Skip to site navigation (Press enter)

[webkit-changes] [174512] trunk/Source/WebKit2

aestes Thu, 09 Oct 2014 11:17:01 -0700

Title: [174512] trunk/Source/WebKit2

Revision: 174512
Author: [email protected]
Date: 2014-10-09 11:16:12 -0700 (Thu, 09 Oct 2014)

Log Message

[iOS] Crash in CFURLDownloadClient.didFail if the download has a null resumeData
https://bugs.webkit.org/show_bug.cgi?id=137551


Reviewed by David Kilzer.

CFDataGetBytePtr() and CFDataGetLength() crash if passed a null value.

* Shared/Downloads/ios/DownloadIOS.mm:
(WebKit::setUpDownloadClient):

Modified Paths

trunk/Source/WebKit2/ChangeLog
trunk/Source/WebKit2/Shared/Downloads/ios/DownloadIOS.mm

Diff

Modified: trunk/Source/WebKit2/ChangeLog (174511 => 174512)


--- trunk/Source/WebKit2/ChangeLog	2014-10-09 18:10:31 UTC (rev 174511)
+++ trunk/Source/WebKit2/ChangeLog	2014-10-09 18:16:12 UTC (rev 174512)
@@ -1,3 +1,15 @@
+2014-10-09  Andy Estes  <[email protected]>
+
+        [iOS] Crash in CFURLDownloadClient.didFail if the download has a null resumeData
+        https://bugs.webkit.org/show_bug.cgi?id=137551
+
+        Reviewed by David Kilzer.
+
+        CFDataGetBytePtr() and CFDataGetLength() crash if passed a null value.
+
+        * Shared/Downloads/ios/DownloadIOS.mm:
+        (WebKit::setUpDownloadClient):
+
 2014-10-09  Carlos Garcia Campos  <[email protected]>
 
         [X11] Plugin process crashes in NetscapePlugin::platformPostInitialize()

Modified: trunk/Source/WebKit2/Shared/Downloads/ios/DownloadIOS.mm (174511 => 174512)


--- trunk/Source/WebKit2/Shared/Downloads/ios/DownloadIOS.mm	2014-10-09 18:10:31 UTC (rev 174511)
+++ trunk/Source/WebKit2/Shared/Downloads/ios/DownloadIOS.mm	2014-10-09 18:16:12 UTC (rev 174512)
@@ -117,7 +117,7 @@
     client.didFail = [](CFURLDownloadRef downloadRef, CFErrorRef error, const void* clientInfo) {
         dispatchOnMainThread(^{
             auto resumeData = adoptCF(CFURLDownloadCopyResumeData(downloadRef));
-            toDownload(clientInfo)->didFail(error, IPC::DataReference(CFDataGetBytePtr(resumeData.get()), CFDataGetLength(resumeData.get())));
+            toDownload(clientInfo)->didFail(error, IPC::DataReference(resumeData ? CFDataGetBytePtr(resumeData.get()) : nullptr, resumeData ? CFDataGetLength(resumeData.get()) : 0));
         });
     };
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes