Attachment 346689 Details for Bug 184325 – Patch

[patch] Patch

bug-184325-20180807085847.patch (text/plain), 5.43 KB, created by Rob Buis on 2018-08-06 23:58:49 PDT

(hide)

Description:

Filename:

MIME Type:

Creator: Rob Buis

Created: 2018-08-06 23:58:49 PDT

Size: 5.43 KB

patch

obsolete

>Subversion Revision: 234641
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index 0c9ea71d8117106efdd24d081ea048283897029f..b28efcc08b40825d9a2e128de63f2c018c1edf5f 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,17 @@
>+2018-08-06  Rob Buis  <rbuis@igalia.com>
>+
>+        fetch() with subresource integrity crashes on zero length body
>+        https://bugs.webkit.org/show_bug.cgi?id=184325
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Check that resourceBuffer() is non null before dereferencing.
>+
>+        Tests: http/tests/subresource-integrity/sri-fetch.js
>+
>+        * loader/DocumentThreadableLoader.cpp:
>+        (WebCore::DocumentThreadableLoader::didFinishLoading):
>+
> 2018-08-04  Ryosuke Niwa  <rniwa@webkit.org>
> 
>         Add CEReactions=NotNeeded for reactions only needed for customized builtins
>diff --git a/Source/WebCore/loader/DocumentThreadableLoader.cpp b/Source/WebCore/loader/DocumentThreadableLoader.cpp
>index 0525bf615ec1e5cc0f5eeee0e35bb9e912b2e8ef..42d7ee96aaf7d9ef56f1d4cb245b34eca03392a0 100644
>--- a/Source/WebCore/loader/DocumentThreadableLoader.cpp
>+++ b/Source/WebCore/loader/DocumentThreadableLoader.cpp
>@@ -449,12 +449,14 @@ void DocumentThreadableLoader::didFinishLoading(unsigned long identifier)
> 
>         if (options().filteringPolicy == ResponseFilteringPolicy::Disable) {
>             m_client->didReceiveResponse(identifier, response);
>-            m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
>+            if (m_resource->resourceBuffer())
>+                m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
>         } else {
>             ASSERT(response.type() == ResourceResponse::Type::Default);
> 
>             m_client->didReceiveResponse(identifier, ResourceResponseBase::filter(response));
>-            m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
>+            if (m_resource->resourceBuffer())
>+                m_client->didReceiveData(m_resource->resourceBuffer()->data(), m_resource->resourceBuffer()->size());
>         }
>     }
> 
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
>index c2fe2120f7b6d4b08487354db321d199d4b73bde..e53a63b9c1210b7ae07ba821524ffbb96d23b40d 100644
>--- a/LayoutTests/ChangeLog
>+++ b/LayoutTests/ChangeLog
>@@ -1,3 +1,16 @@
>+2018-08-06  Rob Buis  <rbuis@igalia.com>
>+
>+        fetch() with subresource integrity crashes on zero length body
>+        https://bugs.webkit.org/show_bug.cgi?id=184325
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Add a subtest for zero length resources.
>+
>+        * http/tests/subresource-integrity/resources/empty-resource.txt: Added.
>+        * http/tests/subresource-integrity/sri-fetch-expected.txt:
>+        * http/tests/subresource-integrity/sri-fetch.js:
>+
> 2018-08-06  Simon Fraser  <simon.fraser@apple.com>
> 
>         De-flake some animation tests
>diff --git a/LayoutTests/http/tests/subresource-integrity/resources/empty-resource.txt b/LayoutTests/http/tests/subresource-integrity/resources/empty-resource.txt
>new file mode 100644
>index 0000000000000000000000000000000000000000..e69de29bb2d1d6434b8b29ae775ad8c2e48c5391
>diff --git a/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt b/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt
>index 45739d465daeb3a0e146affea0d88e08d2ae2c81..9d67b4263b9307395fccf294a2efe78bcd7c8f2c 100644
>--- a/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt
>+++ b/LayoutTests/http/tests/subresource-integrity/sri-fetch-expected.txt
>@@ -31,4 +31,5 @@ PASS Ineligible CORS empty integrity
> PASS Ineligible CORS SHA-512 integrity 
> PASS Ineligible CORS invalid integrity 
> PASS SHA-256 integrity with 'no-cors' mode 
>+PASS Resource with zero length body 
> 
>diff --git a/LayoutTests/http/tests/subresource-integrity/sri-fetch.js b/LayoutTests/http/tests/subresource-integrity/sri-fetch.js
>index 9bf44b1c913ec24d16952b6033b87c1e4a9596f1..db80eda5548a819adb77449492fcce3a70f9604d 100644
>--- a/LayoutTests/http/tests/subresource-integrity/sri-fetch.js
>+++ b/LayoutTests/http/tests/subresource-integrity/sri-fetch.js
>@@ -10,6 +10,7 @@ var main_host_and_port = main_host + ':' + port_string;
> var remote_host_and_port = remote_host + ':' + port_string;
> 
> var resource = "resources/resource.txt";
>+var empty_resource = "resources/empty-resource.txt";
> var crossorigin_anon_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-anon-resource.txt';
> var crossorigin_creds_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-creds-resource.txt';
> var crossorigin_ineligible_resource = location.protocol + '//' + remote_host_and_port + '/subresource-integrity/resources/crossorigin-ineligible-resource.txt';
>@@ -59,5 +60,6 @@ integrity("Ineligible CORS empty integrity", crossorigin_ineligible_resource, {
> integrity("Ineligible CORS SHA-512 integrity", crossorigin_ineligible_resource, { 'integrity': topSha512 }, new TypeError());
> integrity("Ineligible CORS invalid integrity", crossorigin_ineligible_resource, { 'integrity': invalidSha512 }, new TypeError());
> integrity("SHA-256 integrity with 'no-cors' mode", resource, { 'integrity': topSha256, 'mode': 'no-cors' }, new TypeError());
>+integrity("Resource with zero length body", empty_resource, { 'integrity': "47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=" });
> 
> done();

Actions: View | Formatted Diff | Diff

Attachments on bug 184325: 337247 | 346628 | 346689 | 346691 | 346692 | 346694 | 346696 | 346705