- Revision
- 149774
- Author
- [email protected]
- Date
- 2013-05-08 15:41:32 -0700 (Wed, 08 May 2013)
Log Message
[WebKit2] REGRESSION (Custom Protocols): Reproducible crash when navigating to URL with an invalid scheme
https://bugs.webkit.org/show_bug.cgi?id=115790
Reviewed by Alexey Proskuryakov.
Source/WebKit2:
NSMutableSet does not support adding or removing nil objects, and
WTF::HashSet does not support adding, removing, or checking for null
WTF::Strings.
For the NSMutableSet case, make sure that we don't try to add or remove
nil NSStrings.
For the WTF::HashSet case, NSURL will return a nil NSString if we ask
it for its scheme when it is invalid, which we will convert to a null
WTF::String. Don't try to check if our HashSet of registered schemes
contains a null String.
* Shared/Network/CustomProtocols/mac/CustomProtocolManagerMac.mm:
(WebKit::CustomProtocolManager::registerScheme): Assert that the scheme
isn't null. We reject null schemes at the WKBrowsingContextController level.
(WebKit::CustomProtocolManager::unregisterScheme): Ditto.
(WebKit::CustomProtocolManager::supportsScheme): If scheme is null, return false.
* UIProcess/API/mac/WKBrowsingContextController.mm:
(+[WKBrowsingContextController registerSchemeForCustomProtocol:]): Do not register a nil scheme.
(+[WKBrowsingContextController unregisterSchemeForCustomProtocol:]): Ditto.
Tools:
Added two API tests:
1) Verify that +[WKBrowsingContextController (un)registerSchemeForCustomProtocol:] can be called with a nil NSString without crashing.
2) Verify that +[WKCustomProtocol canInitWithRequest:] does not crash when passed an NSURLRequest with an invalid scheme.
* TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
* TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme.mm: Added.
(TestWebKitAPI):
(TestWebKitAPI::TEST):
* TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme_Bundle.cpp: Added.
(TestWebKitAPI):
(TestWebKitAPI::decidePolicyForNavigationAction):
(CustomProtocolInvalidSchemeTest):
(TestWebKitAPI::CustomProtocolInvalidSchemeTest::CustomProtocolInvalidSchemeTest):
Modified Paths
Added Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (149773 => 149774)
--- trunk/Source/WebKit2/ChangeLog 2013-05-08 22:40:40 UTC (rev 149773)
+++ trunk/Source/WebKit2/ChangeLog 2013-05-08 22:41:32 UTC (rev 149774)
@@ -1,3 +1,31 @@
+2013-05-08 Andy Estes <[email protected]>
+
+ [WebKit2] REGRESSION (Custom Protocols): Reproducible crash when navigating to URL with an invalid scheme
+ https://bugs.webkit.org/show_bug.cgi?id=115790
+
+ Reviewed by Alexey Proskuryakov.
+
+ NSMutableSet does not support adding or removing nil objects, and
+ WTF::HashSet does not support adding, removing, or checking for null
+ WTF::Strings.
+
+ For the NSMutableSet case, make sure that we don't try to add or remove
+ nil NSStrings.
+
+ For the WTF::HashSet case, NSURL will return a nil NSString if we ask
+ it for its scheme when it is invalid, which we will convert to a null
+ WTF::String. Don't try to check if our HashSet of registered schemes
+ contains a null String.
+
+ * Shared/Network/CustomProtocols/mac/CustomProtocolManagerMac.mm:
+ (WebKit::CustomProtocolManager::registerScheme): Assert that the scheme
+ isn't null. We reject null schemes at the WKBrowsingContextController level.
+ (WebKit::CustomProtocolManager::unregisterScheme): Ditto.
+ (WebKit::CustomProtocolManager::supportsScheme): If scheme is null, return false.
+ * UIProcess/API/mac/WKBrowsingContextController.mm:
+ (+[WKBrowsingContextController registerSchemeForCustomProtocol:]): Do not register a nil scheme.
+ (+[WKBrowsingContextController unregisterSchemeForCustomProtocol:]): Ditto.
+
2013-05-08 Anders Carlsson <[email protected]>
Apply remote changes to storage maps locally
Modified: trunk/Source/WebKit2/Shared/Network/CustomProtocols/mac/CustomProtocolManagerMac.mm (149773 => 149774)
--- trunk/Source/WebKit2/Shared/Network/CustomProtocols/mac/CustomProtocolManagerMac.mm 2013-05-08 22:40:40 UTC (rev 149773)
+++ trunk/Source/WebKit2/Shared/Network/CustomProtocols/mac/CustomProtocolManagerMac.mm 2013-05-08 22:41:32 UTC (rev 149774)
@@ -180,18 +180,23 @@
void CustomProtocolManager::registerScheme(const String& scheme)
{
+ ASSERT(!scheme.isNull());
MutexLocker locker(m_registeredSchemesMutex);
m_registeredSchemes.add(scheme);
}
void CustomProtocolManager::unregisterScheme(const String& scheme)
{
+ ASSERT(!scheme.isNull());
MutexLocker locker(m_registeredSchemesMutex);
m_registeredSchemes.remove(scheme);
}
bool CustomProtocolManager::supportsScheme(const String& scheme)
{
+ if (scheme.isNull())
+ return false;
+
MutexLocker locker(m_registeredSchemesMutex);
return m_registeredSchemes.contains(scheme);
}
Modified: trunk/Source/WebKit2/UIProcess/API/mac/WKBrowsingContextController.mm (149773 => 149774)
--- trunk/Source/WebKit2/UIProcess/API/mac/WKBrowsingContextController.mm 2013-05-08 22:40:40 UTC (rev 149773)
+++ trunk/Source/WebKit2/UIProcess/API/mac/WKBrowsingContextController.mm 2013-05-08 22:41:32 UTC (rev 149774)
@@ -99,6 +99,9 @@
+ (void)registerSchemeForCustomProtocol:(NSString *)scheme
{
+ if (!scheme)
+ return;
+
NSString *lowercaseScheme = [scheme lowercaseString];
[[WKBrowsingContextController customSchemes] addObject:lowercaseScheme];
[[NSNotificationCenter defaultCenter] postNotificationName:WebKit::SchemeForCustomProtocolRegisteredNotificationName object:lowercaseScheme];
@@ -106,6 +109,9 @@
+ (void)unregisterSchemeForCustomProtocol:(NSString *)scheme
{
+ if (!scheme)
+ return;
+
NSString *lowercaseScheme = [scheme lowercaseString];
[[WKBrowsingContextController customSchemes] removeObject:lowercaseScheme];
[[NSNotificationCenter defaultCenter] postNotificationName:WebKit::SchemeForCustomProtocolUnregisteredNotificationName object:lowercaseScheme];
Modified: trunk/Tools/ChangeLog (149773 => 149774)
--- trunk/Tools/ChangeLog 2013-05-08 22:40:40 UTC (rev 149773)
+++ trunk/Tools/ChangeLog 2013-05-08 22:41:32 UTC (rev 149774)
@@ -1,3 +1,25 @@
+2013-05-08 Andy Estes <[email protected]>
+
+ [WebKit2] REGRESSION (Custom Protocols): Reproducible crash when navigating to URL with an invalid scheme
+ https://bugs.webkit.org/show_bug.cgi?id=115790
+
+ Reviewed by Alexey Proskuryakov.
+
+ Added two API tests:
+
+ 1) Verify that +[WKBrowsingContextController (un)registerSchemeForCustomProtocol:] can be called with a nil NSString without crashing.
+ 2) Verify that +[WKCustomProtocol canInitWithRequest:] does not crash when passed an NSURLRequest with an invalid scheme.
+
+ * TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj:
+ * TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme.mm: Added.
+ (TestWebKitAPI):
+ (TestWebKitAPI::TEST):
+ * TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme_Bundle.cpp: Added.
+ (TestWebKitAPI):
+ (TestWebKitAPI::decidePolicyForNavigationAction):
+ (CustomProtocolInvalidSchemeTest):
+ (TestWebKitAPI::CustomProtocolInvalidSchemeTest::CustomProtocolInvalidSchemeTest):
+
2013-05-08 Lucas Forschler <[email protected]>
Teach buildbot how to compile 32-bit on Mac.
Modified: trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj (149773 => 149774)
--- trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2013-05-08 22:40:40 UTC (rev 149773)
+++ trunk/Tools/TestWebKitAPI/TestWebKitAPI.xcodeproj/project.pbxproj 2013-05-08 22:41:32 UTC (rev 149774)
@@ -41,6 +41,8 @@
290F4278172A232C00939FF0 /* CustomProtocolsSyncXHRTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 290F4276172A232C00939FF0 /* CustomProtocolsSyncXHRTest.mm */; };
290F427B172A23A500939FF0 /* TestProtocol.mm in Sources */ = {isa = PBXBuildFile; fileRef = 290F4279172A23A500939FF0 /* TestProtocol.mm */; };
2943BE86161DFEB800999E3D /* UserContentTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2943BE84161DFEB800999E3D /* UserContentTest.mm */; };
+ 297234B4173AD04800983601 /* CustomProtocolsInvalidScheme.mm in Sources */ = {isa = PBXBuildFile; fileRef = 297234B2173AD04800983601 /* CustomProtocolsInvalidScheme.mm */; };
+ 297234B7173AFAC700983601 /* CustomProtocolsInvalidScheme_Bundle.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 297234B5173AFAC700983601 /* CustomProtocolsInvalidScheme_Bundle.cpp */; };
29AB8AA1164C735800D49BEC /* CustomProtocolsTest.mm in Sources */ = {isa = PBXBuildFile; fileRef = 29AB8A9F164C735800D49BEC /* CustomProtocolsTest.mm */; };
29AB8AA4164C7A9300D49BEC /* TestBrowsingContextLoadDelegate.mm in Sources */ = {isa = PBXBuildFile; fileRef = 29AB8AA2164C7A9300D49BEC /* TestBrowsingContextLoadDelegate.mm */; };
2E7765CD16C4D80A00BA2BB1 /* mainIOS.mm in Sources */ = {isa = PBXBuildFile; fileRef = 2E7765CC16C4D80A00BA2BB1 /* mainIOS.mm */; };
@@ -317,6 +319,8 @@
290F4279172A23A500939FF0 /* TestProtocol.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = TestProtocol.mm; sourceTree = "<group>"; };
290F427A172A23A500939FF0 /* TestProtocol.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TestProtocol.h; sourceTree = "<group>"; };
2943BE84161DFEB800999E3D /* UserContentTest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = UserContentTest.mm; path = WebKit2ObjC/UserContentTest.mm; sourceTree = "<group>"; };
+ 297234B2173AD04800983601 /* CustomProtocolsInvalidScheme.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = CustomProtocolsInvalidScheme.mm; path = WebKit2ObjC/CustomProtocolsInvalidScheme.mm; sourceTree = "<group>"; };
+ 297234B5173AFAC700983601 /* CustomProtocolsInvalidScheme_Bundle.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = CustomProtocolsInvalidScheme_Bundle.cpp; path = WebKit2ObjC/CustomProtocolsInvalidScheme_Bundle.cpp; sourceTree = "<group>"; };
29AB8A9F164C735800D49BEC /* CustomProtocolsTest.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; name = CustomProtocolsTest.mm; path = WebKit2ObjC/CustomProtocolsTest.mm; sourceTree = "<group>"; };
29AB8AA2164C7A9300D49BEC /* TestBrowsingContextLoadDelegate.mm */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.objcpp; path = TestBrowsingContextLoadDelegate.mm; sourceTree = "<group>"; };
29AB8AA3164C7A9300D49BEC /* TestBrowsingContextLoadDelegate.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = TestBrowsingContextLoadDelegate.h; sourceTree = "<group>"; };
@@ -612,6 +616,8 @@
BC3C4C6F14575B1D0025FB62 /* WebKit2 Objective-C */ = {
isa = PBXGroup;
children = (
+ 297234B2173AD04800983601 /* CustomProtocolsInvalidScheme.mm */,
+ 297234B5173AFAC700983601 /* CustomProtocolsInvalidScheme_Bundle.cpp */,
29AB8A9F164C735800D49BEC /* CustomProtocolsTest.mm */,
290F4276172A232C00939FF0 /* CustomProtocolsSyncXHRTest.mm */,
2943BE84161DFEB800999E3D /* UserContentTest.mm */,
@@ -1014,6 +1020,7 @@
buildActionMask = 2147483647;
files = (
BC246D8E132F115A00B56D7C /* AboutBlankLoad.cpp in Sources */,
+ 297234B4173AD04800983601 /* CustomProtocolsInvalidScheme.mm in Sources */,
379028B614FABD92007E6B43 /* AcceptsFirstMouse.mm in Sources */,
26F1B44415CA434F00D1E4BF /* AtomicString.cpp in Sources */,
B55F11A01516834F00915916 /* AttributedString.mm in Sources */,
@@ -1163,6 +1170,7 @@
BC575AA2126E7660006F0F12 /* InjectedBundleController.cpp in Sources */,
1AEDE22613E5E7E700E62FE8 /* InjectedBundleControllerMac.mm in Sources */,
378E64771632655E00B6C676 /* InjectedBundleFrameHitTest_Bundle.cpp in Sources */,
+ 297234B7173AFAC700983601 /* CustomProtocolsInvalidScheme_Bundle.cpp in Sources */,
F660AA1515A61ABF003A1243 /* InjectedBundleInitializationUserDataCallbackWins_Bundle.cpp in Sources */,
BC575A97126E74F1006F0F12 /* InjectedBundleMain.cpp in Sources */,
33DC89141419579F00747EF7 /* LoadCanceledNoServerRedirectCallback_Bundle.cpp in Sources */,
Added: trunk/Tools/TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme.mm (0 => 149774)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme.mm (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme.mm 2013-05-08 22:41:32 UTC (rev 149774)
@@ -0,0 +1,58 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#import "config.h"
+
+#import "PlatformUtilities.h"
+#import "PlatformWebView.h"
+#import "TestBrowsingContextLoadDelegate.h"
+#import <WebKit2/WebKit2.h>
+#import <wtf/RetainPtr.h>
+
+static bool testFinished = false;
+
+namespace TestWebKitAPI {
+
+TEST(WebKit2CustomProtocolsTest, RegisterNilScheme)
+{
+ [WKBrowsingContextController registerSchemeForCustomProtocol:nil];
+ [WKBrowsingContextController unregisterSchemeForCustomProtocol:nil];
+}
+
+TEST(WebKit2CustomProtocolsTest, LoadInvalidScheme)
+{
+ [WKBrowsingContextController registerSchemeForCustomProtocol:@"custom"];
+ WKRetainPtr<WKContextRef> context = adoptWK(Util::createContextForInjectedBundleTest("CustomProtocolInvalidSchemeTest"));
+ PlatformWebView webView(context.get());
+
+ webView.platformView().browsingContextController.loadDelegate = [[TestBrowsingContextLoadDelegate alloc] initWithBlockToRunOnLoad:^(WKBrowsingContextController *sender) {
+ testFinished = true;
+ }];
+ [webView.platformView().browsingContextController loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"ht'tp://www.webkit.org"]]];
+
+ Util::run(&testFinished);
+}
+
+} // namespace TestWebKitAPI
Added: trunk/Tools/TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme_Bundle.cpp (0 => 149774)
--- trunk/Tools/TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme_Bundle.cpp (rev 0)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2ObjC/CustomProtocolsInvalidScheme_Bundle.cpp 2013-05-08 22:41:32 UTC (rev 149774)
@@ -0,0 +1,59 @@
+/*
+ * Copyright (C) 2013 Apple Inc. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "config.h"
+
+#include "InjectedBundleTest.h"
+#include <WebKit2/WKBundlePage.h>
+
+namespace TestWebKitAPI {
+
+static WKBundlePagePolicyAction decidePolicyForNavigationAction(WKBundlePageRef, WKBundleFrameRef, WKBundleNavigationActionRef, WKURLRequestRef request, WKTypeRef*, const void*)
+{
+ if (WKBundlePageCanHandleRequest(request))
+ return WKBundlePagePolicyActionUse;
+ return WKBundlePagePolicyActionPassThrough;
+}
+
+class CustomProtocolInvalidSchemeTest : public InjectedBundleTest {
+public:
+ CustomProtocolInvalidSchemeTest(const std::string& identifier)
+ : InjectedBundleTest(identifier)
+ {
+ }
+
+private:
+ virtual void didCreatePage(WKBundleRef, WKBundlePageRef bundlePage) OVERRIDE
+ {
+ WKBundlePagePolicyClient policyClient;
+ memset(&policyClient, 0, sizeof(policyClient));
+ policyClient.decidePolicyForNavigationAction = decidePolicyForNavigationAction;
+ WKBundlePageSetPolicyClient(bundlePage, &policyClient);
+ }
+};
+
+static InjectedBundleTest::Register<CustomProtocolInvalidSchemeTest> registrar("CustomProtocolInvalidSchemeTest");
+
+} // namespace TestWebKitAPI
