[webkit-changes] [256672] branches/safari-609-branch

Fri, 14 Feb 2020 19:02:41 -0800

Title: [256672] branches/safari-609-branch
Revision
256672
Author
repst...@apple.com
Date
2020-02-14 19:01:37 -0800 (Fri, 14 Feb 2020)

Log Message

Cherry-pick r256395. rdar://problem/59447024

    Bug 207424: Crash in WebCore::ParsedContentType::parseContentType when parsing invalid MIME type
    <https://webkit.org/b/207424>
    <rdar://problem/59250384>

    Patch by Rob Buis <rb...@igalia.com> and David Kilzer <ddkil...@apple.com> on 2020-02-11
    Reviewed by Rob Buis.

    Source/WebCore:

    Return StringView directly rather than wrapping
    it in Optional, since StringView's can be null tested.

    Tests: TestWebKitAPI.ParsedContentType

    * platform/network/ParsedContentType.cpp:
    (WebCore::parseToken):
    (WebCore::parseQuotedString):
    (WebCore::ParsedContentType::parseContentType): Don't set type
    parameter if parameterName is null string.  Remove unneeded
    `parameterName` variable; use keyRange.toString() instead.

    Tools:

    * TestWebKitAPI/Tests/WebCore/ParsedContentType.cpp:
    (TestWebKitAPI::TEST): Add more tests.

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256395 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

Diff

Modified: branches/safari-609-branch/Source/WebCore/ChangeLog (256671 => 256672)


--- branches/safari-609-branch/Source/WebCore/ChangeLog	2020-02-15 03:01:34 UTC (rev 256671)
+++ branches/safari-609-branch/Source/WebCore/ChangeLog	2020-02-15 03:01:37 UTC (rev 256672)
@@ -1,5 +1,57 @@
 2020-02-14  Russell Epstein  <repst...@apple.com>
 
+        Cherry-pick r256395. rdar://problem/59447024
+
+    Bug 207424: Crash in WebCore::ParsedContentType::parseContentType when parsing invalid MIME type
+    <https://webkit.org/b/207424>
+    <rdar://problem/59250384>
+    
+    Patch by Rob Buis <rb...@igalia.com> and David Kilzer <ddkil...@apple.com> on 2020-02-11
+    Reviewed by Rob Buis.
+    
+    Source/WebCore:
+    
+    Return StringView directly rather than wrapping
+    it in Optional, since StringView's can be null tested.
+    
+    Tests: TestWebKitAPI.ParsedContentType
+    
+    * platform/network/ParsedContentType.cpp:
+    (WebCore::parseToken):
+    (WebCore::parseQuotedString):
+    (WebCore::ParsedContentType::parseContentType): Don't set type
+    parameter if parameterName is null string.  Remove unneeded
+    `parameterName` variable; use keyRange.toString() instead.
+    
+    Tools:
+    
+    * TestWebKitAPI/Tests/WebCore/ParsedContentType.cpp:
+    (TestWebKitAPI::TEST): Add more tests.
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256395 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-02-11  Rob Buis  <rb...@igalia.com>
+
+            Bug 207424: Crash in WebCore::ParsedContentType::parseContentType when parsing invalid MIME type
+            <https://webkit.org/b/207424>
+            <rdar://problem/59250384>
+
+            Reviewed by Rob Buis.
+
+            Return StringView directly rather than wrapping
+            it in Optional, since StringView's can be null tested.
+
+            Tests: TestWebKitAPI.ParsedContentType
+
+            * platform/network/ParsedContentType.cpp:
+            (WebCore::parseToken):
+            (WebCore::parseQuotedString):
+            (WebCore::ParsedContentType::parseContentType): Don't set type
+            parameter if parameterName is null string.  Remove unneeded
+            `parameterName` variable; use keyRange.toString() instead.
+
+2020-02-14  Russell Epstein  <repst...@apple.com>
+
         Cherry-pick r256377. rdar://problem/59446971
 
     Regression: RTCRtpSender.getCapabilities("video") returns null on iOS 13.4 (17E5223h)

Modified: branches/safari-609-branch/Source/WebCore/platform/network/ParsedContentType.cpp (256671 => 256672)


--- branches/safari-609-branch/Source/WebCore/platform/network/ParsedContentType.cpp	2020-02-15 03:01:34 UTC (rev 256671)
+++ branches/safari-609-branch/Source/WebCore/platform/network/ParsedContentType.cpp	2020-02-15 03:01:37 UTC (rev 256672)
@@ -56,7 +56,7 @@
 
 using CharacterMeetsCondition = bool (*)(UChar);
 
-static Optional<StringView> parseToken(StringView input, unsigned& startIndex, CharacterMeetsCondition characterMeetsCondition, Mode mode, bool skipTrailingWhitespace = false)
+static StringView parseToken(StringView input, unsigned& startIndex, CharacterMeetsCondition characterMeetsCondition, Mode mode, bool skipTrailingWhitespace = false)
 {
     unsigned inputLength = input.length();
     unsigned tokenStart = startIndex;
@@ -63,7 +63,7 @@
     unsigned& tokenEnd = startIndex;
 
     if (tokenEnd >= inputLength)
-        return WTF::nullopt;
+        return StringView();
 
     while (tokenEnd < inputLength && characterMeetsCondition(input[tokenEnd])) {
         if (mode == Mode::Rfc2045 && !isTokenCharacter(input[tokenEnd]))
@@ -72,7 +72,7 @@
     }
 
     if (tokenEnd == tokenStart)
-        return WTF::nullopt;
+        return StringView();
     if (skipTrailingWhitespace) {
         while (input[tokenEnd - 1] == ' ')
             --tokenEnd;
@@ -125,7 +125,7 @@
     return false;
 }
 
-static Optional<StringView> parseQuotedString(StringView input, unsigned& startIndex)
+static StringView parseQuotedString(StringView input, unsigned& startIndex)
 {
     unsigned inputLength = input.length();
     unsigned quotedStringStart = startIndex + 1;
@@ -132,16 +132,16 @@
     unsigned& quotedStringEnd = startIndex;
 
     if (quotedStringEnd >= inputLength)
-        return WTF::nullopt;
+        return StringView();
 
     if (input[quotedStringEnd++] != '"' || quotedStringEnd >= inputLength)
-        return WTF::nullopt;
+        return StringView();
 
     bool lastCharacterWasBackslash = false;
     char currentCharacter;
     while ((currentCharacter = input[quotedStringEnd++]) != '"' || lastCharacterWasBackslash) {
         if (quotedStringEnd >= inputLength)
-            return WTF::nullopt;
+            return StringView();
         if (currentCharacter == '\\' && !lastCharacterWasBackslash) {
             lastCharacterWasBackslash = true;
             continue;
@@ -234,7 +234,7 @@
 
     unsigned contentTypeStart = index;
     auto typeRange = parseToken(m_contentType, index, isNotForwardSlash, mode);
-    if (!typeRange || containsNonTokenCharacters(*typeRange, mode)) {
+    if (typeRange.isNull() || containsNonTokenCharacters(typeRange, mode)) {
         LOG_ERROR("Invalid Content-Type, invalid type value.");
         return false;
     }
@@ -245,7 +245,7 @@
     }
 
     auto subTypeRange = parseToken(m_contentType, index, isNotSemicolon, mode, mode == Mode::MimeSniff);
-    if (!subTypeRange || containsNonTokenCharacters(*subTypeRange, mode)) {
+    if (subTypeRange.isNull() || containsNonTokenCharacters(subTypeRange, mode)) {
         LOG_ERROR("Invalid Content-Type, invalid subtype value.");
         return false;
     }
@@ -262,7 +262,7 @@
     while (true) {
         skipSpaces(m_contentType, index);
         auto keyRange = parseToken(m_contentType, index, isNotSemicolonOrEqualSign, mode);
-        if (mode == Mode::Rfc2045 && (!keyRange || index >= contentTypeLength)) {
+        if (mode == Mode::Rfc2045 && (keyRange.isNull() || index >= contentTypeLength)) {
             LOG_ERROR("Invalid Content-Type parameter name.");
             return false;
         }
@@ -283,11 +283,10 @@
             if (m_contentType[index++] == ';')
                 continue;
         }
-        String parameterName = keyRange->toString();
 
         // Should we tolerate spaces here?
         String parameterValue;
-        Optional<StringView> valueRange;
+        StringView valueRange;
         if (index < contentTypeLength && m_contentType[index] == '"') {
             if (mode == Mode::MimeSniff) {
                 parameterValue = collectHTTPQuotedString(m_contentType, index);
@@ -297,15 +296,14 @@
         } else
             valueRange = parseToken(m_contentType, index, isNotSemicolon, mode, mode == Mode::MimeSniff);
 
-
         if (parameterValue.isNull()) {
-            if (!valueRange) {
+            if (valueRange.isNull()) {
                 if (mode == Mode::MimeSniff)
                     continue;
                 LOG_ERROR("Invalid Content-Type, invalid parameter value.");
                 return false;
             }
-            parameterValue = valueRange->toString();
+            parameterValue = valueRange.toString();
         }
 
         // Should we tolerate spaces here?
@@ -314,7 +312,8 @@
             return false;
         }
 
-        setContentTypeParameter(parameterName, parameterValue, mode);
+        if (!keyRange.isNull())
+            setContentTypeParameter(keyRange.toString(), parameterValue, mode);
 
         if (index >= contentTypeLength)
             return true;

Modified: branches/safari-609-branch/Tools/ChangeLog (256671 => 256672)


--- branches/safari-609-branch/Tools/ChangeLog	2020-02-15 03:01:34 UTC (rev 256671)
+++ branches/safari-609-branch/Tools/ChangeLog	2020-02-15 03:01:37 UTC (rev 256672)
@@ -1,5 +1,48 @@
 2020-02-14  Russell Epstein  <repst...@apple.com>
 
+        Cherry-pick r256395. rdar://problem/59447024
+
+    Bug 207424: Crash in WebCore::ParsedContentType::parseContentType when parsing invalid MIME type
+    <https://webkit.org/b/207424>
+    <rdar://problem/59250384>
+    
+    Patch by Rob Buis <rb...@igalia.com> and David Kilzer <ddkil...@apple.com> on 2020-02-11
+    Reviewed by Rob Buis.
+    
+    Source/WebCore:
+    
+    Return StringView directly rather than wrapping
+    it in Optional, since StringView's can be null tested.
+    
+    Tests: TestWebKitAPI.ParsedContentType
+    
+    * platform/network/ParsedContentType.cpp:
+    (WebCore::parseToken):
+    (WebCore::parseQuotedString):
+    (WebCore::ParsedContentType::parseContentType): Don't set type
+    parameter if parameterName is null string.  Remove unneeded
+    `parameterName` variable; use keyRange.toString() instead.
+    
+    Tools:
+    
+    * TestWebKitAPI/Tests/WebCore/ParsedContentType.cpp:
+    (TestWebKitAPI::TEST): Add more tests.
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@256395 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2020-02-11  Rob Buis  <rb...@igalia.com>
+
+            Bug 207424: Crash in WebCore::ParsedContentType::parseContentType when parsing invalid MIME type
+            <https://webkit.org/b/207424>
+            <rdar://problem/59250384>
+
+            Reviewed by Rob Buis.
+
+            * TestWebKitAPI/Tests/WebCore/ParsedContentType.cpp:
+            (TestWebKitAPI::TEST): Add more tests.
+
+2020-02-14  Russell Epstein  <repst...@apple.com>
+
         Cherry-pick r256377. rdar://problem/59446971
 
     Regression: RTCRtpSender.getCapabilities("video") returns null on iOS 13.4 (17E5223h)

Modified: branches/safari-609-branch/Tools/TestWebKitAPI/Tests/WebCore/ParsedContentType.cpp (256671 => 256672)


--- branches/safari-609-branch/Tools/TestWebKitAPI/Tests/WebCore/ParsedContentType.cpp	2020-02-15 03:01:34 UTC (rev 256671)
+++ branches/safari-609-branch/Tools/TestWebKitAPI/Tests/WebCore/ParsedContentType.cpp	2020-02-15 03:01:37 UTC (rev 256672)
@@ -49,16 +49,28 @@
     EXPECT_FALSE(isValidContentType("/plain", Mode::MimeSniff));
 
     EXPECT_TRUE(isValidContentType("text/plain;", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;;", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;;;", Mode::MimeSniff));
 
     EXPECT_TRUE(isValidContentType("text/plain;test", Mode::MimeSniff));
     EXPECT_TRUE(isValidContentType("text/plain; test", Mode::MimeSniff));
     EXPECT_TRUE(isValidContentType("text/plain;test=", Mode::MimeSniff));
-    EXPECT_TRUE(isValidContentType("text/plain;test=;test=value", Mode::MimeSniff));
     EXPECT_TRUE(isValidContentType("text/plain;test=value", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;;test=value", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;;;test=value", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;test=value;", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;test=value;;", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;test=value;;;", Mode::MimeSniff));
     EXPECT_TRUE(isValidContentType("text/plain; test=value", Mode::MimeSniff));
     EXPECT_TRUE(isValidContentType("text/plain;test =value", Mode::MimeSniff));
     EXPECT_TRUE(isValidContentType("text/plain;test= value", Mode::MimeSniff));
     EXPECT_TRUE(isValidContentType("text/plain;test=value ", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;=;test=value", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;test=value;=", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;wrong=;test=value", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;=wrong;test=value", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;test=value;wrong=", Mode::MimeSniff));
+    EXPECT_TRUE(isValidContentType("text/plain;test=value;=wrong", Mode::MimeSniff));
 
     EXPECT_TRUE(isValidContentType("text/plain;test=\"value\"", Mode::MimeSniff));
     EXPECT_TRUE(isValidContentType("text/plain;test=\"value", Mode::MimeSniff));
@@ -82,16 +94,28 @@
     EXPECT_FALSE(isValidContentType("/plain", Mode::Rfc2045));
 
     EXPECT_FALSE(isValidContentType("text/plain;", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;;", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;;;", Mode::Rfc2045));
 
     EXPECT_FALSE(isValidContentType("text/plain;test", Mode::Rfc2045));
     EXPECT_FALSE(isValidContentType("text/plain; test", Mode::Rfc2045));
     EXPECT_FALSE(isValidContentType("text/plain;test=", Mode::Rfc2045));
-    EXPECT_FALSE(isValidContentType("text/plain;test=;test=value", Mode::Rfc2045));
     EXPECT_TRUE(isValidContentType("text/plain;test=value", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;;test=value", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;;;test=value", Mode::Rfc2045));
+    EXPECT_TRUE(isValidContentType("text/plain;test=value;", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;test=value;;", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;test=value;;;", Mode::Rfc2045));
     EXPECT_TRUE(isValidContentType("text/plain; test=value", Mode::Rfc2045));
     EXPECT_FALSE(isValidContentType("text/plain;test =value", Mode::Rfc2045));
     EXPECT_FALSE(isValidContentType("text/plain;test= value", Mode::Rfc2045));
     EXPECT_FALSE(isValidContentType("text/plain;test=value ", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;=;test=value", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;test=value;=", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;wrong=;test=value", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;=wrong;test=value", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;test=value;wrong=", Mode::Rfc2045));
+    EXPECT_FALSE(isValidContentType("text/plain;test=value;=wrong", Mode::Rfc2045));
 
     EXPECT_TRUE(isValidContentType("text/plain;test=\"value\"", Mode::Rfc2045));
     EXPECT_FALSE(isValidContentType("text/plain;test=\"value", Mode::Rfc2045));
@@ -144,7 +168,13 @@
 TEST(ParsedContentType, Serialize)
 {
     EXPECT_STREQ(serializeIfValid(""), "NOTVALID");
+    EXPECT_STREQ(serializeIfValid(" "), "NOTVALID");
+    EXPECT_STREQ(serializeIfValid("  "), "NOTVALID");
+    EXPECT_STREQ(serializeIfValid("\t"), "NOTVALID");
     EXPECT_STREQ(serializeIfValid(";"), "NOTVALID");
+    EXPECT_STREQ(serializeIfValid(";="), "NOTVALID");
+    EXPECT_STREQ(serializeIfValid("="), "NOTVALID");
+    EXPECT_STREQ(serializeIfValid("=;"), "NOTVALID");
     EXPECT_STREQ(serializeIfValid("text"), "NOTVALID");
     EXPECT_STREQ(serializeIfValid("text/"), "NOTVALID");
     EXPECT_STREQ(serializeIfValid("text/\0"), "NOTVALID");
@@ -200,6 +230,8 @@
     EXPECT_STREQ(serializeIfValid("text/\xD8\x88\x12\x34"), "NOTVALID");
 
     EXPECT_STREQ(serializeIfValid("text/plain;"), "text/plain");
+    EXPECT_STREQ(serializeIfValid("text/plain;;"), "text/plain");
+    EXPECT_STREQ(serializeIfValid("text/plain;;;"), "text/plain");
     EXPECT_STREQ(serializeIfValid("text/plain;test"), "text/plain");
     EXPECT_STREQ(serializeIfValid("text/plain; test"), "text/plain");
     EXPECT_STREQ(serializeIfValid("text/plain;\ttest"), "text/plain");
@@ -212,8 +244,18 @@
     EXPECT_STREQ(serializeIfValid("text/plain;test\r"), "text/plain");
     EXPECT_STREQ(serializeIfValid("text/plain;test\b"), "text/plain");
     EXPECT_STREQ(serializeIfValid("text/plain;test="), "text/plain");
-    EXPECT_STREQ(serializeIfValid("text/plain;test=;test=value"), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;=;test=value"), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;test=value;="), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;wrong=;test=value"), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;=wrong;test=value"), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;test=value;wrong="), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;test=value;=wrong"), "text/plain;test=value");
     EXPECT_STREQ(serializeIfValid("text/plain;test=value"), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;;test=value"), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;;;test=value"), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;test=value;"), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;test=value;;"), "text/plain;test=value");
+    EXPECT_STREQ(serializeIfValid("text/plain;test=value;;;"), "text/plain;test=value");
     EXPECT_STREQ(serializeIfValid("text/plain;TEST=value"), "text/plain;test=value");
     EXPECT_STREQ(serializeIfValid("text/plain;test=VALUE"), "text/plain;test=VALUE");
     EXPECT_STREQ(serializeIfValid("text/plain; test=value"), "text/plain;test=value");

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to