WebKit Bugzilla
Attachment 347488 Details for
Bug 176803
: [SOUP] Check length before calling soup_message_body_append_buffer.
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-176803-20180820105306.patch (text/plain), 4.25 KB, created by
Ms2ger (he/him; ⌚ UTC+1/+2)
on 2018-08-20 01:53:07 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Ms2ger (he/him; ⌚ UTC+1/+2)
Created:
2018-08-20 01:53:07 PDT
Size:
4.25 KB
patch
obsolete
>Subversion Revision: 235024 >diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog >index b10624796965f94606f59cc8c78f6d03c8d0c2cb..be754e1defc1d0d5f2de8f064066d8575673e0e6 100644 >--- a/Source/WebCore/ChangeLog >+++ b/Source/WebCore/ChangeLog >@@ -1,3 +1,18 @@ >+2018-08-20 Ms2ger <Ms2ger@igalia.com> >+ >+ [SOUP] Check length before calling soup_message_body_append_buffer. >+ https://bugs.webkit.org/show_bug.cgi?id=176803 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ The function has a precondition that the buffer is non-empty. >+ >+ Test: http/tests/local/blob/send-hybrid-blob-using-open-panel.html >+ >+ * platform/network/soup/ResourceRequestSoup.cpp: >+ (WebCore::appendEncodedBlobItemToSoupMessageBody): >+ (WebCore::ResourceRequest::updateSoupMessageBody const): >+ > 2018-08-19 Yusuke Suzuki <yusukesuzuki@slowstart.org> > > Shrink size of WebCore::Event further by reordering members >diff --git a/Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp b/Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp >index 226aee9f00eba46acfe303d74d6da182c72c7eb5..9fb72bdbf74227c0057739a24af676a74d7f5746 100644 >--- a/Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp >+++ b/Source/WebCore/platform/network/soup/ResourceRequestSoup.cpp >@@ -50,8 +50,12 @@ static uint64_t appendEncodedBlobItemToSoupMessageBody(SoupMessage* soupMessage, > return 0; > > if (RefPtr<SharedBuffer> buffer = SharedBuffer::createWithContentsOfFile(blobItem.file()->path())) { >+ if (buffer->isEmpty()) >+ return 0; >+ > GUniquePtr<SoupBuffer> soupBuffer(buffer->createSoupBuffer(blobItem.offset(), blobItem.length() == BlobDataItem::toEndOfFile ? 0 : blobItem.length())); >- soup_message_body_append_buffer(soupMessage->request_body, soupBuffer.get()); >+ if (soupBuffer->length) >+ soup_message_body_append_buffer(soupMessage->request_body, soupBuffer.get()); > return soupBuffer->length; > } > break; >@@ -77,9 +81,13 @@ void ResourceRequest::updateSoupMessageBody(SoupMessage* soupMessage) const > break; > case FormDataElement::Type::EncodedFile: > if (RefPtr<SharedBuffer> buffer = SharedBuffer::createWithContentsOfFile(element.m_filename)) { >+ if (buffer->isEmpty()) >+ break; >+ > GUniquePtr<SoupBuffer> soupBuffer(buffer->createSoupBuffer()); > bodySize += buffer->size(); >- soup_message_body_append_buffer(soupMessage->request_body, soupBuffer.get()); >+ if (soupBuffer->length) >+ soup_message_body_append_buffer(soupMessage->request_body, soupBuffer.get()); > } > break; > case FormDataElement::Type::EncodedBlob: >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 3ac24c363dc74ee9dd2c7df30425d55cb65c6326..ee468e2958629ddaef913cff6b5513ea83fdb47a 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,12 @@ >+2018-08-20 Ms2ger <Ms2ger@igalia.com> >+ >+ [SOUP] Check length before calling soup_message_body_append_buffer. >+ https://bugs.webkit.org/show_bug.cgi?id=176803 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * platform/gtk/TestExpectations: Enable test. >+ > 2018-08-18 Ali Juma <ajuma@chromium.org> > > [IntersectionObserver] Fire an initial dummy notification >diff --git a/LayoutTests/platform/gtk/TestExpectations b/LayoutTests/platform/gtk/TestExpectations >index bce938a1d56730235ef71f899057123c5ae0e0f6..a4dc890e451610a3bca30b834237200b179010e4 100644 >--- a/LayoutTests/platform/gtk/TestExpectations >+++ b/LayoutTests/platform/gtk/TestExpectations >@@ -1269,8 +1269,6 @@ webkit.org/b/172955 media/video-preload.html [ Crash Pass ] > > webkit.org/b/175575 imported/w3c/web-platform-tests/html/semantics/embedded-content/media-elements/ready-states/autoplay-with-slow-text-tracks.html [ Crash Pass ] > >-webkit.org/b/176803 http/tests/local/blob/send-hybrid-blob-using-open-panel.html [ Crash ] >- > # See also webkit.org/b/141699 > webkit.org/b/177534 fast/attachment/attachment-respects-css-size.html [ Crash ImageOnlyFailure ] > # See also webkit.org/b/163528 Threaded compositor failures caused by one of r203496, r203497, or r203498
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=347488">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 176803
:
346763
| 347488