Title: [261698] trunk/Source/WebKit
- Revision
- 261698
- Author
- [email protected]
- Date
- 2020-05-14 11:02:13 -0700 (Thu, 14 May 2020)
Log Message
Crash in PDFPlugin::ensureDataBufferLength
<rdar://problem/62932155> and https://bugs.webkit.org/show_bug.cgi?id=211818
Reviewed by Tim Horton.
There's some currently unreproducible case(s) where a range request finishes
while there's no m_data to append it to.
It's fair hardening to handle that case.
* WebProcess/Plugins/PDF/PDFPlugin.mm:
(WebKit::PDFPlugin::getResourceBytesAtPositionMainThread): Handle null m_data.
(WebKit::PDFPlugin::ensureDataBufferLength): Ditto.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (261697 => 261698)
--- trunk/Source/WebKit/ChangeLog 2020-05-14 17:54:45 UTC (rev 261697)
+++ trunk/Source/WebKit/ChangeLog 2020-05-14 18:02:13 UTC (rev 261698)
@@ -1,3 +1,19 @@
+2020-05-14 Brady Eidson <[email protected]>
+
+ Crash in PDFPlugin::ensureDataBufferLength
+ <rdar://problem/62932155> and https://bugs.webkit.org/show_bug.cgi?id=211818
+
+ Reviewed by Tim Horton.
+
+ There's some currently unreproducible case(s) where a range request finishes
+ while there's no m_data to append it to.
+
+ It's fair hardening to handle that case.
+
+ * WebProcess/Plugins/PDF/PDFPlugin.mm:
+ (WebKit::PDFPlugin::getResourceBytesAtPositionMainThread): Handle null m_data.
+ (WebKit::PDFPlugin::ensureDataBufferLength): Ditto.
+
2020-05-14 Per Arne Vollan <[email protected]>
[iOS] Update message filtering rules in the WebContent process' sandbox
Modified: trunk/Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm (261697 => 261698)
--- trunk/Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm 2020-05-14 17:54:45 UTC (rev 261697)
+++ trunk/Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm 2020-05-14 18:02:13 UTC (rev 261698)
@@ -912,7 +912,7 @@
ASSERT(m_documentFinishedLoading);
ASSERT(position >= 0);
- auto cfLength = CFDataGetLength(m_data.get());
+ auto cfLength = m_data ? CFDataGetLength(m_data.get()) : 0;
ASSERT(cfLength >= 0);
if ((unsigned)position + count > (unsigned)cfLength) {
@@ -1623,7 +1623,10 @@
void PDFPlugin::ensureDataBufferLength(uint64_t targetLength)
{
- ASSERT(m_data);
+ if (!m_data) {
+ m_data = adoptCF(CFDataCreateMutable(0, targetLength));
+ return;
+ }
auto currentLength = CFDataGetLength(m_data.get());
ASSERT(currentLength >= 0);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes