- Revision
- 137573
- Author
- [email protected]
- Date
- 2012-12-13 00:42:49 -0800 (Thu, 13 Dec 2012)
Log Message
Crash in PlugInOriginHash with empty MIME type (104882)
https://bugs.webkit.org/show_bug.cgi?id=104882
<rdar://problem/12872298>
Reviewed by Filip Pizlo.
The crash occurs because the strings might be null. Add a check for it, but also try to infer a MIME type
in case the markup does not include a type attribute, but we can find it from the extension in the URL.
* platform/KURL.cpp: Add a new function mimeTypeFromURL() which tries to return the implied MIME type
based on the URL provided. If nothing was found, return a null string.
(WebCore::mimeTypeFromURL): Factored out from FrameLoader::defaultObjectContentType().
* platform/KURL.h:
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::defaultObjectContentType): Refactor to use mimeTypeFromURL().
* plugins/PlugInOriginHash.cpp:
(WebCore::addCaseFoldedCharacters): Add a check for an empty string.
(WebCore::PlugInOriginHash::hash): If the service type is empty, try to infer the MIME type.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (137572 => 137573)
--- trunk/Source/WebCore/ChangeLog 2012-12-13 08:29:24 UTC (rev 137572)
+++ trunk/Source/WebCore/ChangeLog 2012-12-13 08:42:49 UTC (rev 137573)
@@ -1,3 +1,25 @@
+2012-12-12 Jon Lee <[email protected]>
+
+ Crash in PlugInOriginHash with empty MIME type (104882)
+ https://bugs.webkit.org/show_bug.cgi?id=104882
+ <rdar://problem/12872298>
+
+ Reviewed by Filip Pizlo.
+
+ The crash occurs because the strings might be null. Add a check for it, but also try to infer a MIME type
+ in case the markup does not include a type attribute, but we can find it from the extension in the URL.
+
+ * platform/KURL.cpp: Add a new function mimeTypeFromURL() which tries to return the implied MIME type
+ based on the URL provided. If nothing was found, return a null string.
+ (WebCore::mimeTypeFromURL): Factored out from FrameLoader::defaultObjectContentType().
+ * platform/KURL.h:
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::defaultObjectContentType): Refactor to use mimeTypeFromURL().
+ * plugins/PlugInOriginHash.cpp:
+ (WebCore::addCaseFoldedCharacters): Add a check for an empty string.
+ (WebCore::PlugInOriginHash::hash): If the service type is empty, try to infer the MIME type.
+
2012-12-13 Christophe Dumez <[email protected]>
Regression(r137486): Broke EFL build
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (137572 => 137573)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2012-12-13 08:29:24 UTC (rev 137572)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2012-12-13 08:42:49 UTC (rev 137573)
@@ -884,16 +884,15 @@
ObjectContentType FrameLoader::defaultObjectContentType(const KURL& url, const String& mimeTypeIn, bool shouldPreferPlugInsForImages)
{
String mimeType = mimeTypeIn;
- String decodedPath = decodeURLEscapeSequences(url.path());
- String extension = decodedPath.substring(decodedPath.reverseFind('.') + 1);
- // We don't use MIMETypeRegistry::getMIMETypeForPath() because it returns "application/octet-stream" upon failure
if (mimeType.isEmpty())
- mimeType = MIMETypeRegistry::getMIMETypeForExtension(extension);
+ mimeType = mimeTypeFromURL(url);
#if !PLATFORM(MAC) && !PLATFORM(CHROMIUM) && !PLATFORM(EFL) // Mac has no PluginDatabase, nor does Chromium or EFL
- if (mimeType.isEmpty())
- mimeType = PluginDatabase::installedPlugins()->MIMETypeForExtension(extension);
+ if (mimeType.isEmpty()) {
+ String decodedPath = decodeURLEscapeSequences(url.path());
+ mimeType = PluginDatabase::installedPlugins()->MIMETypeForExtension(decodedPath.substring(decodedPath.reverseFind('.') + 1));
+ }
#endif
if (mimeType.isEmpty())
Modified: trunk/Source/WebCore/platform/KURL.cpp (137572 => 137573)
--- trunk/Source/WebCore/platform/KURL.cpp 2012-12-13 08:29:24 UTC (rev 137572)
+++ trunk/Source/WebCore/platform/KURL.cpp 2012-12-13 08:42:49 UTC (rev 137573)
@@ -28,6 +28,7 @@
#include "KURL.h"
#include "DecodeEscapeSequences.h"
+#include "MIMETypeRegistry.h"
#include "PlatformMemoryInstrumentation.h"
#include "TextEncoding.h"
#include <stdio.h>
@@ -1918,6 +1919,15 @@
return "";
}
+String mimeTypeFromURL(const KURL& url)
+{
+ String decodedPath = decodeURLEscapeSequences(url.path());
+ String extension = decodedPath.substring(decodedPath.reverseFind('.') + 1);
+
+ // We don't use MIMETypeRegistry::getMIMETypeForPath() because it returns "application/octet-stream" upon failure
+ return MIMETypeRegistry::getMIMETypeForExtension(extension);
+}
+
void KURL::reportMemoryUsage(MemoryObjectInfo* memoryObjectInfo) const
{
MemoryClassInfo info(memoryObjectInfo, this);
Modified: trunk/Source/WebCore/platform/KURL.h (137572 => 137573)
--- trunk/Source/WebCore/platform/KURL.h 2012-12-13 08:29:24 UTC (rev 137572)
+++ trunk/Source/WebCore/platform/KURL.h 2012-12-13 08:42:49 UTC (rev 137573)
@@ -290,6 +290,7 @@
bool isValidProtocol(const String&);
String mimeTypeFromDataURL(const String& url);
+String mimeTypeFromURL(const KURL&);
// Unescapes the given string using URL escaping rules, given an optional
// encoding (defaulting to UTF-8 otherwise). DANGER: If the URL has "%00"
Modified: trunk/Source/WebCore/plugins/PlugInOriginHash.cpp (137572 => 137573)
--- trunk/Source/WebCore/plugins/PlugInOriginHash.cpp 2012-12-13 08:29:24 UTC (rev 137572)
+++ trunk/Source/WebCore/plugins/PlugInOriginHash.cpp 2012-12-13 08:42:49 UTC (rev 137573)
@@ -31,6 +31,7 @@
#include "HTMLPlugInImageElement.h"
#include "KURL.h"
#include "Logging.h"
+#include "MIMETypeRegistry.h"
#include "Page.h"
#include <wtf/text/StringHash.h>
@@ -38,6 +39,8 @@
static inline void addCaseFoldedCharacters(StringHasher& hasher, const String& string)
{
+ if (string.isEmpty())
+ return;
if (string.is8Bit())
return hasher.addCharacters<LChar, CaseFoldingHash::foldCase<LChar> >(string.characters8(), string.length());
return hasher.addCharacters<UChar, CaseFoldingHash::foldCase<UChar> >(string.characters16(), string.length());
@@ -47,6 +50,10 @@
{
ASSERT(plugInElement->document()->page());
+ String mimeType = plugInElement->serviceType();
+ if (mimeType.isEmpty())
+ mimeType = mimeTypeFromURL(plugInURL);
+
// We want to avoid concatenating the strings and then taking the hash, since that could lead to an expensive conversion.
// We also want to avoid using the hash() function in StringImpl or CaseFoldingHash because that masks out bits for the use of flags.
StringHasher hasher;
@@ -54,8 +61,8 @@
hasher.addCharacter(0);
addCaseFoldedCharacters(hasher, plugInURL.host());
hasher.addCharacter(0);
- addCaseFoldedCharacters(hasher, plugInElement->serviceType());
- LOG(Plugins, "Hash: %s %s %s", plugInElement->document()->page()->mainFrame()->document()->baseURL().host().utf8().data(), plugInURL.host().utf8().data(), plugInElement->serviceType().utf8().data());
+ addCaseFoldedCharacters(hasher, mimeType);
+ LOG(Plugins, "Hash: %s %s %s", plugInElement->document()->page()->mainFrame()->document()->baseURL().host().utf8().data(), plugInURL.host().utf8().data(), mimeType.utf8().data());
return hasher.hash();
}
