Skip to site navigation (Press enter)

[webkit-changes] [234735] trunk

commit-queue Thu, 09 Aug 2018 14:44:49 -0700

Title: [234735] trunk

Revision: 234735
Author: [email protected]
Date: 2018-08-09 14:43:48 -0700 (Thu, 09 Aug 2018)

Log Message

WKURLSchemeHandler crashes when sent errors with sync XHR
https://bugs.webkit.org/show_bug.cgi?id=188358


Patch by Alex Christensen <[email protected]> on 2018-08-09
Reviewed by Chris Dumez.

Source/WebKit:

* UIProcess/WebURLSchemeTask.cpp:
(WebKit::WebURLSchemeTask::didReceiveData):
(WebKit::WebURLSchemeTask::didComplete):
* UIProcess/WebURLSchemeTask.h:

Tools:

* TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
(-[SyncErrorScheme webView:startURLSchemeTask:]):
(-[SyncErrorScheme webView:stopURLSchemeTask:]):
(-[SyncErrorScheme webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/WebURLSchemeTask.cpp
trunk/Source/WebKit/UIProcess/WebURLSchemeTask.h
trunk/Tools/ChangeLog
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm

Diff

Modified: trunk/Source/WebKit/ChangeLog (234734 => 234735)


--- trunk/Source/WebKit/ChangeLog	2018-08-09 20:43:26 UTC (rev 234734)
+++ trunk/Source/WebKit/ChangeLog	2018-08-09 21:43:48 UTC (rev 234735)
@@ -1,3 +1,15 @@
+2018-08-09  Alex Christensen  <[email protected]>
+
+        WKURLSchemeHandler crashes when sent errors with sync XHR
+        https://bugs.webkit.org/show_bug.cgi?id=188358
+
+        Reviewed by Chris Dumez.
+
+        * UIProcess/WebURLSchemeTask.cpp:
+        (WebKit::WebURLSchemeTask::didReceiveData):
+        (WebKit::WebURLSchemeTask::didComplete):
+        * UIProcess/WebURLSchemeTask.h:
+
 2018-08-09  Sihui Liu  <[email protected]>
 
         REGRESSION (r232083): WKWebView loses first-party cookies on iOS

Modified: trunk/Source/WebKit/UIProcess/WebURLSchemeTask.cpp (234734 => 234735)


--- trunk/Source/WebKit/UIProcess/WebURLSchemeTask.cpp	2018-08-09 20:43:26 UTC (rev 234734)
+++ trunk/Source/WebKit/UIProcess/WebURLSchemeTask.cpp	2018-08-09 21:43:48 UTC (rev 234735)
@@ -96,7 +96,7 @@
     return ExceptionType::None;
 }
 
-auto WebURLSchemeTask::didReceiveData(Ref<SharedBuffer> buffer) -> ExceptionType
+auto WebURLSchemeTask::didReceiveData(Ref<SharedBuffer>&& buffer) -> ExceptionType
 {
     if (m_stopped)
         return ExceptionType::TaskAlreadyStopped;
@@ -110,9 +110,10 @@
     m_dataSent = true;
 
     if (isSync()) {
-        if (!m_syncData)
-            m_syncData = SharedBuffer::create();
-        m_syncData->append(buffer);
+        if (m_syncData)
+            m_syncData->append(buffer);
+        else
+            m_syncData = WTFMove(buffer);
     }
 
     m_page->send(Messages::WebPage::URLSchemeTaskDidReceiveData(m_urlSchemeHandler->identifier(), m_identifier, IPC::SharedBufferDataReference(buffer.ptr())));
@@ -133,7 +134,10 @@
     m_completed = true;
     
     if (isSync()) {
-        m_syncCompletionHandler(m_syncResponse, error, IPC::DataReference { (const uint8_t*)m_syncData->data(), m_syncData->size() });
+        IPC::DataReference data;
+        if (m_syncData)
+            data = { reinterpret_cast<const uint8_t*>(m_syncData->data()), m_syncData->size() };
+        m_syncCompletionHandler(m_syncResponse, error, data);
         m_syncData = nullptr;
     }

Modified: trunk/Source/WebKit/UIProcess/WebURLSchemeTask.h (234734 => 234735)


--- trunk/Source/WebKit/UIProcess/WebURLSchemeTask.h	2018-08-09 20:43:26 UTC (rev 234734)
+++ trunk/Source/WebKit/UIProcess/WebURLSchemeTask.h	2018-08-09 21:43:48 UTC (rev 234735)
@@ -70,7 +70,7 @@
     };
     ExceptionType didPerformRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&&);
     ExceptionType didReceiveResponse(const WebCore::ResourceResponse&);
-    ExceptionType didReceiveData(Ref<WebCore::SharedBuffer>);
+    ExceptionType didReceiveData(Ref<WebCore::SharedBuffer>&&);
     ExceptionType didComplete(const WebCore::ResourceError&);
 
     void stop();

Modified: trunk/Tools/ChangeLog (234734 => 234735)


--- trunk/Tools/ChangeLog	2018-08-09 20:43:26 UTC (rev 234734)
+++ trunk/Tools/ChangeLog	2018-08-09 21:43:48 UTC (rev 234735)
@@ -1,3 +1,15 @@
+2018-08-09  Alex Christensen  <[email protected]>
+
+        WKURLSchemeHandler crashes when sent errors with sync XHR
+        https://bugs.webkit.org/show_bug.cgi?id=188358
+
+        Reviewed by Chris Dumez.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
+        (-[SyncErrorScheme webView:startURLSchemeTask:]):
+        (-[SyncErrorScheme webView:stopURLSchemeTask:]):
+        (-[SyncErrorScheme webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
+
 2018-08-09  Per Arne Vollan  <[email protected]>
 
         REGRESSION(r234652): fast/scrolling/rtl-scrollbars-animation-property.html is failing

Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm (234734 => 234735)


--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm	2018-08-09 20:43:26 UTC (rev 234734)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm	2018-08-09 21:43:48 UTC (rev 234735)
@@ -538,5 +538,49 @@
     TestWebKitAPI::Util::run(&receivedStop);
 }
 
+@interface SyncErrorScheme : NSObject <WKURLSchemeHandler, WKUIDelegate>
+@end
+
+@implementation SyncErrorScheme
+
+- (void)webView:(WKWebView *)webView startURLSchemeTask:(id <WKURLSchemeTask>)task
+{
+    if ([task.request.URL.absoluteString isEqualToString:@"syncerror:///main.html"]) {
+        static const char* bytes = "<script>var xhr=new XMLHttpRequest();xhr.open('GET','subresource',false);try{xhr.send(null);alert('no error')}catch(e){alert(e)}</script>";
+        [task didReceiveResponse:[[[NSURLResponse alloc] initWithURL:task.request.URL MIMEType:@"text/html" expectedContentLength:strlen(bytes) textEncodingName:nil] autorelease]];
+        [task didReceiveData:[NSData dataWithBytes:bytes length:strlen(bytes)]];
+        [task didFinish];
+    } else {
+        EXPECT_STREQ(task.request.URL.absoluteString.UTF8String, "syncerror:///subresource");
+        [task didReceiveResponse:[[[NSURLResponse alloc] init] autorelease]];
+        [task didFailWithError:[NSError errorWithDomain:@"TestErrorDomain" code:123 userInfo:nil]];
+    }
+}
+
+- (void)webView:(WKWebView *)webView stopURLSchemeTask:(id <WKURLSchemeTask>)task
+{
+}
+
+- (void)webView:(WKWebView *)webView runJavaScriptAlertPanelWithMessage:(NSString *)message initiatedByFrame:(WKFrameInfo *)frame completionHandler:(void (^)(void))completionHandler
+{
+    EXPECT_STREQ(message.UTF8String, "NetworkError:  A network error occurred.");
+    completionHandler();
+    done = true;
+}
+
+@end
+
+TEST(URLSchemeHandler, SyncXHRError)
+{
+    auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    auto handler = adoptNS([[SyncErrorScheme alloc] init]);
+    [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"syncerror"];
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]);
+    [webView setUIDelegate:handler.get()];
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"syncerror:///main.html"]]];
+    TestWebKitAPI::Util::run(&done);
+}
+
+
 #endif // WK_API_ENABLED

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes