Branch: refs/heads/webkitglib/2.50
Home: https://github.com/WebKit/WebKit
Commit: 540c72ae0b390d4cc400181bd9193f7eb2ae841f
https://github.com/WebKit/WebKit/commit/540c72ae0b390d4cc400181bd9193f7eb2ae841f
Author: Chris Dumez <[email protected]>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
A LayoutTests/fast/files/blob-range-request-expected.txt
A LayoutTests/fast/files/blob-range-request-sync-expected.txt
A LayoutTests/fast/files/blob-range-request-sync.html
A LayoutTests/fast/files/blob-range-request.html
R
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/xhr/blob-range.any-expected.txt
M Source/WebCore/platform/network/BlobResourceHandle.cpp
M Source/WebCore/platform/network/BlobResourceHandle.h
M Source/WebCore/platform/network/HTTPParsers.cpp
M Source/WebCore/platform/network/HTTPParsers.h
M Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp
M Source/WebKit/NetworkProcess/NetworkDataTaskBlob.h
Log Message:
-----------
Cherry-pick 301717@main (cc89df4bf098).
https://bugs.webkit.org/show_bug.cgi?id=300867
Potential crash when dealing with out of bounds range requests for Blob URLs
https://bugs.webkit.org/show_bug.cgi?id=300867
rdar://161573171
Reviewed by Darin Adler.
The logic dealing with range requests for blob URLs did not validate
the bounds sufficiently to make sure they are valid for the given blob
size. As a result, we could hit a release assertion inside
`std::span::subspan()`.
After this PR, we properly validate the bounds of the range request. If
they cannot be satisfied, we ignore the range request and we return the
full content, as we are allowed to do. This seems to match Chrome's
behavior also.
Also fix a bug where range requests were not supported with Blob URLs in
WebKitLegacy when using synchronous XMLHttpRequest. This bug was found
during testing.
I also moved some of the code from BlobResourceHandle and
NetworkDataTaskBlob
to a new BlobResourceHandleBase common base class, to promote more code
sharing. I will follow up to move even more code to this base class and
reduce duplication further.
Tests:
fast/files/blob-range-request.html
fast/files/blob-range-request-sync.html
* LayoutTests/fast/files/blob-range-request-expected.txt: Added.
* LayoutTests/fast/files/blob-range-request-sync-expected.txt: Added.
* LayoutTests/fast/files/blob-range-request-sync.html: Added.
* LayoutTests/fast/files/blob-range-request.html: Added.
*
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/xhr/blob-range.any-expected.txt:
Removed.
* Source/WebCore/platform/network/BlobResourceHandle.cpp:
(WebCore::BlobResourceHandleBase::BlobResourceHandleBase):
(WebCore::BlobResourceHandleBase::adjustAndValidateRangeBounds):
(WebCore::BlobResourceHandle::BlobResourceHandle):
(WebCore::BlobResourceHandle::doStart):
(WebCore::BlobResourceHandle::didGetSize):
(WebCore::BlobResourceHandleBase::seek):
(WebCore::BlobResourceHandle::readSync):
(WebCore::BlobResourceHandle::readDataSync):
(WebCore::BlobResourceHandle::readFileSync):
(WebCore::BlobResourceHandle::readDataAsync):
(WebCore::BlobResourceHandle::readFileAsync):
(WebCore::BlobResourceHandle::notifyResponseOnSuccess):
(WebCore::BlobResourceHandle::seek):
* Source/WebCore/platform/network/BlobResourceHandle.h:
Fix the issue for WebKit1.
* Source/WebCore/platform/network/HTTPParsers.cpp:
(WebCore::parseRange):
(WebCore::isCrossOriginSafeRequestHeader):
* Source/WebCore/platform/network/HTTPParsers.h:
Modernize parseRange() to use std::optional instead of integers with
special values when they're missing.
* Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp:
(WebKit::NetworkDataTaskBlob::resume):
(WebKit::NetworkDataTaskBlob::didGetSize):
(WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse):
(WebKit::NetworkDataTaskBlob::readData):
(WebKit::NetworkDataTaskBlob::readFile):
(WebKit::NetworkDataTaskBlob::seek):
* Source/WebKit/NetworkProcess/NetworkDataTaskBlob.h:
Fix the issue for WebKit2.
Canonical link: https://commits.webkit.org/301717@main
Canonical link: https://commits.webkit.org/298234.201@webkitglib/2.50
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
