https://bugs.webkit.org/show_bug.cgi?id=143745
<rdar://problem/
20243916>
Reviewed by Joseph Pecoraro.
Source/JavaScriptCore:
Add assertion in ContentSearchUtilities::findMagicComment() to make
sure the content String is not null or we would crash in
JSC::Yarr::interpret() later.
* inspector/ContentSearchUtilities.cpp:
(Inspector::ContentSearchUtilities::findMagicComment):
Source/WebCore:
After r180020, we are stricter and no longer accept CSS resources that
are not served with a CSS MIME type. Showing Web inspector on a page
with such bad resource would crash because
InspectorPageAgent::cachedResourceContent() would return true but
the result String would be null. This null String would then later
be passed to the Yarr interpreter and crash on a String::is8Bit()
call.
cachedResourceContent() calls CachedCSSStyleSheet::sheetText(). Before
r180020, it would return the text, even if the MIME type was incorrect.
However, this is no longer the case and we now need to make sure that
cachedResourceContent() returns false if sheetText() returns a null
String.
Test: http/tests/inspector/css/bad-mime-type.html
* inspector/InspectorPageAgent.cpp:
(WebCore::InspectorPageAgent::cachedResourceContent):
LayoutTests:
Add layout test that shows the Web inspector on a page that has
a stylesheet with an invalid MIME type, to make sure we don't
crash.
* http/tests/inspector/css/bad-mime-type-expected.txt: Added.
* http/tests/inspector/css/bad-mime-type.html: Added.
* http/tests/misc/css-accept-any-type.html:
* http/tests/misc/css-reject-any-type-in-strict-mode.html:
* http/tests/misc/resources/stylesheet-bad-mime-type.php: Renamed from LayoutTests/http/tests/misc/resources/stylesheet.php.
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@182829
268f45cc-cd09-0410-ab3c-
d52691b4dbfc
+2015-04-14 Chris Dumez <cdumez@apple.com>
+
+ Regression(r180020): Web Inspector crashes on pages that have a stylesheet with an invalid MIME type
+ https://bugs.webkit.org/show_bug.cgi?id=143745
+ <rdar://problem/20243916>
+
+ Reviewed by Joseph Pecoraro.
+
+ Add layout test that shows the Web inspector on a page that has
+ a stylesheet with an invalid MIME type, to make sure we don't
+ crash.
+
+ * http/tests/inspector/css/bad-mime-type-expected.txt: Added.
+ * http/tests/inspector/css/bad-mime-type.html: Added.
+ * http/tests/misc/css-accept-any-type.html:
+ * http/tests/misc/css-reject-any-type-in-strict-mode.html:
+ * http/tests/misc/resources/stylesheet-bad-mime-type.php: Renamed from LayoutTests/http/tests/misc/resources/stylesheet.php.
+
2015-04-14 Brady Eidson <beidson@apple.com>
Make sure media element loads hit content filter extensions.
--- /dev/null
+Tests that showing Web Inspector on a page that has a stylesheet with an invalid MIME type does not crash.
+
+This test passes if it does not crash.
--- /dev/null
+<!DOCTYPE html>
+<html>
+<head>
+<script type="text/javascript" src="../inspector-test.js"></script>
+
+<!-- This stylesheet is served with an invalid MIME type -->
+<link rel="stylesheet" href="/misc/resources/stylesheet-bad-mime-type.php">
+
+<script>
+function test()
+{
+ InspectorTest.completeTest();
+}
+</script>
+</head>
+<body onload="runTest()">
+<p>Tests that showing Web Inspector on a page that has a stylesheet with an invalid MIME type does not crash.</p>
+<p>This test passes if it does not crash.</p>
+</body>
+</html>
<html>
<head>
<title></title>
- <link rel="stylesheet" href="resources/stylesheet.php">
+ <link rel="stylesheet" href="resources/stylesheet-bad-mime-type.php">
<script>
function test()
{
<html>
<head>
<title></title>
- <link rel="stylesheet" href="resources/stylesheet.php">
+ <link rel="stylesheet" href="resources/stylesheet-bad-mime-type.php">
<script>
function test()
{
+2015-04-14 Chris Dumez <cdumez@apple.com>
+
+ Regression(r180020): Web Inspector crashes on pages that have a stylesheet with an invalid MIME type
+ https://bugs.webkit.org/show_bug.cgi?id=143745
+ <rdar://problem/20243916>
+
+ Reviewed by Joseph Pecoraro.
+
+ Add assertion in ContentSearchUtilities::findMagicComment() to make
+ sure the content String is not null or we would crash in
+ JSC::Yarr::interpret() later.
+
+ * inspector/ContentSearchUtilities.cpp:
+ (Inspector::ContentSearchUtilities::findMagicComment):
+
2015-04-14 Michael Saboff <msaboff@apple.com>
DFG register fillSpeculate*() functions should validate incoming spill format is compatible with requested fill format
static String findMagicComment(const String& content, const String& patternString)
{
+ ASSERT(!content.isNull());
const char* error = nullptr;
JSC::Yarr::YarrPattern pattern(patternString, false, true, &error);
ASSERT(!error);
+2015-04-14 Chris Dumez <cdumez@apple.com>
+
+ Regression(r180020): Web Inspector crashes on pages that have a stylesheet with an invalid MIME type
+ https://bugs.webkit.org/show_bug.cgi?id=143745
+ <rdar://problem/20243916>
+
+ Reviewed by Joseph Pecoraro.
+
+ After r180020, we are stricter and no longer accept CSS resources that
+ are not served with a CSS MIME type. Showing Web inspector on a page
+ with such bad resource would crash because
+ InspectorPageAgent::cachedResourceContent() would return true but
+ the result String would be null. This null String would then later
+ be passed to the Yarr interpreter and crash on a String::is8Bit()
+ call.
+
+ cachedResourceContent() calls CachedCSSStyleSheet::sheetText(). Before
+ r180020, it would return the text, even if the MIME type was incorrect.
+ However, this is no longer the case and we now need to make sure that
+ cachedResourceContent() returns false if sheetText() returns a null
+ String.
+
+ Test: http/tests/inspector/css/bad-mime-type.html
+
+ * inspector/InspectorPageAgent.cpp:
+ (WebCore::InspectorPageAgent::cachedResourceContent):
+
2015-04-14 Said Abou-Hallawa <sabouhallawa@apple.com>
textPath layout performance improvement.
if (cachedResource) {
switch (cachedResource->type()) {
case CachedResource::CSSStyleSheet:
+ // This can return a null String if the MIME type is invalid.
*result = downcast<CachedCSSStyleSheet>(*cachedResource).sheetText();
- return true;
+ return !result->isNull();
case CachedResource::Script:
*result = downcast<CachedScript>(*cachedResource).script();
return true;