Title: [228813] releases/WebKitGTK/webkit-2.20/Source/WebKit
- Revision
- 228813
- Author
- [email protected]
- Date
- 2018-02-20 05:48:41 -0800 (Tue, 20 Feb 2018)
Log Message
Merge r228713 - Null pointer dereference in WebPageProxy::urlSchemeHandlerForScheme()
https://bugs.webkit.org/show_bug.cgi?id=182905
<rdar://problem/37676775>
Reviewed by Alex Christensen.
Return nullptr when querying for the scheme handler of the null string.
Before a navigation is performed WebKit checks if the destination URL is associated with an app
unless the embedding client overrides the WKNavigationDelegate delegate callback -webView:decidePolicyForNavigationAction:decisionHandler.
If the URL is not associated with an app then WebKit may fall back to checking if the embedding
client registered a scheme handler for it. Currently we assume that the scheme is a non-null
string when checking the scheme handler registry. However the scheme can be a null string if
it is part of a malformed URL. And this leads to bad news bears when we try to use it to look
for a scheme handler. Instead check that the scheme is a non-null string before checking to see
if it is in the scheme handler registry.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::urlSchemeHandlerForScheme):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.20/Source/WebKit/ChangeLog (228812 => 228813)
--- releases/WebKitGTK/webkit-2.20/Source/WebKit/ChangeLog 2018-02-20 13:48:36 UTC (rev 228812)
+++ releases/WebKitGTK/webkit-2.20/Source/WebKit/ChangeLog 2018-02-20 13:48:41 UTC (rev 228813)
@@ -1,3 +1,25 @@
+2018-02-19 Daniel Bates <[email protected]>
+
+ Null pointer dereference in WebPageProxy::urlSchemeHandlerForScheme()
+ https://bugs.webkit.org/show_bug.cgi?id=182905
+ <rdar://problem/37676775>
+
+ Reviewed by Alex Christensen.
+
+ Return nullptr when querying for the scheme handler of the null string.
+
+ Before a navigation is performed WebKit checks if the destination URL is associated with an app
+ unless the embedding client overrides the WKNavigationDelegate delegate callback -webView:decidePolicyForNavigationAction:decisionHandler.
+ If the URL is not associated with an app then WebKit may fall back to checking if the embedding
+ client registered a scheme handler for it. Currently we assume that the scheme is a non-null
+ string when checking the scheme handler registry. However the scheme can be a null string if
+ it is part of a malformed URL. And this leads to bad news bears when we try to use it to look
+ for a scheme handler. Instead check that the scheme is a non-null string before checking to see
+ if it is in the scheme handler registry.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::urlSchemeHandlerForScheme):
+
2018-02-15 Don Olmstead <[email protected]>
WebCore headers should not be included relatively within dependent projects
Modified: releases/WebKitGTK/webkit-2.20/Source/WebKit/UIProcess/WebPageProxy.cpp (228812 => 228813)
--- releases/WebKitGTK/webkit-2.20/Source/WebKit/UIProcess/WebPageProxy.cpp 2018-02-20 13:48:36 UTC (rev 228812)
+++ releases/WebKitGTK/webkit-2.20/Source/WebKit/UIProcess/WebPageProxy.cpp 2018-02-20 13:48:41 UTC (rev 228813)
@@ -7174,7 +7174,7 @@
WebURLSchemeHandler* WebPageProxy::urlSchemeHandlerForScheme(const String& scheme)
{
- return m_urlSchemeHandlersByScheme.get(scheme);
+ return scheme.isNull() ? nullptr : m_urlSchemeHandlersByScheme.get(scheme);
}
void WebPageProxy::startURLSchemeTask(URLSchemeTaskParameters&& parameters)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
