WebKit Bugzilla
Attachment 361930 Details for
Bug 194605
: Encrypted PDFs inside <embed> or <object> crash the Web Content process
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-194605-20190213121155.patch (text/plain), 9.76 KB, created by
Tim Horton
on 2019-02-13 12:11:56 PST
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Tim Horton
Created:
2019-02-13 12:11:56 PST
Size:
9.76 KB
patch
obsolete
>Subversion Revision: 241288 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 4d18124dfe1f44683aaa7077a6350b8acf9c7d07..3929b25aff015d413029f85e091c0898e6e62406 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,24 @@ >+2019-02-13 Tim Horton <timothy_horton@apple.com> >+ >+ Encrypted PDFs inside <embed> or <object> crash the Web Content process >+ https://bugs.webkit.org/show_bug.cgi?id=194605 >+ <rdar://problem/19894818> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * WebProcess/Plugins/PDF/PDFPlugin.mm: >+ (WebKit::PDFPlugin::createPasswordEntryForm): >+ Don't try to create a password form field if we can't make form fields. >+ >+ This means you will be left with a useless embedded PDF, but at least >+ the Web Content process won't crash. >+ >+ We'll need to find an alternative implementation of PDF embedded form >+ fields that is compatible with <embed> and <object> if we want to support >+ this. Currently we piggy-back off the fact that we can just insert >+ <input>s into the PluginDocument's DOM, but we can't do that if there >+ is no PluginDocument, just a main document, like in the <embed> case. >+ > 2019-02-11 Alex Christensen <achristensen@webkit.org> > > Remove noisy and unnecessary logs added in r241223 >diff --git a/Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm b/Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm >index 79ced89bdc705f0c41330b2295ea6499b783eeae..8dee71e4fc560c42e4393e74479180ed061248e2 100644 >--- a/Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm >+++ b/Source/WebKit/WebProcess/Plugins/PDF/PDFPlugin.mm >@@ -1124,6 +1124,9 @@ void PDFPlugin::runScriptsInPDFDocument() > > void PDFPlugin::createPasswordEntryForm() > { >+ if (!supportsForms()) >+ return; >+ > m_passwordField = PDFPluginPasswordField::create(m_pdfLayerController.get(), this); > m_passwordField->attach(m_annotationContainer.get()); > } >diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog >index 7d3bee2ef7d39de7b1879db665f67adfe8dc0d38..8a678eec1e32e1d8206cb716d94e5ef05094b877 100644 >--- a/LayoutTests/ChangeLog >+++ b/LayoutTests/ChangeLog >@@ -1,3 +1,16 @@ >+2019-02-13 Tim Horton <timothy_horton@apple.com> >+ >+ Encrypted PDFs inside <embed> or <object> crash the Web Content process >+ https://bugs.webkit.org/show_bug.cgi?id=194605 >+ <rdar://problem/19894818> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * fast/replaced/encrypted-pdf-as-object-and-embed-expected.txt: Added. >+ * fast/replaced/encrypted-pdf-as-object-and-embed.html: Added. >+ * fast/replaced/resources/encrypted-image.pdf: Added. >+ Add a test ensuring that we don't crash with encrypted PDF in <object> or <embed>. >+ > 2019-02-11 Myles C. Maxfield <mmaxfield@apple.com> > > [Cocoa] Ask platform for generic font family mappings >diff --git a/LayoutTests/fast/replaced/encrypted-pdf-as-object-and-embed-expected.txt b/LayoutTests/fast/replaced/encrypted-pdf-as-object-and-embed-expected.txt >new file mode 100644 >index 0000000000000000000000000000000000000000..1e4231ac2f28de6bef15471e33976f35a8bbb835 >--- /dev/null >+++ b/LayoutTests/fast/replaced/encrypted-pdf-as-object-and-embed-expected.txt >@@ -0,0 +1,3 @@ >+This test passes as long as it does not crash. >+ >+ >diff --git a/LayoutTests/fast/replaced/encrypted-pdf-as-object-and-embed.html b/LayoutTests/fast/replaced/encrypted-pdf-as-object-and-embed.html >new file mode 100644 >index 0000000000000000000000000000000000000000..b02f8a82b1bad9747303747b2936e8e42460e540 >--- /dev/null >+++ b/LayoutTests/fast/replaced/encrypted-pdf-as-object-and-embed.html >@@ -0,0 +1,15 @@ >+<html> >+<head> >+<script> >+ if (window.testRunner) >+ testRunner.dumpAsText(); >+</script> >+</head> >+<body style='margin: 0px'> >+This test passes as long as it does not crash. >+<div> >+ <div><object data="resources/encrypted-image.pdf"></object></div> >+ <div><embed src="resources/encrypted-image.pdf" type="application/pdf"></embed></div> >+</div> >+</body> >+</html> >\ No newline at end of file >diff --git a/LayoutTests/fast/replaced/resources/encrypted-image.pdf b/LayoutTests/fast/replaced/resources/encrypted-image.pdf >new file mode 100644 >index 0000000000000000000000000000000000000000..f32b0ece79c0e1f7a8101a0273d2005972b3bc8b >GIT binary patch >literal 5968 >zcmcgw2|QI@*B2giDO04;sU$;n?>%=mg^SE&mhn!83|IGFg$NZXm6;@DN+DxKs3asw >z@<jDSD#=vI&@8>@;65t7@Atgl_xpYK$2ohiv)9^duf5h@`@c4t>*#GkZ^a`vHuR78 >zkK|9BX>VvkU;z}sr0znfsR2l1hOaxv1HeHf3jnF->CIuVptm=L!_Z;Sm~;l9p@Cp? >zSPY5}V&d*3E)jDnv(>+*drH1}kYt)BHXabQHu_IzIWg_=^8(*Ot4c36s%=`KciJGE >ze{;4_oxi8k8dGD_rcwTY$M}m`z4Gf4z86Zn9lj(&3~yWMbzoIgzOzHY2Q{y$rnU~A >zDNwz_yR%~x$xOA=Cv+O+*lZv2_D1uo!`CFkCkMs~sux|SR3;XO>JO+m8Ey4Ct$EyA >z$sdruyxQ{}PuHt@I%qO+`>kEHq6zKn$L0;zC+=O<=}=EV$)E3|dB|UO0=^oGT5BFG >zQB|10K8m=hRQD#XPjFG1cd`D<xcfU%C#Zofx0Ln-tW?t|I<P|L@H=&D-YKPX@v`BX >zgO`pt9?ZtnU$9n8eb*W+fE1p(oV{H<-c!^RZ4}c&Z8+1-fBFuVxxc7AeoQjpP_Dyw >zSKf>LnI7FCl80nnZv&~xNQI%8F~1z<zP3dc-u1#8_DpKI*B)x;SeQS2o;<FL%`AU@ >zVfskC34MFv)@ue?aw#dhMMK0@gT_6t4r+@=#+U61Dpx|BIG`Ol+E~MT<MWawJcpG( >zpSYcDiIm(){nNPLO66(M{cl+X8S7-a)|#yfywgYxu2#wqe6t<js{A#Yzjj61$H7R< >z(rCG!w>G6AhnyNRs+EXt$7-|{SdxyLm9xkQhA(|?tDzR`A+TG(Z!8f7e}tRh56)v1 >z=*Iw%<`nmtCyU|B0Wh<UWWiuF{aG{y8^F&J$V^`j^qmdB&Ifs#34`uQ(Pjn!4k(C# >zM}q)?1UexgXPcV`=Hoi4Ig3fNWN-inXfho=0BPU@O{qQiCeOVM04D%RW_mMOmVOi( >z1Ax7o%tixf^vsNqWTc%Lbr*xinfYYkg9Zq*x)}I?0BLRz?Cx_Kz+br<%!LVYmSJ|? >zTxm#4e=29j5;J-MNLx=j6jCG*K<YC*-90!nO#^8CEI%e3SO^ZwAF|jFy3Xl{v^1fx >zy#UA<Gd9xp<gm>dEHcx_kLe2=m-yQVg^l)aB6NAuQ4E-$ygjZwhp+Sa$dGdQ8WM@H >zgB52K``uN~y;-8}lz?G;0=f-2e-cw&<K8o5)Y;*7ZW&!X#M8|tkvd$^`=xm}#xeE= >z^HYzxe|Vzk(ee)04auL?(ww&oX}5^Vz5Aw>TvV|?;UPP=?z33GzhOf4kw;gjKJ38y >z<kfl<RArqJvt&g#`+|>)k3ULU=wYx$VI!mQe|s3b6~EXW4Lb?sHUG%)82sOchnxS6 >z;pd$5|8DsEuA(1-<&{T<IwV)4YL@n_@%CR59CBH)X6>pLbGmOzZm~!P#m=jE&C{^G >z%cTa+E;P){l3_F8v0R5l|K{LE&z;==8_Uc)AOfkw*yBlKY-dpdf3g@b>#G0IApa>> >z#9E7ol`@x%^D4(XHOok)QnpMF_jK<vOZlq{I3Ug!ZjyfiOg5664pXT)p}xzpMZ3sn >zpT|MUcoe1IwIOWBp;F!boQ|sUJ-R~`O^-@V4pfjTu`i8RG94;UH#}Dg5>j-qX&&9E >zC)-U{C>OTLYLHV)tLPM6eH=X&#>eO@>p8F_L$KKO&H$BPu<!QXcVX9h4S|mEH$t)6 >z?Qzd5%CJF3$WV<3!7Co?D!J6YJ#6ce^wc}x?6IN4^~ucY2iI9^VwihQY3qzEs|+~; >zv|89zH=G`L8{qv1*~I3uvwGLW<5lkr+Lq|Y6-2SW46h8uHehv`jf1FLWEI(mMHZCZ >zq37ys9u9ew+!P6#c4<nDzj-4}x@C{z5-(oqEw9|1tjhLAX~~+NIwDQe)*ToW-6bjH >zcfzW5d20y}SRdUW{%j;T<>s>_bS-j1&elGnIS{n9dovtW)O4xBZ{PmA!??VAQi%SN >zi~L{F6&(3QqV(WoJh44MT>T{_^F2fJxmC>zU;IVdr|6yHPb<_dx^Ku-6OQR;gvTUH >zW{&wBY9G;v>+}Ue@?S<9ZoP2r!_y>r%hw~h%bL8HyG>eEnjco_CE7TMZU4O2IP~IJ >z&cWi7#n*4`ywZnThF2IeQHZcAlo&D=KE3VA)iCxa#uvwZ!HEQ|HHEI$?6{b^C)H_J >zj_03p?6U=XD$S0$Dh2n5^=Ifm{ZqX_(tBfY+cavQalN~aoseHJuTI)GS+U`i8w9hp >zPoDLixp_wAVG=EQX&qs}@KN1a%fBWn(c3oTd62i)?s8ip?{Sr`$-}zHib@lgKd8D@ >zBRlU1>H4w5P67k22SP?LOUM1mHN~wtZTDKc>c2~PO1-k(vHeu0#F~dqQFWMT=QsuV >z>oFqDVGhnzz8-B%<<ONQ7jK+bSSHx$OqJQtD&G|zP+s0?dL;~N*5-|4+2MR{BX~a7 >zTBjH?eiN|VWJ$o_|Bl!nv*lb4LC>Yge-yF5B$5Bmh!r-T67<`4d)Kv8&F^{9tJWWl >z+7<D*;Y`f)M*br=am3O{%aJ1cbFyBbx|a&CaX-0{>M&a5OCYX{*gTppn03iz#a@xS >z!xR2|=ThPu+`C8AmhmtDg3JmSlNWmPA{=$Ntm;hX09mZoFf@I0seX^<3YYPax5?j4 >zS6ORG4vxP??F@`TT%(Gj-w4PMZI(D2^<Yvn-&l%Di$$hL8I|mnc2LRnkWPA+c<|P- >z_I(oaw-PN2S{JYAu^w+5V;U5qx3kgwI%1z?jQ5{%wbs~SOH51F7*G_@!{j9yY7NHW >zd%&+&yI12rioBB2rv$%eDpPTjh!-A)>G4kEy8KJJ_=@jWem|=;GIck{?oRdxyTxe& >zKB=!{WIKjJ)H)_(38?4iS9<LWu3ou#ncc^eYF}0tbL7g5?AQsi78#_QFRY_m>>rF> >z!KZ$B5%QHb`YI~oinL|0l3$}rSGS$P(LWID!&Ip};r{t!u65lSt<py;?@O9hY-(TC >z#XsryW^m%5oLqTnP3so0H^HB%|60_JXtt6JMDj*GZabGfS|3~H*Cz1VAVOxOV(n<P >zSZ_Z)``ppt)J=DMvrdVqY&td8ms?RY_TrW*)v00R;>mWA%BVsk<J=$~_tO&D1LMs2 >z%+P^R-bl;IuHp}y&we^tRABwy>s>fs9QwXchQVf}Cr*2lO5zTG>w-&-n#n4W{<UeD >zqY^gR?|Le-{p(d-6lLX-mKxp=-w|Q&b7`%Ucok2D^c|jwLw_~(_eyTm(X@y#KW~7U >z*sxR8vT$51%*oJsP5oDy$IImd`3iXi_l~>B$Bx>@ra!1J<DC{uZ`<f2RqHs>?{AtT >zWIgQQA<|=)lt(2FN`3t7ry>-5Ek|RYOV*ooRQ1;HU8%7)hUij>>qE_K{oWvFeebD| >zCOPx(Q@4H-k#MBJDU^Vk&!IowE4dLlcMmj$Zm&o!7y<c0w=`fbCt7TWZkqocFe<5D >z!T)K4k*lj?^VGh(qxRw7CoTx`w)EH9PxsXrGq*f{XrfwB(*E&v&?V&{9X;KmDuL1= >z2_b=URl`HqRZTN=%o450q8ptfw>p?6rAs&=j<*j7#I$!jI{3arQ<}Y3#LR#sqFtq< >zO-_o=%~f|fQuc?8;M$B7h2UlO_0ol)WUY`VIk(Sv@%n=*_hMDwax@jE(T5N6erSje >zI&PxBYSBISP|*>QF6l%m{e998)tdDK)(X^57DSrm$Lxt4_?SX#+bVjhcd?38B&zwH >z+%-MZsBsCaZ*OPM67@9Hm~{#rm1u8ra?bL#NDx#a*u_=3cEEdq1nwe#+=96VX` >zf?3|ft<nm+-KylZH1TzU&1H@JCaAkw;^ETbc^}{H(Vy&84P3kCb=1a$ym0nj7iN5` >zZ#EsEH@*5+)(KW-p5mZ#-wS@J&ODiVV!-Rtl}NNiEcIFRgO1)$r^~FbUfR&W+p>nl >zzRIW*dnzZO@cGWO+`^(UaDrK$uWP<~xf;7-&?XBlCTFv#=w3^&@E<!5kUhu1%e+DR >z7e8})YU{ED>BW%RB;tJiyijM!da`*{J3?B!(lbK5Z1WZIugNc?1%M?4nIbDY=?7o7 >z@$Kqc@4@GokVqc}j}m1BB>0Z?Dr=*ZZ_41(rP){C(;G2Ci*_8GRtm&&Dq0-no-TKv >zs-U<($=dNOg&<f`6zJBLwcJ|x!)n934j1glPM#T<)@yRQ-dgQwRlt9D{h;{12-UlI >zgQdMo$-J^7JdNvD3P&AES@+DnIMUQ1`(<j5xtm2dknjfMf7DoZb?PzXl@evY-9iHP >zVb-~V&tAyC;4RBdp9VClB#%ceUFV<uq#;gyYu4qbXX)LU1M+9=?43tk&yR02OE<HB >zE?i>Xq*yc6ULkx(k#2iHtTyjU&G1V=wkYykr*fG$+c@X(P7&wfK(~)$0#m-6!mK|M >z!f%0>!_>%m@tp?s{0ExsbZ`|>TO1epc@VJ|($X(FuI}~xP3UpK69G^BI~l@23=T&K >z#u<>w+7vc}4xnf8p%ZryH)LV-Hk%<~c**{EfDuMf{tz-k14tuJIvYZWv)IY$2ONjy >zVvKp2WD1Ak&2*o|u52!7wPCQ>o=jf=2~|vf<mUnsg<lIGjwlS~$p+|&-Ry`$;l30? >zO|&Bl#O;L|gjfnOLy@~K5JoWY;ui>62Qh%PmN4s8A4m*-+XtwPX9tfEuiie9Gxfm) >z>SE<=uhl~zQ5(nvc)X9J<C7b3!_5(e#`L}Np(*3~cRDH#-O{sdpVTkv&c6wB)qkys >zo>zfu{{<>EJRhxy{TefPLEYGS3nUQtr}sP;_X@LsE8+OJFQ0u&q9S(g-?aytjZmV# >zu3s)7u{X8^UIz4!-mvbzF(eOfG%t?3!3)Gi!3+;uZPl;6f`sAvEF!U!qownVT=3%n >z{Ov5<1<h=%C&!xspl5MB5~>)`{b^7sYsT&nawJ0)EDjUu&sGCw`_N|Vz$ZO82e?g` >zbhwY;_Kg^UdzmcAtw307NQ#!0xv|PTbrvqpR}4Vz6%ba4n=&jp6kj@pMF)^JQ1Jt4 >z0YA8j2ZRtkS#PEuVacJ-wY2;>9=dyAypPmj(#-rAz6fZL2{gN|r43Y6;4;HL3jZN3 >zIX+NPWL5z5V$FBV05vp*hR0K|7#fy@qEIMQ44pwEk}!B8jlm#*3?kKyg2&?^_)RC# >z2{a6qfd(mPDhUIEBsU5XOM}WL)_@v_C!*az6paQ|f(SSgNX3w-7@Qm04U2=A=orW| >z|KktR(j3@={h_`Sz+$)|PymQW%rgRb91ep6+<-Y6mWYA23;qGVTp9{Tf~@>A4GR*W >zt@xRSf`VfK4M%{En_tG^Ns!O{LL-6;XlOKX0WTUvEzkvx#Y1P`&+@P!W&sVvVixF! >z!GH_rz%HB@#KI+_pXb0}unTyxAbP>PSPX6<4I22XJS^ld3uyS?jKdQa*Z@nwE!Yn% >z5iWB5tTUGMBQJ+V@$_b}X3El*o<UGpLe(1!CKEc{=jv{{zBE>#9|xF;GbkJleBGGP >z(LWQK20GB;uSUhWkx&FTEC!3CxDjYL6oHB+;ZY0*6~mwsaYPNo|2zb$BhFORC@jv5 >Qlj1-E4zY2gu9+U<UpAW@AOHXW > >literal 0 >HcmV?d00001 >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=361930">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 194605
:
361930
|
361936
|
361938