Crash in CachedRawResource::canReuse() when reloading http://dnd.wizards.com/dungeons...
authorcdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 29 Oct 2014 07:58:59 +0000 (07:58 +0000)
committercdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Wed, 29 Oct 2014 07:58:59 +0000 (07:58 +0000)
https://bugs.webkit.org/show_bug.cgi?id=138164

Reviewed by Andreas Kling.

Source/WebCore:

This patch fixes a crash when reloading the following URL:
http://dnd.wizards.com/dungeons-and-dragons/story

We were crashing in CachedRawResource::canReuse() because header.key
would sometimes be a null String and we would call
HashMap::get(nullString).

The real issue was that header.key was null in the first place, which
means that even though the HTTPHeaderMap iterator is valid, it->key
is a null String, which should never happen. There was a bug in the
HTTPHeaderMapConstIterator() constructor that would cause the
iterator key/value pair to not get initialized if the HTTPHeaderMap
contained *only* uncommon HTTP headers. This patch updates the
constructor so that we fall back to updating the key/value from the
uncommon header map, if we failed to initialized from the common
header map (because it was empty).

Test: http/tests/cache/xhr-uncommon-header.html

* platform/network/HTTPHeaderMap.h:
(WebCore::HTTPHeaderMap::HTTPHeaderMapConstIterator::HTTPHeaderMapConstIterator):

LayoutTests:

Add a layout test that does XHR loads from cache with only uncommon
HTTP headers to reproduce a crash in CachedRawResource::canReuse()
when iterating over a HTTPHeaderMap that had uncommon HTTP headers
but no common ones.

* http/tests/cache/xhr-uncommon-header-expected.txt: Added.
* http/tests/cache/xhr-uncommon-header.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@175312 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/http/tests/cache/xhr-uncommon-header-expected.txt [new file with mode: 0644]
LayoutTests/http/tests/cache/xhr-uncommon-header.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/platform/network/HTTPHeaderMap.h

index c918efc..01dc17c 100644 (file)
@@ -1,3 +1,18 @@
+2014-10-29  Chris Dumez  <cdumez@apple.com>
+
+        Crash in CachedRawResource::canReuse() when reloading http://dnd.wizards.com/dungeons-and-dragons/story
+        https://bugs.webkit.org/show_bug.cgi?id=138164
+
+        Reviewed by Andreas Kling.
+
+        Add a layout test that does XHR loads from cache with only uncommon
+        HTTP headers to reproduce a crash in CachedRawResource::canReuse()
+        when iterating over a HTTPHeaderMap that had uncommon HTTP headers
+        but no common ones.
+
+        * http/tests/cache/xhr-uncommon-header-expected.txt: Added.
+        * http/tests/cache/xhr-uncommon-header.html: Added.
+
 2014-10-28  Benjamin Poulain  <benjamin@webkit.org>
 
         CSS4 Selectors: Add the pseudo class :any-link
diff --git a/LayoutTests/http/tests/cache/xhr-uncommon-header-expected.txt b/LayoutTests/http/tests/cache/xhr-uncommon-header-expected.txt
new file mode 100644 (file)
index 0000000..ba0907c
--- /dev/null
@@ -0,0 +1,11 @@
+Test that we don't crash on xhr loads from cache with only uncommon HTTP headers
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+load
+load
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/http/tests/cache/xhr-uncommon-header.html b/LayoutTests/http/tests/cache/xhr-uncommon-header.html
new file mode 100644 (file)
index 0000000..e705527
--- /dev/null
@@ -0,0 +1,26 @@
+<script src="/js-test-resources/js-test-pre.js"></script>
+<body>
+<script type="text/javascript">
+description("Test that we don't crash on xhr loads from cache with only uncommon HTTP headers");
+jsTestIsAsync = true;
+
+function repeat() {
+    var request2 = new XMLHttpRequest();
+    request2.addEventListener("load", function() { debug("load"); finishJSTest(); }, false);
+    request2.addEventListener("error", function() { debug("error"); finishJSTest(); }, false);
+    request2.addEventListener("abort", function() { debug("abort"); finishJSTest(); }, false);
+    request2.open("GET", "resources/empty.txt", true);
+    request2.setRequestHeader("X-Custom1", "test1");
+    request2.send();
+}
+
+var request = new XMLHttpRequest();
+request.addEventListener("load", function() { debug("load"); repeat(); }, false);
+request.addEventListener("error", function() { debug("error"); repeat(); }, false);
+request.addEventListener("abort", function() { debug("abort"); repeat(); }, false);
+request.open("GET", "resources/empty.txt", true);
+request.setRequestHeader("X-Custom1", "test1");
+request.send();
+</script>
+<script src="/js-test-resources/js-test-post.js"></script>
+</body>
index 4f0cb88..1a788cc 100644 (file)
@@ -1,3 +1,32 @@
+2014-10-29  Chris Dumez  <cdumez@apple.com>
+
+        Crash in CachedRawResource::canReuse() when reloading http://dnd.wizards.com/dungeons-and-dragons/story
+        https://bugs.webkit.org/show_bug.cgi?id=138164
+
+        Reviewed by Andreas Kling.
+
+        This patch fixes a crash when reloading the following URL:
+        http://dnd.wizards.com/dungeons-and-dragons/story
+
+        We were crashing in CachedRawResource::canReuse() because header.key
+        would sometimes be a null String and we would call
+        HashMap::get(nullString).
+
+        The real issue was that header.key was null in the first place, which
+        means that even though the HTTPHeaderMap iterator is valid, it->key
+        is a null String, which should never happen. There was a bug in the
+        HTTPHeaderMapConstIterator() constructor that would cause the
+        iterator key/value pair to not get initialized if the HTTPHeaderMap
+        contained *only* uncommon HTTP headers. This patch updates the
+        constructor so that we fall back to updating the key/value from the
+        uncommon header map, if we failed to initialized from the common
+        header map (because it was empty).
+
+        Test: http/tests/cache/xhr-uncommon-header.html
+
+        * platform/network/HTTPHeaderMap.h:
+        (WebCore::HTTPHeaderMap::HTTPHeaderMapConstIterator::HTTPHeaderMapConstIterator):
+
 2014-10-28  Benjamin Poulain  <benjamin@webkit.org>
 
         CSS4 Selectors: Add the pseudo class :any-link
index cc112c4..6b358d9 100644 (file)
@@ -57,7 +57,8 @@ public:
             , m_commonHeadersIt(commonHeadersIt)
             , m_uncommonHeadersIt(uncommonHeadersIt)
         {
-            updateKeyValue(m_commonHeadersIt);
+            if (!updateKeyValue(m_commonHeadersIt))
+                updateKeyValue(m_uncommonHeadersIt);
         }
 
         struct KeyValue {