Diff
Modified: trunk/Source/WebKit/win/ChangeLog (169908 => 169909)
--- trunk/Source/WebKit/win/ChangeLog 2014-06-12 20:23:25 UTC (rev 169908)
+++ trunk/Source/WebKit/win/ChangeLog 2014-06-12 20:34:28 UTC (rev 169909)
@@ -1,3 +1,33 @@
+2014-06-12 Brent Fulgham <[email protected]>
+
+ [Win] Avoid crashes in code that converted CFDictionaries to HashMap
+ https://bugs.webkit.org/show_bug.cgi?id=133813
+ <rdar://problem/17291647>
+
+ Reviewed by Tim Horton.
+
+ * WebHistory.cpp: Add empty string checks to avoid crashes in
+ hash function.
+ (WebHistory::removeItem):
+ (WebHistory::addItem):
+ (WebHistory::visitedURL):
+ (WebHistory::itemForURL):
+ (WebHistory::removeItemForURLString):
+ (WebHistory::itemForURLString):
+ * WebPreferences.cpp: Ditto.
+ (WebPreferences::getInstanceForIdentifier):
+ (WebPreferences::setInstance):
+ (WebPreferences::removeReferenceForIdentifier):
+ * WebView.cpp: Ditto. Also convert OwnPtr uses in this file
+ to std::unique_ptr.
+ (WebView::close):
+ (WebView::handleMouseEvent):
+ (WebView::registerEmbeddedViewMIMEType):
+ (WebView::shouldUseEmbeddedView):
+ (WebView::enterFullscreenForNode):
+ (WebView::fullScreenController):
+ * WebView.h:
+
2014-05-07 Hyowon Kim <[email protected]>
GraphicsLayer::client() should return a reference.
Modified: trunk/Source/WebKit/win/WebHistory.cpp (169908 => 169909)
--- trunk/Source/WebKit/win/WebHistory.cpp 2014-06-12 20:23:25 UTC (rev 169908)
+++ trunk/Source/WebKit/win/WebHistory.cpp 2014-06-12 20:34:28 UTC (rev 169909)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2007 Apple Inc. All rights reserved.
+ * Copyright (C) 2006, 2007, 2014 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -425,6 +425,8 @@
return hr;
String urlString(urlBStr, SysStringLen(urlBStr));
+ if (urlString.isEmpty())
+ return E_FAIL;
auto it = m_entriesByURL.find(urlString);
if (it == m_entriesByURL.end())
@@ -460,6 +462,8 @@
return hr;
String urlString(urlBStr, SysStringLen(urlBStr));
+ if (urlString.isEmpty())
+ return E_FAIL;
COMPtr<IWebHistoryItem> oldEntry(m_entriesByURL.get(urlString));
@@ -496,7 +500,11 @@
void WebHistory::visitedURL(const URL& url, const String& title, const String& httpMethod, bool wasFailure, bool increaseVisitCount)
{
- IWebHistoryItem* entry = m_entriesByURL.get(url.string()).get();
+ const String& urlString = url.string();
+ if (urlString.isEmpty())
+ return;
+
+ IWebHistoryItem* entry = m_entriesByURL.get(urlString).get();
if (!entry) {
COMPtr<WebHistoryItem> item(AdoptCOM, WebHistoryItem::createInstance());
if (!item)
@@ -510,10 +518,10 @@
if (!SystemTimeToVariantTime(¤tTime, &lastVisited))
return;
- if (FAILED(entry->initWithURLString(BString(url.string()), BString(title), lastVisited)))
+ if (FAILED(entry->initWithURLString(BString(urlString), BString(title), lastVisited)))
return;
- m_entriesByURL.set(url.string(), entry);
+ m_entriesByURL.set(urlString, entry);
}
COMPtr<IWebHistoryItemPrivate> entryPrivate(Query, entry);
@@ -530,13 +538,17 @@
postNotification(kWebHistoryItemsAddedNotification, userInfo.get());
}
-HRESULT WebHistory::itemForURL(BSTR url, IWebHistoryItem** item)
+HRESULT WebHistory::itemForURL(BSTR urlBStr, IWebHistoryItem** item)
{
if (!item)
return E_FAIL;
*item = 0;
- auto it = m_entriesByURL.find(url);
+ String urlString(urlBStr, SysStringLen(urlBStr));
+ if (urlString.isEmpty())
+ return E_FAIL;
+
+ auto it = m_entriesByURL.find(urlString);
if (it == m_entriesByURL.end())
return E_FAIL;
@@ -546,6 +558,9 @@
HRESULT WebHistory::removeItemForURLString(const WTF::String& urlString)
{
+ if (urlString.isEmpty())
+ return E_FAIL;
+
auto it = m_entriesByURL.find(urlString);
if (it == m_entriesByURL.end())
return E_FAIL;
@@ -558,8 +573,8 @@
COMPtr<IWebHistoryItem> WebHistory::itemForURLString(const String& urlString) const
{
- if (!urlString)
- return 0;
+ if (urlString.isEmpty())
+ return nullptr;
return m_entriesByURL.get(urlString);
}
Modified: trunk/Source/WebKit/win/WebPreferences.cpp (169908 => 169909)
--- trunk/Source/WebKit/win/WebPreferences.cpp 2014-06-12 20:23:25 UTC (rev 169908)
+++ trunk/Source/WebKit/win/WebPreferences.cpp 2014-06-12 20:34:28 UTC (rev 169909)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011 Apple Inc. All rights reserved.
+ * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2014 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -154,6 +154,9 @@
return sharedStandardPreferences();
WTF::String identifierString(identifier, SysStringLen(identifier));
+ if (identifierString.isEmpty())
+ return sharedStandardPreferences();
+
return webPreferencesInstances.get(identifierString).get();
}
@@ -162,6 +165,8 @@
if (!identifier || !instance)
return;
WTF::String identifierString(identifier, SysStringLen(identifier));
+ if (identifierString.isEmpty())
+ return;
webPreferencesInstances.add(identifierString, instance);
}
@@ -171,6 +176,8 @@
return;
WTF::String identifierString(identifier, SysStringLen(identifier));
+ if (identifierString.isEmpty())
+ return;
WebPreferences* webPreference = webPreferencesInstances.get(identifierString).get();
if (webPreference && webPreference->m_refCount == 1)
webPreferencesInstances.remove(identifierString);
Modified: trunk/Source/WebKit/win/WebView.cpp (169908 => 169909)
--- trunk/Source/WebKit/win/WebView.cpp 2014-06-12 20:23:25 UTC (rev 169908)
+++ trunk/Source/WebKit/win/WebView.cpp 2014-06-12 20:34:28 UTC (rev 169909)
@@ -96,6 +96,7 @@
#include <WebCore/FrameTree.h>
#include <WebCore/FrameView.h>
#include <WebCore/FrameWin.h>
+#include <WebCore/FullScreenController.h>
#include <WebCore/GDIObjectCounter.h>
#include <WebCore/GeolocationController.h>
#include <WebCore/GeolocationError.h>
@@ -717,7 +718,7 @@
if (m_mouseOutTracker) {
m_mouseOutTracker->dwFlags = TME_CANCEL;
::TrackMouseEvent(m_mouseOutTracker.get());
- m_mouseOutTracker.clear();
+ m_mouseOutTracker.reset();
}
revokeDragDrop();
@@ -1539,7 +1540,7 @@
} else if (message == WM_MOUSELEAVE && m_mouseOutTracker) {
// Once WM_MOUSELEAVE is fired windows clears this tracker
// so there is no need to disable it ourselves.
- m_mouseOutTracker.clear();
+ m_mouseOutTracker.reset();
m_page->mainFrame().eventHandler().mouseMoved(mouseEvent);
handled = true;
} else if (message == WM_MOUSEMOVE) {
@@ -1548,7 +1549,7 @@
mouseEvent.setClickCount(globalClickCount);
handled = m_page->mainFrame().eventHandler().mouseMoved(mouseEvent);
if (!m_mouseOutTracker) {
- m_mouseOutTracker = adoptPtr(new TRACKMOUSEEVENT);
+ m_mouseOutTracker = std::make_unique<TRACKMOUSEEVENT>();
m_mouseOutTracker->cbSize = sizeof(TRACKMOUSEEVENT);
m_mouseOutTracker->dwFlags = TME_LEAVE;
m_mouseOutTracker->hwndTrack = m_viewWindow;
@@ -6195,13 +6196,13 @@
return S_OK;
}
-HRESULT STDMETHODCALLTYPE WebView::registerEmbeddedViewMIMEType(BSTR mimeType)
+HRESULT WebView::registerEmbeddedViewMIMEType(BSTR mimeType)
{
if (!mimeType)
return E_POINTER;
if (!m_embeddedViewMIMETypes)
- m_embeddedViewMIMETypes = adoptPtr(new HashSet<String>);
+ m_embeddedViewMIMETypes = std::make_unique<HashSet<String>>();
m_embeddedViewMIMETypes->add(toString(mimeType));
return S_OK;
@@ -6212,6 +6213,9 @@
if (!m_embeddedViewMIMETypes)
return false;
+ if (mimeType.isEmpty())
+ return false;
+
return m_embeddedViewMIMETypes->contains(mimeType);
}
@@ -6299,7 +6303,7 @@
ASSERT(!m_fullScreenVideoController);
}
- m_fullScreenVideoController = adoptPtr(new FullscreenVideoController);
+ m_fullScreenVideoController = std::make_unique<FullscreenVideoController>();
m_fullScreenVideoController->setMediaElement(videoElement);
m_fullScreenVideoController->enterFullscreen();
#endif
@@ -6902,7 +6906,7 @@
FullScreenController* WebView::fullScreenController()
{
if (!m_fullscreenController)
- m_fullscreenController = adoptPtr(new FullScreenController(this));
+ m_fullscreenController = std::unique_ptr<FullScreenController>(new FullScreenController(this));
return m_fullscreenController.get();
}
Modified: trunk/Source/WebKit/win/WebView.h (169908 => 169909)
--- trunk/Source/WebKit/win/WebView.h 2014-06-12 20:23:25 UTC (rev 169908)
+++ trunk/Source/WebKit/win/WebView.h 2014-06-12 20:34:28 UTC (rev 169909)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Apple Inc. All rights reserved.
+ * Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012, 2014 Apple Inc. All rights reserved.
* Copyright (C) 2009, 2010, 2011 Appcelerator, Inc. All rights reserved.
* Copyright (C) 2011 Brent Fulgham. All rights reserved.
*
@@ -41,7 +41,6 @@
#include <WebCore/SuspendableTimer.h>
#include <WebCore/WindowMessageListener.h>
#include <wtf/HashSet.h>
-#include <wtf/OwnPtr.h>
#include <wtf/RefPtr.h>
#if ENABLE(FULLSCREEN_API)
@@ -1126,11 +1125,11 @@
static bool s_allowSiteSpecificHacks;
WebCore::SuspendableTimer* m_closeWindowTimer;
- OwnPtr<TRACKMOUSEEVENT> m_mouseOutTracker;
+ std::unique_ptr<TRACKMOUSEEVENT> m_mouseOutTracker;
HWND m_topLevelParent;
- OwnPtr<HashSet<WTF::String> > m_embeddedViewMIMETypes;
+ std::unique_ptr<HashSet<WTF::String>> m_embeddedViewMIMETypes;
//Variables needed to store gesture information
RefPtr<WebCore::Node> m_gestureTargetNode;
@@ -1140,7 +1139,7 @@
long m_yOverpan;
#if ENABLE(VIDEO)
- OwnPtr<FullscreenVideoController> m_fullScreenVideoController;
+ std::unique_ptr<FullscreenVideoController> m_fullScreenVideoController;
#endif
bool isAcceleratedCompositing() const { return m_isAcceleratedCompositing; }
@@ -1161,7 +1160,7 @@
#if ENABLE(FULLSCREEN_API)
RefPtr<WebCore::Element> m_fullScreenElement;
- OwnPtr<WebCore::FullScreenController> m_fullscreenController;
+ std::unique_ptr<WebCore::FullScreenController> m_fullscreenController;
WebCore::IntPoint m_scrollPosition;
#endif
};
