Title: [229240] releases/WebKitGTK/webkit-2.20/Source/WebCore
- Revision
- 229240
- Author
- [email protected]
- Date
- 2018-03-05 03:10:46 -0800 (Mon, 05 Mar 2018)
Log Message
Merge r228975 - Null-dereference of the second argument `resource` of DocumentLoader::scheduleSubstituteResourceLoad
https://bugs.webkit.org/show_bug.cgi?id=182920
Patch by Fujii Hironori <[email protected]> on 2018-02-24
Reviewed by Darin Adler.
A test case
imported/w3c/web-platform-tests/html/browsers/offline/appcache/workers/appcache-worker.html
always crashes due to a null-dereference if compiled and optimized
by GCC 7.2. The second argument `resource` of
DocumentLoader::scheduleSubstituteResourceLoad can be null if the
resource can't be found in cache. I guess GCC optimizes inline
HashMap::add based on assuming the `resource` never becomes null
because its type is SubstituteResource&.
This changes introduces a new method
DocumentLoader::scheduleCannotShowURLError because it looks tricky
to pass a nullptr to the second argument of
scheduleSubstituteResourceLoad.
No new tests (Covered by existing tests).
* loader/DocumentLoader.cpp:
(WebCore::DocumentLoader::scheduleCannotShowURLError): Added a new method.
* loader/DocumentLoader.h:
* loader/appcache/ApplicationCacheHost.cpp:
(WebCore::ApplicationCacheHost::maybeLoadResource):
Call scheduleCannotShowURLError if the resource not found in the appcache.
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog (229239 => 229240)
--- releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog 2018-03-05 11:10:38 UTC (rev 229239)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/ChangeLog 2018-03-05 11:10:46 UTC (rev 229240)
@@ -1,3 +1,33 @@
+2018-02-24 Fujii Hironori <[email protected]>
+
+ Null-dereference of the second argument `resource` of DocumentLoader::scheduleSubstituteResourceLoad
+ https://bugs.webkit.org/show_bug.cgi?id=182920
+
+ Reviewed by Darin Adler.
+
+ A test case
+ imported/w3c/web-platform-tests/html/browsers/offline/appcache/workers/appcache-worker.html
+ always crashes due to a null-dereference if compiled and optimized
+ by GCC 7.2. The second argument `resource` of
+ DocumentLoader::scheduleSubstituteResourceLoad can be null if the
+ resource can't be found in cache. I guess GCC optimizes inline
+ HashMap::add based on assuming the `resource` never becomes null
+ because its type is SubstituteResource&.
+
+ This changes introduces a new method
+ DocumentLoader::scheduleCannotShowURLError because it looks tricky
+ to pass a nullptr to the second argument of
+ scheduleSubstituteResourceLoad.
+
+ No new tests (Covered by existing tests).
+
+ * loader/DocumentLoader.cpp:
+ (WebCore::DocumentLoader::scheduleCannotShowURLError): Added a new method.
+ * loader/DocumentLoader.h:
+ * loader/appcache/ApplicationCacheHost.cpp:
+ (WebCore::ApplicationCacheHost::maybeLoadResource):
+ Call scheduleCannotShowURLError if the resource not found in the appcache.
+
2018-02-23 Chris Dumez <[email protected]>
Crash under SchemeRegistry::shouldTreatURLSchemeAsLocal(WTF::String const&)
Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/DocumentLoader.cpp (229239 => 229240)
--- releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/DocumentLoader.cpp 2018-03-05 11:10:38 UTC (rev 229239)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/DocumentLoader.cpp 2018-03-05 11:10:46 UTC (rev 229240)
@@ -1432,6 +1432,12 @@
deliverSubstituteResourcesAfterDelay();
}
+void DocumentLoader::scheduleCannotShowURLError(ResourceLoader& loader)
+{
+ m_pendingSubstituteResources.set(&loader, nullptr);
+ deliverSubstituteResourcesAfterDelay();
+}
+
void DocumentLoader::addResponse(const ResourceResponse& response)
{
if (!m_stopRecordingResponses)
Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/DocumentLoader.h (229239 => 229240)
--- releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/DocumentLoader.h 2018-03-05 11:10:38 UTC (rev 229239)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/DocumentLoader.h 2018-03-05 11:10:46 UTC (rev 229240)
@@ -184,6 +184,7 @@
#endif
void scheduleSubstituteResourceLoad(ResourceLoader&, SubstituteResource&);
+ void scheduleCannotShowURLError(ResourceLoader&);
// Return the ArchiveResource for the URL only when loading an Archive
WEBCORE_EXPORT ArchiveResource* archiveResourceForURL(const URL&) const;
Modified: releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp (229239 => 229240)
--- releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2018-03-05 11:10:38 UTC (rev 229239)
+++ releases/WebKitGTK/webkit-2.20/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2018-03-05 11:10:46 UTC (rev 229240)
@@ -179,7 +179,10 @@
if (!shouldLoadResourceFromApplicationCache(request, resource))
return false;
- m_documentLoader.scheduleSubstituteResourceLoad(loader, *resource);
+ if (resource)
+ m_documentLoader.scheduleSubstituteResourceLoad(loader, *resource);
+ else
+ m_documentLoader.scheduleCannotShowURLError(loader);
return true;
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
