Title: [229681] trunk/Source/WebCore
- Revision
- 229681
- Author
- [email protected]
- Date
- 2018-03-16 13:56:01 -0700 (Fri, 16 Mar 2018)
Log Message
[Curl] Fix crash on websocket with bad handshake message.
https://bugs.webkit.org/show_bug.cgi?id=183686
Patch by Basuke Suzuki <[email protected]> on 2018-03-16
Reviewed by Youenn Fablet.
The closing cleanup was called multiple times. Add flag to detect
it is already closed or not.
No new tests because it is covered by existing test:
- LayoutTests/http/tests/websocket/tests/hybi/bad-handshake-crash.html
* platform/network/curl/SocketStreamHandleImpl.h:
* platform/network/curl/SocketStreamHandleImplCurl.cpp:
(WebCore::SocketStreamHandleImpl::platformClose):
(WebCore::SocketStreamHandleImpl::didReceiveData):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (229680 => 229681)
--- trunk/Source/WebCore/ChangeLog 2018-03-16 20:06:58 UTC (rev 229680)
+++ trunk/Source/WebCore/ChangeLog 2018-03-16 20:56:01 UTC (rev 229681)
@@ -1,3 +1,21 @@
+2018-03-16 Basuke Suzuki <[email protected]>
+
+ [Curl] Fix crash on websocket with bad handshake message.
+ https://bugs.webkit.org/show_bug.cgi?id=183686
+
+ Reviewed by Youenn Fablet.
+
+ The closing cleanup was called multiple times. Add flag to detect
+ it is already closed or not.
+
+ No new tests because it is covered by existing test:
+ - LayoutTests/http/tests/websocket/tests/hybi/bad-handshake-crash.html
+
+ * platform/network/curl/SocketStreamHandleImpl.h:
+ * platform/network/curl/SocketStreamHandleImplCurl.cpp:
+ (WebCore::SocketStreamHandleImpl::platformClose):
+ (WebCore::SocketStreamHandleImpl::didReceiveData):
+
2018-03-16 Jer Noble <[email protected]>
Make Fullscreen API an Experimental Feature
Modified: trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h (229680 => 229681)
--- trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h 2018-03-16 20:06:58 UTC (rev 229680)
+++ trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h 2018-03-16 20:56:01 UTC (rev 229681)
@@ -100,6 +100,7 @@
Lock m_mutexReceive;
Deque<SocketData> m_sendData;
Deque<SocketData> m_receiveData;
+ bool m_closed { false };
StreamBuffer<char, 1024 * 1024> m_buffer;
static const unsigned maxBufferSize = 100 * 1024 * 1024;
Modified: trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImplCurl.cpp (229680 => 229681)
--- trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImplCurl.cpp 2018-03-16 20:06:58 UTC (rev 229680)
+++ trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImplCurl.cpp 2018-03-16 20:56:01 UTC (rev 229681)
@@ -88,6 +88,10 @@
ASSERT(isMainThread());
+ if (m_closed)
+ return;
+
+ m_closed = true;
stopThread();
m_client.didCloseSocketStream(*this);
@@ -268,7 +272,7 @@
if (socketData.size > 0) {
if (state() == Open)
m_client.didReceiveSocketStreamData(*this, socketData.data.get(), socketData.size);
- } else
+ } else if (!m_closed)
platformClose();
}
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
