[webkit-changes] [233457] trunk/Source/ThirdParty

[mcatanzaro]

Title: [233457] trunk/Source/ThirdParty

Revision

233457

Author

mcatanz...@igalia.com

Date

2018-07-03 00:05:58 -0700 (Tue, 03 Jul 2018)

Log Message

[WPE][GTK] Another memory issue in xdgmime
https://bugs.webkit.org/show_bug.cgi?id=187239

Reviewed by Carlos Garcia Campos.

Sync the end of xdg_mime_get_mime_type_for_file() with _xdg_mime_cache_get_mime_type_for_file()
to avoid a memory issue.

I'm pretty sure this code is never executed by either Chromium or WebKit, but I'm not
comfortable with leaving it broken.

* xdgmime/README.webkit:
* xdgmime/src/xdgmime.c:
(xdg_mime_get_mime_type_for_file):

Modified Paths

• trunk/Source/ThirdParty/ChangeLog
• trunk/Source/ThirdParty/xdgmime/README.webkit
• trunk/Source/ThirdParty/xdgmime/src/xdgmime.c

Diff

Modified: trunk/Source/ThirdParty/ChangeLog (233456 => 233457)

--- trunk/Source/ThirdParty/ChangeLog	2018-07-03 03:55:24 UTC (rev 233456)
+++ trunk/Source/ThirdParty/ChangeLog	2018-07-03 07:05:58 UTC (rev 233457)
@@ -1,3 +1,20 @@
+2018-07-03  Michael Catanzaro  <mcatanz...@igalia.com>
+
+        [WPE][GTK] Another memory issue in xdgmime
+        https://bugs.webkit.org/show_bug.cgi?id=187239
+
+        Reviewed by Carlos Garcia Campos.
+
+        Sync the end of xdg_mime_get_mime_type_for_file() with _xdg_mime_cache_get_mime_type_for_file()
+        to avoid a memory issue.
+
+        I'm pretty sure this code is never executed by either Chromium or WebKit, but I'm not
+        comfortable with leaving it broken.
+
+        * xdgmime/README.webkit:
+        * xdgmime/src/xdgmime.c:
+        (xdg_mime_get_mime_type_for_file):
+
 2018-06-30  Michael Catanzaro  <mcatanz...@igalia.com>
 
         Fix off-by-one error in xdg_mime_get_simple_globs

Modified: trunk/Source/ThirdParty/xdgmime/README.webkit (233456 => 233457)

--- trunk/Source/ThirdParty/xdgmime/README.webkit	2018-07-03 03:55:24 UTC (rev 233456)
+++ trunk/Source/ThirdParty/xdgmime/README.webkit	2018-07-03 07:05:58 UTC (rev 233457)
@@ -18,3 +18,7 @@
  - 2542b6f60492fadfb21f2c4a29976c3494c7e6c5 xdgmime: Handle EINTR in open()
  - 83d34f630939aa13539e03895bef87da738c4127 Don't forget to free resources in an early return
  - be7f40185fb2ce884112c1f8a4b196ea65350466 xdgmime: Fix an invalid read
+
+Changes included from Chromium:
+
+ - c432cac0a0beb77c63081536fc9d53b40e642cbf small patch that fixes potential crash in xdg_mime_get_mime_type_for_file() - use of pointer after being freed.

Modified: trunk/Source/ThirdParty/xdgmime/src/xdgmime.c (233456 => 233457)

--- trunk/Source/ThirdParty/xdgmime/src/xdgmime.c	2018-07-03 03:55:24 UTC (rev 233456)
+++ trunk/Source/ThirdParty/xdgmime/src/xdgmime.c	2018-07-03 07:05:58 UTC (rev 233457)
@@ -558,13 +558,13 @@
   mime_type = _xdg_mime_magic_lookup_data (global_magic, data, bytes_read, NULL,
 					   mime_types, n);
 
+  if (!mime_type)
+    mime_type = _xdg_binary_or_text_fallback (data, bytes_read);
+
   free (data);
   fclose (file);
 
-  if (mime_type)
-    return mime_type;
-
-  return _xdg_binary_or_text_fallback(data, bytes_read);
+  return mime_type;
 }
 
 const char *

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes