.

In r219385 we changed the early return in fillSelectionData() to check the selection data length instead of the
data pointer. However, the gtk_selection_data_get_length() can return -1, so we need to check also if the value
less than 0. The case of setting an empty string could be valid depending on the target type, so it's better to
return early only when data lenght is less than 0 and handle the 0 length case in each target.

* platform/gtk/PasteboardHelper.cpp:
(WebCore::PasteboardHelper::fillSelectionData):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (220524 => 220525)


--- trunk/Source/WebCore/ChangeLog	2017-08-10 10:44:57 UTC (rev 220524)
+++ trunk/Source/WebCore/ChangeLog	2017-08-10 11:02:33 UTC (rev 220525)
@@ -1,3 +1,18 @@
+2017-08-10  Carlos Garcia Campos  <cgar...@igalia.com>
+
+        [GTK] Crashes in WebCore::PasteboardHelper::fillSelectionData when source file of drag is unavailable
+        https://bugs.webkit.org/show_bug.cgi?id=174161
+
+        Reviewed by Xabier Rodriguez-Calvar.
+
+        In r219385 we changed the early return in fillSelectionData() to check the selection data length instead of the
+        data pointer. However, the gtk_selection_data_get_length() can return -1, so we need to check also if the value
+        less than 0. The case of setting an empty string could be valid depending on the target type, so it's better to
+        return early only when data lenght is less than 0 and handle the 0 length case in each target.
+
+        * platform/gtk/PasteboardHelper.cpp:
+        (WebCore::PasteboardHelper::fillSelectionData):
+
 2017-08-10  Antti Koivisto  <an...@apple.com>
 
         Text renderer updates should be done by RenderTreeUpdater

Modified: trunk/Source/WebCore/platform/gtk/PasteboardHelper.cpp (220524 => 220525)


--- trunk/Source/WebCore/platform/gtk/PasteboardHelper.cpp	2017-08-10 10:44:57 UTC (rev 220524)
+++ trunk/Source/WebCore/platform/gtk/PasteboardHelper.cpp	2017-08-10 11:02:33 UTC (rev 220525)
@@ -209,7 +209,7 @@
 
 void PasteboardHelper::fillSelectionData(GtkSelectionData* data, unsigned /* info */, SelectionData& selection)
 {
-    if (!gtk_selection_data_get_length(data))
+    if (gtk_selection_data_get_length(data) < 0)
         return;
 
     GdkAtom target = gtk_selection_data_get_target(data);
@@ -228,11 +228,11 @@
 
         // Give preference to text/uri-list here, as it can hold more
         // than one URI but still take  the label if there is one.
-        if (!selection.hasURIList())
+        if (!selection.hasURIList() && !pieces.isEmpty())
             selection.setURIList(pieces[0]);
         if (pieces.size() > 1)
             selection.setText(pieces[1]);
-    } else if (target == unknownAtom) {
+    } else if (target == unknownAtom && gtk_selection_data_get_length(data)) {
         GRefPtr<GVariant> variant = g_variant_new_parsed(reinterpret_cast<const char*>(gtk_selection_data_get_data(data)));
 
         GUniqueOutPtr<gchar> key;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to