[webkit-changes] [228975] trunk/Source/WebCore

[commit-queue]

Title: [228975] trunk/Source/WebCore

Revision

228975

Author

commit-qu...@webkit.org

Date

2018-02-24 14:06:39 -0800 (Sat, 24 Feb 2018)

Log Message

Null-dereference of the second argument `resource` of DocumentLoader::scheduleSubstituteResourceLoad
https://bugs.webkit.org/show_bug.cgi?id=182920

Patch by Fujii Hironori <hironori.fu...@sony.com> on 2018-02-24
Reviewed by Darin Adler.

A test case
imported/w3c/web-platform-tests/html/browsers/offline/appcache/workers/appcache-worker.html
always crashes due to a null-dereference if compiled and optimized
by GCC 7.2. The second argument `resource` of
DocumentLoader::scheduleSubstituteResourceLoad can be null if the
resource can't be found in cache. I guess GCC optimizes inline
HashMap::add based on assuming the `resource` never becomes null
because its type is SubstituteResource&.

This changes introduces a new method
DocumentLoader::scheduleCannotShowURLError because it looks tricky
to pass a nullptr to the second argument of
scheduleSubstituteResourceLoad.

No new tests (Covered by existing tests).

* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::scheduleCannotShowURLError): Added a new method.
* loader/DocumentLoader.h:
* loader/appcache/ApplicationCacheHost.cpp:
(WebCore::ApplicationCacheHost::maybeLoadResource):
Call scheduleCannotShowURLError if the resource not found in the appcache.

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/DocumentLoader.cpp
• trunk/Source/WebCore/loader/DocumentLoader.h
• trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (228974 => 228975)

--- trunk/Source/WebCore/ChangeLog	2018-02-24 21:47:52 UTC (rev 228974)
+++ trunk/Source/WebCore/ChangeLog	2018-02-24 22:06:39 UTC (rev 228975)
@@ -1,3 +1,33 @@
+2018-02-24  Fujii Hironori  <hironori.fu...@sony.com>
+
+        Null-dereference of the second argument `resource` of DocumentLoader::scheduleSubstituteResourceLoad
+        https://bugs.webkit.org/show_bug.cgi?id=182920
+
+        Reviewed by Darin Adler.
+
+        A test case
+        imported/w3c/web-platform-tests/html/browsers/offline/appcache/workers/appcache-worker.html
+        always crashes due to a null-dereference if compiled and optimized
+        by GCC 7.2. The second argument `resource` of
+        DocumentLoader::scheduleSubstituteResourceLoad can be null if the
+        resource can't be found in cache. I guess GCC optimizes inline
+        HashMap::add based on assuming the `resource` never becomes null
+        because its type is SubstituteResource&.
+
+        This changes introduces a new method
+        DocumentLoader::scheduleCannotShowURLError because it looks tricky
+        to pass a nullptr to the second argument of
+        scheduleSubstituteResourceLoad.
+
+        No new tests (Covered by existing tests).
+
+        * loader/DocumentLoader.cpp:
+        (WebCore::DocumentLoader::scheduleCannotShowURLError): Added a new method.
+        * loader/DocumentLoader.h:
+        * loader/appcache/ApplicationCacheHost.cpp:
+        (WebCore::ApplicationCacheHost::maybeLoadResource):
+        Call scheduleCannotShowURLError if the resource not found in the appcache.
+
 2018-02-17  Darin Adler  <da...@apple.com>
 
         Prepare for ExtendedColor changes (first step)

Modified: trunk/Source/WebCore/loader/DocumentLoader.cpp (228974 => 228975)

--- trunk/Source/WebCore/loader/DocumentLoader.cpp	2018-02-24 21:47:52 UTC (rev 228974)
+++ trunk/Source/WebCore/loader/DocumentLoader.cpp	2018-02-24 22:06:39 UTC (rev 228975)
@@ -1437,6 +1437,12 @@
     deliverSubstituteResourcesAfterDelay();
 }
 
+void DocumentLoader::scheduleCannotShowURLError(ResourceLoader& loader)
+{
+    m_pendingSubstituteResources.set(&loader, nullptr);
+    deliverSubstituteResourcesAfterDelay();
+}
+
 void DocumentLoader::addResponse(const ResourceResponse& response)
 {
     if (!m_stopRecordingResponses)

Modified: trunk/Source/WebCore/loader/DocumentLoader.h (228974 => 228975)

--- trunk/Source/WebCore/loader/DocumentLoader.h	2018-02-24 21:47:52 UTC (rev 228974)
+++ trunk/Source/WebCore/loader/DocumentLoader.h	2018-02-24 22:06:39 UTC (rev 228975)
@@ -184,6 +184,7 @@
 #endif
 
     void scheduleSubstituteResourceLoad(ResourceLoader&, SubstituteResource&);
+    void scheduleCannotShowURLError(ResourceLoader&);
 
     // Return the ArchiveResource for the URL only when loading an Archive
     WEBCORE_EXPORT ArchiveResource* archiveResourceForURL(const URL&) const;

Modified: trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp (228974 => 228975)

--- trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp	2018-02-24 21:47:52 UTC (rev 228974)
+++ trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp	2018-02-24 22:06:39 UTC (rev 228975)
@@ -182,7 +182,10 @@
     if (!shouldLoadResourceFromApplicationCache(request, resource))
         return false;
 
-    m_documentLoader.scheduleSubstituteResourceLoad(loader, *resource);
+    if (resource)
+        m_documentLoader.scheduleSubstituteResourceLoad(loader, *resource);
+    else
+        m_documentLoader.scheduleCannotShowURLError(loader);
     return true;
 }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes