[webkit-changes] [187248] trunk

[beidson]

Title: [187248] trunk

Revision

187248

Author

beid...@apple.com

Date

2015-07-23 13:18:41 -0700 (Thu, 23 Jul 2015)

Log Message

Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext.
<rdar://problem/21949735> and https://bugs.webkit.org/show_bug.cgi?id=147227

Reviewed by Alexey Proskuryakov.

Source/WebKit2:

* WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
(WebKit::WebPlatformStrategies::createPingHandle): Skip it if there's a null NetworkingContext.

LayoutTests:

* http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt: Added.
* http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html: Added.

Modified Paths

• trunk/LayoutTests/ChangeLog
• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp

Added Paths

• trunk/LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt
• trunk/LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html

Diff

Modified: trunk/LayoutTests/ChangeLog (187247 => 187248)

--- trunk/LayoutTests/ChangeLog	2015-07-23 20:05:12 UTC (rev 187247)
+++ trunk/LayoutTests/ChangeLog	2015-07-23 20:18:41 UTC (rev 187248)
@@ -1,3 +1,13 @@
+2015-07-23  Brady Eidson  <beid...@apple.com>
+
+        Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext.
+        <rdar://problem/21949735> and https://bugs.webkit.org/show_bug.cgi?id=147227
+
+        Reviewed by Alexey Proskuryakov.
+
+        * http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt: Added.
+        * http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html: Added.
+
 2015-07-23  Michael Saboff  <msab...@apple.com>
 
         Application cache abort() tests are flaky

Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt (0 => 187248)

--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher-expected.txt	2015-07-23 20:18:41 UTC (rev 187248)
@@ -0,0 +1,6 @@
+CONSOLE MESSAGE: Refused to load the font 'http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff' because it violates the following Content Security Policy directive: "font-src http://webkit.org".
+
+CONSOLE MESSAGE: Refused to load the font 'http://127.0.0.1:8000/security/contentSecurityPolicy/example_font.woff' because it violates the following Content Security Policy directive: "font-src http://webkit.org".
+
+The iframe below triggers a violation report creating the initial empty document. It should not crash the web process.
+

Added: trunk/LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html (0 => 187248)

--- trunk/LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html	                        (rev 0)
+++ trunk/LayoutTests/http/tests/security/contentSecurityPolicy/user-style-sheet-font-crasher.html	2015-07-23 20:18:41 UTC (rev 187248)
@@ -0,0 +1,16 @@
+<html>
+<head>
+<meta content="font-src http://webkit.org; report-uri http://webkit.org/report;" http-equiv="Content-Security-Policy">
+<script>
+if (window.testRunner) {
+    testRunner.dumpAsText();
+    testRunner.waitUntilDone();
+    testRunner.addUserStyleSheet("@font-face { font-family: ExampleFont; src: url(example_font.woff); }", true);
+}
+</script>
+</head>
+<body>
+The iframe below triggers a violation report creating the initial empty document. It should not crash the web process.<br>
+<iframe src=""
+</body>
+</html>

Modified: trunk/Source/WebKit2/ChangeLog (187247 => 187248)

--- trunk/Source/WebKit2/ChangeLog	2015-07-23 20:05:12 UTC (rev 187247)
+++ trunk/Source/WebKit2/ChangeLog	2015-07-23 20:18:41 UTC (rev 187248)
@@ -1,3 +1,13 @@
+2015-07-23  Brady Eidson  <beid...@apple.com>
+
+        Crash in WebPlatformStrategies::createPingHandle - Deref a null NetworkingContext.
+        <rdar://problem/21949735> and https://bugs.webkit.org/show_bug.cgi?id=147227
+
+        Reviewed by Alexey Proskuryakov.
+
+        * WebProcess/WebCoreSupport/WebPlatformStrategies.cpp:
+        (WebKit::WebPlatformStrategies::createPingHandle): Skip it if there's a null NetworkingContext.
+
 2015-07-23  Tim Horton  <timothy_hor...@apple.com>
 
         Remove some files that should have been removed with WebKit2 Windows

Modified: trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp (187247 => 187248)

--- trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp	2015-07-23 20:05:12 UTC (rev 187247)
+++ trunk/Source/WebKit2/WebProcess/WebCoreSupport/WebPlatformStrategies.cpp	2015-07-23 20:18:41 UTC (rev 187248)
@@ -251,6 +251,11 @@
 
 void WebPlatformStrategies::createPingHandle(NetworkingContext* networkingContext, ResourceRequest& request, bool shouldUseCredentialStorage)
 {
+    // It's possible that call to createPingHandle might be made during initial empty Document creation before a NetworkingContext exists.
+    // It is not clear that we should send ping loads during that process anyways.
+    if (!networkingContext)
+        return;
+
     auto& webProcess = WebProcess::singleton();
     if (!webProcess.usesNetworkProcess()) {
         LoaderStrategy::createPingHandle(networkingContext, request, shouldUseCredentialStorage);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes