[webkit-changes] [234678] trunk

[commit-queue]

Title: [234678] trunk

Revision

234678

Author

commit-qu...@webkit.org

Date

2018-08-07 16:26:48 -0700 (Tue, 07 Aug 2018)

Log Message

fetch() with subresource integrity crashes on zero length body
https://bugs.webkit.org/show_bug.cgi?id=184325

Patch by Rob Buis <rb...@igalia.com> on 2018-08-07
Reviewed by Alex Christensen.

Source/WebCore:

Check that resourceBuffer() is non null before dereferencing.

Tests: http/tests/subresource-integrity/sri-fetch.js
       http/tests/subresource-integrity/sri-fetch-worker.js

* loader/DocumentThreadableLoader.cpp:
(WebCore::DocumentThreadableLoader::didFinishLoading):

LayoutTests:

Add a subtest for zero length resources.

* http/tests/subresource-integrity/resources/empty-resource.txt: Added.
* http/tests/subresource-integrity/sri-fetch-expected.txt:
* http/tests/subresource-integrity/sri-fetch-worker-expected.txt:
* http/tests/subresource-integrity/sri-fetch.js:

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt
• trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt
• trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.js
• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp

Added Paths

• trunk/LayoutTests/http/tests/subresource-integrity/resources/empty-resource.txt

Diff

Modified: trunk/LayoutTests/ChangeLog (234677 => 234678)

--- trunk/LayoutTests/ChangeLog	2018-08-07 23:21:08 UTC (rev 234677)
+++ trunk/LayoutTests/ChangeLog	2018-08-07 23:26:48 UTC (rev 234678)
@@ -1,3 +1,17 @@
+2018-08-07  Rob Buis  <rb...@igalia.com>
+
+        fetch() with subresource integrity crashes on zero length body
+        https://bugs.webkit.org/show_bug.cgi?id=184325
+
+        Reviewed by Alex Christensen.
+
+        Add a subtest for zero length resources.
+
+        * http/tests/subresource-integrity/resources/empty-resource.txt: Added.
+        * http/tests/subresource-integrity/sri-fetch-expected.txt:
+        * http/tests/subresource-integrity/sri-fetch-worker-expected.txt:
+        * http/tests/subresource-integrity/sri-fetch.js:
+
 2018-08-07  Commit Queue  <commit-qu...@webkit.org>
 
         Unreviewed, rolling out r234669.

Added: trunk/LayoutTests/http/tests/subresource-integrity/resources/empty-resource.txt ( => )

Modified: trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt
===================================================================
--- trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt	2018-08-07 23:21:08 UTC (rev 234677)
+++ trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt	2018-08-07 23:26:48 UTC (rev 234678)
@@ -31,4 +31,5 @@
 PASS Ineligible CORS SHA-512 integrity 
 PASS Ineligible CORS invalid integrity 
 PASS SHA-256 integrity with 'no-cors' mode 
+PASS Resource with zero length body 
 

Modified: trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt (234677 => 234678)

--- trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt	2018-08-07 23:21:08 UTC (rev 234677)
+++ trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch-worker-expected.txt	2018-08-07 23:26:48 UTC (rev 234678)
@@ -23,4 +23,5 @@
 PASS Ineligible CORS SHA-512 integrity 
 PASS Ineligible CORS invalid integrity 
 PASS SHA-256 integrity with 'no-cors' mode 
+PASS Resource with zero length body 
 

Modified: trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.js (234677 => 234678)

--- trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.js	2018-08-07 23:21:08 UTC (rev 234677)
+++ trunk/LayoutTests/http/tests/subresource-integrity/sri-fetch.js	2018-08-07 23:26:48 UTC (rev 234678)
@@ -10,6 +10,7 @@
 var remote_host_and_port = remote_host + ':' + port_string;
 
 var resource = "resources/resource.txt";
+var empty_resource = "resources/empty-resource.txt";
 var crossorigin_anon_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-anon-resource.txt';
 var crossorigin_creds_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-creds-resource.txt';
 var crossorigin_ineligible_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-ineligible-resource.txt';
@@ -59,5 +60,6 @@
 integrity("Ineligible CORS SHA-512 integrity", crossorigin_ineligible_resource, { 'integrity': topSha512 }, new TypeError());
 integrity("Ineligible CORS invalid integrity", crossorigin_ineligible_resource, { 'integrity': invalidSha512 }, new TypeError());
 integrity("SHA-256 integrity with 'no-cors' mode", resource, { 'integrity': topSha256, 'mode': 'no-cors' }, new TypeError());
+integrity("Resource with zero length body", empty_resource, { 'integrity': "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" });
 
 done();

Modified: trunk/Source/WebCore/ChangeLog (234677 => 234678)

--- trunk/Source/WebCore/ChangeLog	2018-08-07 23:21:08 UTC (rev 234677)
+++ trunk/Source/WebCore/ChangeLog	2018-08-07 23:26:48 UTC (rev 234678)
@@ -1,3 +1,18 @@
+2018-08-07  Rob Buis  <rb...@igalia.com>
+
+        fetch() with subresource integrity crashes on zero length body
+        https://bugs.webkit.org/show_bug.cgi?id=184325
+
+        Reviewed by Alex Christensen.
+
+        Check that resourceBuffer() is non null before dereferencing.
+
+        Tests: http/tests/subresource-integrity/sri-fetch.js
+               http/tests/subresource-integrity/sri-fetch-worker.js
+
+        * loader/DocumentThreadableLoader.cpp:
+        (WebCore::DocumentThreadableLoader::didFinishLoading):
+
 2018-08-07  Justin Fan  <justin_...@apple.com>
 
         Prevent querying for renderer info for disconnected or uninitialized displays

Modified: trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp (234677 => 234678)

--- trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp	2018-08-07 23:21:08 UTC (rev 234677)
+++ trunk/Source/WebCore/loader/DocumentThreadableLoader.cpp	2018-08-07 23:26:48 UTC (rev 234678)
@@ -449,12 +449,14 @@
 
         if (options().filteringPolicy == ResponseFilteringPolicy::Disable) {
             m_client->didReceiveResponse(identifier, response);
-            m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
+            if (m_resource->resourceBuffer())
+                m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
         } else {
             ASSERT(response.type() == ResourceResponse::Type::Default);
 
             m_client->didReceiveResponse(identifier, ResourceResponseBase::filter(response));
-            m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
+            if (m_resource->resourceBuffer())
+                m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
         }
     }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes