Skip to site navigation (Press enter)

[webkit-changes] [158868] trunk

rniwa Thu, 07 Nov 2013 13:38:34 -0800

Title: [158868] trunk

Revision: 158868
Author: [email protected]
Date: 2013-11-07 13:39:49 -0800 (Thu, 07 Nov 2013)

Log Message

Crash when submitting form in a document with null encoding
https://bugs.webkit.org/show_bug.cgi?id=123975


Reviewed by Alexey Proskuryakov.

Source/WebCore:

Merge https://chromium.googlesource.com/chromium/blink/+/bba01a7fff09e3053ada96ababac2a6e4261fe5f

The CString object which is passed to normalizeLineEndingsToCRLF() can be
a null string. It is created in FormDataList::appendString(), and it
produces a null CString if FormDataList::m_encoding is a null encoding.

Test: fast/forms/form-submit-in-image-document.html

* platform/text/LineEnding.cpp:
(internalNormalizeLineEndingsToCRLF):

LayoutTests:

* fast/forms/form-submit-in-image-document-expected.txt: Added.
* fast/forms/form-submit-in-image-document.html: Added.

Modified Paths

trunk/LayoutTests/ChangeLog
trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/text/LineEnding.cpp

Added Paths

trunk/LayoutTests/fast/forms/form-submit-in-image-document-expected.txt
trunk/LayoutTests/fast/forms/form-submit-in-image-document.html

Diff

Modified: trunk/LayoutTests/ChangeLog (158867 => 158868)


--- trunk/LayoutTests/ChangeLog	2013-11-07 21:37:36 UTC (rev 158867)
+++ trunk/LayoutTests/ChangeLog	2013-11-07 21:39:49 UTC (rev 158868)
@@ -1,3 +1,13 @@
+2013-11-07  Ryosuke Niwa  <[email protected]>
+
+        Crash when submitting form in a document with null encoding
+        https://bugs.webkit.org/show_bug.cgi?id=123975
+
+        Reviewed by Alexey Proskuryakov.
+
+        * fast/forms/form-submit-in-image-document-expected.txt: Added.
+        * fast/forms/form-submit-in-image-document.html: Added.
+
 2013-11-07  Brendan Long  <[email protected]>
 
         [GStreamer] Fix in-band track tests after r158743

Added: trunk/LayoutTests/fast/forms/form-submit-in-image-document-expected.txt (0 => 158868)


--- trunk/LayoutTests/fast/forms/form-submit-in-image-document-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/form-submit-in-image-document-expected.txt	2013-11-07 21:39:49 UTC (rev 158868)
@@ -0,0 +1,10 @@
+Test if Blink does not crash by form submission in a document with null encoding.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS if not crashed
+PASS successfullyParsed is true
+
+TEST COMPLETE
+

Added: trunk/LayoutTests/fast/forms/form-submit-in-image-document.html (0 => 158868)


--- trunk/LayoutTests/fast/forms/form-submit-in-image-document.html	                        (rev 0)
+++ trunk/LayoutTests/fast/forms/form-submit-in-image-document.html	2013-11-07 21:39:49 UTC (rev 158868)
@@ -0,0 +1,24 @@
+<!DOCTYPE html>
+<body>
+<script src=""
+<iframe src=""
+<script>
+description('Test if Blink does not crash by form submission in a document with null encoding.');
+jsTestIsAsync = true;
+
+function finish() {
+    testPassed('if not crashed');
+    finishJSTest();
+}
+
+window._onload_ = function() {
+    var doc = document.querySelector('iframe').contentDocument;
+    var form = doc.createElement('form');
+    form.action = '';
+    form.innerHTML = '<input type="hidden" name="hidden">';
+    doc.body.appendChild(form);
+    form.submit();
+};
+</script>
+<script src=""
+</body>

Modified: trunk/Source/WebCore/ChangeLog (158867 => 158868)


--- trunk/Source/WebCore/ChangeLog	2013-11-07 21:37:36 UTC (rev 158867)
+++ trunk/Source/WebCore/ChangeLog	2013-11-07 21:39:49 UTC (rev 158868)
@@ -1,3 +1,21 @@
+2013-11-07  Ryosuke Niwa  <[email protected]>
+
+        Crash when submitting form in a document with null encoding
+        https://bugs.webkit.org/show_bug.cgi?id=123975
+
+        Reviewed by Alexey Proskuryakov.
+
+        Merge https://chromium.googlesource.com/chromium/blink/+/bba01a7fff09e3053ada96ababac2a6e4261fe5f
+        
+        The CString object which is passed to normalizeLineEndingsToCRLF() can be
+        a null string. It is created in FormDataList::appendString(), and it
+        produces a null CString if FormDataList::m_encoding is a null encoding.
+
+        Test: fast/forms/form-submit-in-image-document.html
+
+        * platform/text/LineEnding.cpp:
+        (internalNormalizeLineEndingsToCRLF):
+
 2013-11-07  Anders Carlsson  <[email protected]>
 
         Use std::function for all policy continuation functions

Modified: trunk/Source/WebCore/platform/text/LineEnding.cpp (158867 => 158868)


--- trunk/Source/WebCore/platform/text/LineEnding.cpp	2013-11-07 21:37:36 UTC (rev 158867)
+++ trunk/Source/WebCore/platform/text/LineEnding.cpp	2013-11-07 21:39:49 UTC (rev 158868)
@@ -96,6 +96,8 @@
 
 void internalNormalizeLineEndingsToCRLF(const CString& from, OutputBuffer& buffer)
 {
+    if (!from.length())
+        return;
     // Compute the new length.
     size_t newLen = 0;
     const char* p = from.data();

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes