Title: [223681] trunk/Source/WebCore
- Revision
- 223681
- Author
- [email protected]
- Date
- 2017-10-19 00:41:41 -0700 (Thu, 19 Oct 2017)
Log Message
[curl] Segfault in WebCore::CurlRequest::setupPOST
https://bugs.webkit.org/show_bug.cgi?id=178434
Patch by Basuke Suzuki <[email protected]> on 2017-10-19
Reviewed by Ryosuke Niwa.
* platform/network/curl/CurlRequest.cpp:
(WebCore::CurlRequest::resolveBlobReferences):
(WebCore::CurlRequest::setupPOST):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (223680 => 223681)
--- trunk/Source/WebCore/ChangeLog 2017-10-19 06:35:30 UTC (rev 223680)
+++ trunk/Source/WebCore/ChangeLog 2017-10-19 07:41:41 UTC (rev 223681)
@@ -1,3 +1,14 @@
+2017-10-19 Basuke Suzuki <[email protected]>
+
+ [curl] Segfault in WebCore::CurlRequest::setupPOST
+ https://bugs.webkit.org/show_bug.cgi?id=178434
+
+ Reviewed by Ryosuke Niwa.
+
+ * platform/network/curl/CurlRequest.cpp:
+ (WebCore::CurlRequest::resolveBlobReferences):
+ (WebCore::CurlRequest::setupPOST):
+
2017-10-18 Ryosuke Niwa <[email protected]>
Don't expose raw HTML in pasteboard to the web content
Modified: trunk/Source/WebCore/platform/network/curl/CurlRequest.cpp (223680 => 223681)
--- trunk/Source/WebCore/platform/network/curl/CurlRequest.cpp 2017-10-19 06:35:30 UTC (rev 223680)
+++ trunk/Source/WebCore/platform/network/curl/CurlRequest.cpp 2017-10-19 07:41:41 UTC (rev 223681)
@@ -391,12 +391,12 @@
{
ASSERT(isMainThread());
- RefPtr<FormData> formData = request.httpBody();
- if (!formData)
+ auto body = request.httpBody();
+ if (!body || body->isEmpty())
return;
// Resolve the blob elements so the formData can correctly report it's size.
- formData = formData->resolveBlobReferences();
+ RefPtr<FormData> formData = body->resolveBlobReferences();
request.setHTTPBody(WTFMove(formData));
}
@@ -418,13 +418,17 @@
{
m_curlHandle->enableHttpPostRequest();
- auto numElements = request.httpBody()->elements().size();
+ auto body = request.httpBody();
+ if (!body || body->isEmpty())
+ return;
+
+ auto numElements = body->elements().size();
if (!numElements)
return;
// Do not stream for simple POST data
if (numElements == 1) {
- m_postBuffer = request.httpBody()->flatten();
+ m_postBuffer = body->flatten();
if (m_postBuffer.size())
m_curlHandle->setPostFields(m_postBuffer.data(), m_postBuffer.size());
} else
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes