Crash after trying to use FileReader in a document with null origin string
authorap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Feb 2012 04:18:00 +0000 (04:18 +0000)
committerap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 16 Feb 2012 04:18:00 +0000 (04:18 +0000)
https://bugs.webkit.org/show_bug.cgi?id=78649

Reviewed by Enrica Casucci.

Source/WebCore:

Test: fast/files/null-origin-string.html

* fileapi/FileReaderLoader.cpp: (WebCore::FileReaderLoader::~FileReaderLoader):
HashMaps don't like empty keys, and they don't like removing keys that have never been added.

LayoutTests:

* fast/files/null-origin-string-expected.txt: Added.
* fast/files/null-origin-string.html: Added.

Dragging files is only implemented on a few platforms. Brought some order to skipped files
for these tests:

* platform/mac/Skipped: Bug 45576 has been fixed long ago; unskip the test.

* platform/efl/Skipped:
* platform/qt/Skipped:
Skipped the new tests.

* platform/gtk-wk2/Skipped:
* platform/mac-wk2/Skipped:
* platform/win-wk2/Skipped:
* platform/wk2/Skipped:
Skipped the new tests, and moved other tests using eventSender.beginDragWithFiles to a
central location. No WK2 port implements these yet, so we needn't maintain the lists
separately.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@107879 268f45cc-cd09-0410-ab3c-d52691b4dbfc

12 files changed:
LayoutTests/ChangeLog
LayoutTests/fast/files/null-origin-string-expected.txt [new file with mode: 0644]
LayoutTests/fast/files/null-origin-string.html [new file with mode: 0644]
LayoutTests/platform/efl/Skipped
LayoutTests/platform/gtk-wk2/Skipped
LayoutTests/platform/mac-wk2/Skipped
LayoutTests/platform/mac/Skipped
LayoutTests/platform/qt/Skipped
LayoutTests/platform/win-wk2/Skipped
LayoutTests/platform/wk2/Skipped
Source/WebCore/ChangeLog
Source/WebCore/fileapi/FileReaderLoader.cpp

index 1ad5f03..2bb49ba 100644 (file)
@@ -1,3 +1,30 @@
+2012-02-15  Alexey Proskuryakov  <ap@apple.com>
+
+        Crash after trying to use FileReader in a document with null origin string
+        https://bugs.webkit.org/show_bug.cgi?id=78649
+
+        Reviewed by Enrica Casucci.
+
+        * fast/files/null-origin-string-expected.txt: Added.
+        * fast/files/null-origin-string.html: Added.
+
+        Dragging files is only implemented on a few platforms. Brought some order to skipped files
+        for these tests:
+
+        * platform/mac/Skipped: Bug 45576 has been fixed long ago; unskip the test.
+
+        * platform/efl/Skipped:
+        * platform/qt/Skipped:
+        Skipped the new tests.
+
+        * platform/gtk-wk2/Skipped:
+        * platform/mac-wk2/Skipped:
+        * platform/win-wk2/Skipped:
+        * platform/wk2/Skipped:
+        Skipped the new tests, and moved other tests using eventSender.beginDragWithFiles to a 
+        central location. No WK2 port implements these yet, so we needn't maintain the lists
+        separately.
+
 2012-02-15  Noel Gordon  <noel.gordon@gmail.com>
 
         [chromium] Rebaseline JPEG image results after r107389
diff --git a/LayoutTests/fast/files/null-origin-string-expected.txt b/LayoutTests/fast/files/null-origin-string-expected.txt
new file mode 100644 (file)
index 0000000..a117861
--- /dev/null
@@ -0,0 +1,2 @@
+CONSOLE MESSAGE: line 1: Started reading...
+PASS if no crash.
diff --git a/LayoutTests/fast/files/null-origin-string.html b/LayoutTests/fast/files/null-origin-string.html
new file mode 100644 (file)
index 0000000..1f99e1e
--- /dev/null
@@ -0,0 +1,34 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script> /* This script will be executed in a subframe. */
+function runTest()
+{
+    eventSender.beginDragWithFiles(['resources/UTF8.txt']);
+    eventSender.mouseMoveTo(20, 20);
+    eventSender.mouseUp();
+}
+
+function onInputFileChange()
+{
+    var file = document.getElementById('file').files[0];
+    var reader = new FileReader();
+    reader.readAsText(file);
+    console.log('Started reading...');
+
+    top.location = 'data:text/html,<p>PASS if no crash.</p><script>layoutTestController.notifyDone()</scr' + 'ipt>';
+}
+</script>
+
+<script>
+if (window.eventSender) {
+    layoutTestController.dumpAsText();
+    layoutTestController.waitUntilDone();
+}
+document.write('<iframe src="data:text/html,<input type=file id=file onchange=\'onInputFileChange()\'><script>' + document.getElementsByTagName("script")[0].innerText + 'runTest()</scr' + 'ipt>" style="left:0px;top:0px"></iframe>');
+</script>
+
+<p>Test that using FileReader from a document with unique origin doesn't cause a crash.</p>
+<p>If testing manually, please drop a file on an input above.</p>
+</body>
+</html>
index 8acaf56..9b155e9 100644 (file)
@@ -76,6 +76,7 @@ fast/files/apply-blob-url-to-img.html
 fast/files/apply-blob-url-to-xhr.html
 fast/files/file-reader-abort.html
 fast/files/file-reader-event-listener.html
+fast/files/null-origin-string.html
 fast/files/read-blob-async.html
 fast/files/read-file-async.html
 fast/files/workers/worker-apply-blob-url-to-xhr.html
index b51e69e..6e40588 100644 (file)
@@ -268,34 +268,6 @@ http/tests/security/drag-over-remote-content-iframe.html
 http/tests/security/resources/drag-drop-allowed.html
 http/tests/misc/bubble-drag-events.html
 
-# Implement eventSender.beginDragWithFiles support
-# https://bugs.webkit.org/show_bug.cgi?id=64285
-editing/pasteboard/file-drag-to-editable.html
-editing/pasteboard/file-input-files-access.html
-fast/dom/Window/window-postmessage-clone-frames.html
-fast/events/drag-file-crash.html
-fast/events/drag-to-navigate.html
-fast/events/dropzone-004.html
-fast/events/prevent-drag-to-navigate.html
-fast/files/apply-blob-url-to-img.html
-fast/files/file-reader-abort.html
-fast/forms/file/get-file-upload.html
-fast/forms/file/input-file-re-render.html
-http/tests/local/fileapi/file-last-modified.html
-http/tests/local/fileapi/send-dragged-file.html
-http/tests/local/formdata/form-data-with-unknown-file-extension.html
-http/tests/local/formdata/send-form-data.html
-http/tests/local/formdata/send-form-data-constructed-from-form.html
-http/tests/local/formdata/send-form-data-with-sliced-file.html
-http/tests/local/formdata/upload-events.html
-http/tests/security/clipboard/clipboard-file-access.html
-fast/files/workers/worker-read-blob-async.html
-fast/files/workers/worker-read-blob-sync.html
-fast/files/workers/worker-read-file-async.html
-fast/files/workers/worker-read-file-sync.html
-fast/files/read-blob-async.html
-fast/files/read-file-async.html
-
 # Implement layoutTestController.setPopupBlockingEnabled and
 # eventSender.scheduleAsynchronousClick support
 fast/events/popup-blocking-click-in-iframe.html
index 99e5c89..6d32697 100644 (file)
@@ -60,7 +60,6 @@ editing/pasteboard/drop-text-events.html
 editing/pasteboard/drop-text-without-selection.html
 editing/pasteboard/emacs-cntl-y-001.html
 editing/pasteboard/emacs-ctrl-k-y-001.html
-editing/pasteboard/file-input-files-access.html
 editing/pasteboard/files-during-page-drags.html
 editing/pasteboard/get-data-text-plain-drop.html
 editing/pasteboard/smart-drag-drop.html
@@ -111,7 +110,6 @@ editing/spelling/spellcheck-paste.html
 editing/undo/undo-smart-delete-reversed-selection.html
 fast/block/positioning/hittest-on-relative-positioned-children.html
 fast/css/user-drag-none.html
-fast/dom/Window/window-postmessage-clone-frames.html
 fast/dom/Window/window-postmessage-clone.html
 fast/dom/vertical-scrollbar-in-rtl.html
 fast/dynamic/layer-hit-test-crash.html
@@ -133,14 +131,11 @@ fast/events/dblclick-addEventListener.html
 fast/events/drag-and-drop-dataTransfer-types-nocrash.html
 fast/events/drag-and-drop-fire-drag-dragover.html
 fast/events/drag-and-drop.html
-fast/events/drag-file-crash.html
 fast/events/drag-in-frames.html
 fast/events/drag-parent-node.html
-fast/events/drag-to-navigate.html
 fast/events/dropzone-001.html
 fast/events/dropzone-002.html
 fast/events/dropzone-003.html
-fast/events/dropzone-004.html
 fast/events/dropzone-005.html
 fast/events/keydown-numpad-keys.html
 fast/events/mouse-click-events.html
@@ -150,7 +145,6 @@ fast/events/ondragenter.html
 fast/events/open-window-from-another-frame.html
 fast/events/popup-blocking-click-in-iframe.html
 fast/events/popup-when-select-change.html
-fast/events/prevent-drag-to-navigate.html
 fast/events/right-click-focus.html
 fast/events/scroll-after-click-on-tab-index.html
 fast/events/selectstart-by-drag.html
@@ -159,10 +153,6 @@ fast/events/standalone-image-drag-to-editable.html
 fast/events/wheelevent-in-horizontal-scrollbar-in-rtl.html
 fast/events/wheelevent-in-vertical-scrollbar-in-rtl.html
 fast/events/wheelevent-direction-inverted-from-device.html
-fast/files/apply-blob-url-to-xhr.html
-fast/files/file-reader-abort.html
-fast/files/read-blob-async.html
-fast/files/read-file-async.html
 fast/forms/drag-into-textarea.html
 fast/forms/drag-out-of-textarea.html
 fast/forms/get-file-upload.html
@@ -182,16 +172,8 @@ fast/repaint/repaint-across-writing-mode-boundary.html
 fast/repaint/selection-rl.html
 http/tests/local/blob/send-hybrid-blob.html
 http/tests/local/drag-over-remote-content.html
-http/tests/local/fileapi/file-last-modified.html
-http/tests/local/fileapi/send-dragged-file.html
 http/tests/local/fileapi/send-sliced-dragged-file.html
-http/tests/local/formdata/form-data-with-unknown-file-extension.html
-http/tests/local/formdata/send-form-data-constructed-from-form.html
-http/tests/local/formdata/send-form-data-with-sliced-file.html
-http/tests/local/formdata/send-form-data.html
-http/tests/local/formdata/upload-events.html
 http/tests/misc/bubble-drag-events.html
-http/tests/security/clipboard/clipboard-file-access.html
 http/tests/security/dataTransfer-set-data-file-url.html
 http/tests/security/drag-drop-same-unique-origin.html
 http/tests/security/drag-over-remote-content-iframe.html
index 0cc145b..33f419b 100644 (file)
@@ -279,10 +279,6 @@ http/tests/inspector/compiler-source-mapping-debug.html
 # https://bugs.webkit.org/show_bug.cgi?id=43960
 scrollbars/custom-scrollbar-with-incomplete-style.html
 
-# Timeout on Leopard only.
-# https://bugs.webkit.org/show_bug.cgi?id=45576
-fast/files/apply-blob-url-to-img.html
-
 # Crash due to r66850.
 # https://bugs.webkit.org/show_bug.cgi?id=45575
 fast/files/workers
index b32d281..27cdc91 100644 (file)
@@ -368,6 +368,7 @@ fast/files/apply-blob-url-to-img.html
 fast/files/apply-blob-url-to-xhr.html
 fast/files/file-reader-abort.html
 fast/files/file-reader-event-listener.html
+fast/files/null-origin-string.html
 fast/files/read-blob-async.html
 fast/files/read-file-async.html
 fast/files/workers/worker-apply-blob-url-to-xhr.html
index 0fb90a9..a284368 100644 (file)
@@ -93,7 +93,6 @@ editing/pasteboard/drop-text-without-selection.html
 editing/pasteboard/emacs-cntl-y-001.html
 editing/pasteboard/emacs-ctrl-a-k-y.html
 editing/pasteboard/emacs-ctrl-k-y-001.html
-editing/pasteboard/file-input-files-access.html
 editing/pasteboard/files-during-page-drags.html
 editing/pasteboard/get-data-text-plain-drop.html
 editing/pasteboard/paste-before-tab-span.html
@@ -162,7 +161,6 @@ editing/undo/undo-smart-delete-word.html
 fast/block/positioning/hittest-on-relative-positioned-children.html
 fast/css/user-drag-none.html
 fast/dom/HTMLSelectElement/click-size-zero-no-crash.html
-fast/dom/Window/window-postmessage-clone-frames.html
 fast/dom/Window/window-postmessage-clone.html
 fast/dom/hidden-iframe-no-focus.html
 fast/dom/horizontal-scrollbar-in-rtl.html
@@ -193,14 +191,11 @@ fast/events/dblclick-addEventListener.html
 fast/events/drag-and-drop-dataTransfer-types-nocrash.html
 fast/events/drag-and-drop-fire-drag-dragover.html
 fast/events/drag-and-drop.html
-fast/events/drag-file-crash.html
 fast/events/drag-in-frames.html
 fast/events/drag-parent-node.html
-fast/events/drag-to-navigate.html
 fast/events/dropzone-001.html
 fast/events/dropzone-002.html
 fast/events/dropzone-003.html
-fast/events/dropzone-004.html
 fast/events/dropzone-005.html
 fast/events/event-input-contentEditable.html
 fast/events/focus-change-crash.html
@@ -237,7 +232,6 @@ fast/events/open-window-from-another-frame.html
 fast/events/platform-wheelevent-in-scrolling-div.html
 fast/events/popup-blocking-click-in-iframe.html
 fast/events/popup-when-select-change.html
-fast/events/prevent-drag-to-navigate.html
 fast/events/recorded-keydown-event.html
 fast/events/remove-child-onscroll.html
 fast/events/right-click-focus.html
@@ -261,12 +255,7 @@ fast/events/tabindex-focus-chain.html
 fast/events/wheelevent-in-horizontal-scrollbar-in-rtl.html
 fast/events/wheelevent-in-vertical-scrollbar-in-rtl.html
 fast/events/zoom-dblclick.html
-fast/files/apply-blob-url-to-img.html
-fast/files/apply-blob-url-to-xhr.html
 fast/files/domurl-script-execution-context-crash.html
-fast/files/file-reader-abort.html
-fast/files/read-blob-async.html
-fast/files/read-file-async.html
 fast/forms/access-key.html
 fast/forms/button-enter-click.html
 fast/forms/button-spacebar-click.html
@@ -361,20 +350,12 @@ fullscreen/full-screen-keyboard-disabled.html
 fullscreen/full-screen-keyboard-enabled.html
 http/tests/local/blob/send-hybrid-blob.html
 http/tests/local/drag-over-remote-content.html
-http/tests/local/fileapi/file-last-modified.html
-http/tests/local/fileapi/send-dragged-file.html
 http/tests/local/fileapi/send-sliced-dragged-file.html
-http/tests/local/formdata/form-data-with-unknown-file-extension.html
-http/tests/local/formdata/send-form-data-constructed-from-form.html
-http/tests/local/formdata/send-form-data-with-sliced-file.html
-http/tests/local/formdata/send-form-data.html
-http/tests/local/formdata/upload-events.html
 http/tests/misc/bubble-drag-events.html
 http/tests/misc/isindex-with-no-form-base-href.html
 http/tests/misc/isindex-with-no-form.html
 http/tests/navigation/no-referrer-reset.html
 http/tests/navigation/no-referrer-target-blank.html
-http/tests/security/clipboard/clipboard-file-access.html
 http/tests/security/dataTransfer-set-data-file-url.html
 http/tests/security/drag-drop-same-unique-origin.html
 http/tests/security/drag-over-remote-content-iframe.html
index ea9ad0e..fab7474 100644 (file)
@@ -1335,10 +1335,37 @@ platform/mac/fast/events/objc-event-api.html
 
 # WebKitTestRunner needs an implementation of eventSender.beginDragWithFiles
 # https://bugs.webkit.org/show_bug.cgi?id=64285
+editing/pasteboard/file-drag-to-editable.html
+editing/pasteboard/file-input-files-access.html
+fast/dom/Window/window-postmessage-clone-frames.html
+fast/events/drag-file-crash.html
+fast/events/drag-to-navigate.html
+fast/events/dropzone-004.html
+fast/events/prevent-drag-to-navigate.html
+fast/files/apply-blob-url-to-img.html
+fast/files/apply-blob-url-to-xhr.html
+fast/files/file-reader-abort.html
+fast/files/file-reader-event-listener.html
+fast/files/null-origin-string.html
+fast/files/read-blob-async.html
+fast/files/read-file-async.html
+fast/files/workers/worker-apply-blob-url-to-xhr.html
+fast/files/workers/worker-read-blob-async.html
+fast/files/workers/worker-read-blob-sync.html
+fast/files/workers/worker-read-file-async.html
+fast/files/workers/worker-read-file-sync.html
 fast/forms/file/file-input-change-event.html
 fast/forms/file/file-input-reset.html
 fast/forms/file/get-file-upload.html
 fast/forms/file/input-file-re-render.html
+http/tests/local/fileapi/file-last-modified.html
+http/tests/local/fileapi/send-dragged-file.html
+http/tests/local/formdata/form-data-with-unknown-file-extension.html
+http/tests/local/formdata/send-form-data-constructed-from-form.html
+http/tests/local/formdata/send-form-data-with-sliced-file.html
+http/tests/local/formdata/send-form-data.html
+http/tests/local/formdata/upload-events.html
+http/tests/security/clipboard/clipboard-file-access.html
 
 # WebKitTestRunner doesn't have eventSender.fireKeyboardEventsToElement
 platform/mac/fast/events/objc-keyboard-event-creation.html
index d102989..8631697 100644 (file)
@@ -1,3 +1,15 @@
+2012-02-15  Alexey Proskuryakov  <ap@apple.com>
+
+        Crash after trying to use FileReader in a document with null origin string
+        https://bugs.webkit.org/show_bug.cgi?id=78649
+
+        Reviewed by Enrica Casucci.
+
+        Test: fast/files/null-origin-string.html
+
+        * fileapi/FileReaderLoader.cpp: (WebCore::FileReaderLoader::~FileReaderLoader):
+        HashMaps don't like empty keys, and they don't like removing keys that have never been added.
+
 2012-02-15  Anders Carlsson  <andersca@apple.com>
 
         Attempt to fix the Snow Leopard build.
index 5fb6061..e55149a 100644 (file)
@@ -68,7 +68,8 @@ FileReaderLoader::FileReaderLoader(ReadType readType, FileReaderLoaderClient* cl
 FileReaderLoader::~FileReaderLoader()
 {
     terminate();
-    ThreadableBlobRegistry::unregisterBlobURL(m_urlForReading);
+    if (!m_urlForReading.isEmpty())
+        ThreadableBlobRegistry::unregisterBlobURL(m_urlForReading);
 }
 
 void FileReaderLoader::start(ScriptExecutionContext* scriptExecutionContext, Blob* blob)