Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: cc89df4bf0986b6bdb5466a35bfd37a47a60add6
https://github.com/WebKit/WebKit/commit/cc89df4bf0986b6bdb5466a35bfd37a47a60add6
Author: Chris Dumez <[email protected]>
Date: 2025-10-17 (Fri, 17 Oct 2025)
Changed paths:
A LayoutTests/fast/files/blob-range-request-expected.txt
A LayoutTests/fast/files/blob-range-request-sync-expected.txt
A LayoutTests/fast/files/blob-range-request-sync.html
A LayoutTests/fast/files/blob-range-request.html
R
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/xhr/blob-range.any-expected.txt
M Source/WebCore/platform/network/BlobResourceHandle.cpp
M Source/WebCore/platform/network/BlobResourceHandle.h
M Source/WebCore/platform/network/HTTPParsers.cpp
M Source/WebCore/platform/network/HTTPParsers.h
M Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp
M Source/WebKit/NetworkProcess/NetworkDataTaskBlob.h
Log Message:
-----------
Potential crash when dealing with out of bounds range requests for Blob URLs
https://bugs.webkit.org/show_bug.cgi?id=300867
rdar://161573171
Reviewed by Darin Adler.
The logic dealing with range requests for blob URLs did not validate
the bounds sufficiently to make sure they are valid for the given blob
size. As a result, we could hit a release assertion inside
`std::span::subspan()`.
After this PR, we properly validate the bounds of the range request. If
they cannot be satisfied, we ignore the range request and we return the
full content, as we are allowed to do. This seems to match Chrome's
behavior also.
Also fix a bug where range requests were not supported with Blob URLs in
WebKitLegacy when using synchronous XMLHttpRequest. This bug was found
during testing.
I also moved some of the code from BlobResourceHandle and NetworkDataTaskBlob
to a new BlobResourceHandleBase common base class, to promote more code
sharing. I will follow up to move even more code to this base class and
reduce duplication further.
Tests:
fast/files/blob-range-request.html
fast/files/blob-range-request-sync.html
* LayoutTests/fast/files/blob-range-request-expected.txt: Added.
* LayoutTests/fast/files/blob-range-request-sync-expected.txt: Added.
* LayoutTests/fast/files/blob-range-request-sync.html: Added.
* LayoutTests/fast/files/blob-range-request.html: Added.
*
LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/xhr/blob-range.any-expected.txt:
Removed.
* Source/WebCore/platform/network/BlobResourceHandle.cpp:
(WebCore::BlobResourceHandleBase::BlobResourceHandleBase):
(WebCore::BlobResourceHandleBase::adjustAndValidateRangeBounds):
(WebCore::BlobResourceHandle::BlobResourceHandle):
(WebCore::BlobResourceHandle::doStart):
(WebCore::BlobResourceHandle::didGetSize):
(WebCore::BlobResourceHandleBase::seek):
(WebCore::BlobResourceHandle::readSync):
(WebCore::BlobResourceHandle::readDataSync):
(WebCore::BlobResourceHandle::readFileSync):
(WebCore::BlobResourceHandle::readDataAsync):
(WebCore::BlobResourceHandle::readFileAsync):
(WebCore::BlobResourceHandle::notifyResponseOnSuccess):
(WebCore::BlobResourceHandle::seek):
* Source/WebCore/platform/network/BlobResourceHandle.h:
Fix the issue for WebKit1.
* Source/WebCore/platform/network/HTTPParsers.cpp:
(WebCore::parseRange):
(WebCore::isCrossOriginSafeRequestHeader):
* Source/WebCore/platform/network/HTTPParsers.h:
Modernize parseRange() to use std::optional instead of integers with
special values when they're missing.
* Source/WebKit/NetworkProcess/NetworkDataTaskBlob.cpp:
(WebKit::NetworkDataTaskBlob::resume):
(WebKit::NetworkDataTaskBlob::didGetSize):
(WebKit::NetworkDataTaskBlob::dispatchDidReceiveResponse):
(WebKit::NetworkDataTaskBlob::readData):
(WebKit::NetworkDataTaskBlob::readFile):
(WebKit::NetworkDataTaskBlob::seek):
* Source/WebKit/NetworkProcess/NetworkDataTaskBlob.h:
Fix the issue for WebKit2.
Canonical link: https://commits.webkit.org/301717@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
