Null-deref when decoding web archive with no data key in LegacyWebArchive::createResource
authordarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 1 Sep 2010 01:02:10 +0000 (01:02 +0000)
committerdarin@apple.com <darin@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 1 Sep 2010 01:02:10 +0000 (01:02 +0000)
https://bugs.webkit.org/show_bug.cgi?id=45000

Reviewed by Sam Weinig.

WebCore:

Test: webarchive/loading/missing-data.html

* loader/archive/cf/LegacyWebArchive.cpp:
(WebCore::LegacyWebArchive::createResource): Use wrapCFData instead of CFDataGetBytePtr/GetLength,
which is both more efficient, and can handle null. Also fixed incorrect use of ParsedURLString,
since the string is coming from a file and so there are no guarantees about its format.

LayoutTests:

* webarchive/loading/missing-data-expected.txt: Added.
* webarchive/loading/missing-data.html: Added.
* webarchive/loading/resources/missing-data.webarchive: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@66562 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/webarchive/loading/missing-data-expected.txt [new file with mode: 0644]
LayoutTests/webarchive/loading/missing-data.html [new file with mode: 0644]
LayoutTests/webarchive/loading/resources/missing-data.webarchive [new file with mode: 0644]
WebCore/ChangeLog
WebCore/loader/archive/cf/LegacyWebArchive.cpp

index a6278c4..944d394 100644 (file)
@@ -1,3 +1,14 @@
+2010-08-31  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Null-deref when decoding web archive with no data key in LegacyWebArchive::createResource
+        https://bugs.webkit.org/show_bug.cgi?id=45000
+
+        * webarchive/loading/missing-data-expected.txt: Added.
+        * webarchive/loading/missing-data.html: Added.
+        * webarchive/loading/resources/missing-data.webarchive: Added.
+
 2010-08-31  Tony Chang  <tony@chromium.org>
 
         Unreviewed.  Add pngs for chromium linux results that have checksums.
diff --git a/LayoutTests/webarchive/loading/missing-data-expected.txt b/LayoutTests/webarchive/loading/missing-data-expected.txt
new file mode 100644 (file)
index 0000000..0985276
--- /dev/null
@@ -0,0 +1,6 @@
+main frame - didStartProvisionalLoadForFrame
+main frame - didCommitLoadForFrame
+main frame - willPerformClientRedirectToURL: resources/missing-data.webarchive 
+main frame - didFinishDocumentLoadForFrame
+main frame - didFinishLoadForFrame
+
diff --git a/LayoutTests/webarchive/loading/missing-data.html b/LayoutTests/webarchive/loading/missing-data.html
new file mode 100644 (file)
index 0000000..a54359a
--- /dev/null
@@ -0,0 +1,5 @@
+<script>
+    if (window.layoutTestController)
+        layoutTestController.dumpAsText();
+    window.location="resources/missing-data.webarchive";
+</script>
diff --git a/LayoutTests/webarchive/loading/resources/missing-data.webarchive b/LayoutTests/webarchive/loading/resources/missing-data.webarchive
new file mode 100644 (file)
index 0000000..315d91e
Binary files /dev/null and b/LayoutTests/webarchive/loading/resources/missing-data.webarchive differ
index 16fb327..34a5475 100644 (file)
@@ -1,3 +1,17 @@
+2010-08-31  Darin Adler  <darin@apple.com>
+
+        Reviewed by Sam Weinig.
+
+        Null-deref when decoding web archive with no data key in LegacyWebArchive::createResource
+        https://bugs.webkit.org/show_bug.cgi?id=45000
+
+        Test: webarchive/loading/missing-data.html
+
+        * loader/archive/cf/LegacyWebArchive.cpp:
+        (WebCore::LegacyWebArchive::createResource): Use wrapCFData instead of CFDataGetBytePtr/GetLength,
+        which is both more efficient, and can handle null. Also fixed incorrect use of ParsedURLString,
+        since the string is coming from a file and so there are no guarantees about its format.
+
 2010-08-31  Kenneth Russell  <kbr@google.com>
 
         Reviewed by Chris Marrin.
index 3a144c2..ea0ce74 100644 (file)
@@ -233,7 +233,7 @@ PassRefPtr<ArchiveResource> LegacyWebArchive::createResource(CFDictionaryRef dic
         response = createResourceResponseFromPropertyListData(resourceResponseData, resourceResponseVersion);
     }
     
-    return ArchiveResource::create(SharedBuffer::create(CFDataGetBytePtr(resourceData), CFDataGetLength(resourceData)), KURL(ParsedURLString, url), mimeType, textEncoding, frameName, response);
+    return ArchiveResource::create(SharedBuffer::wrapCFData(resourceData), KURL(KURL(), url), mimeType, textEncoding, frameName, response);
 }
 
 PassRefPtr<LegacyWebArchive> LegacyWebArchive::create()