[curl] Segfault in WebCore::CurlRequest::setupPOST
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Oct 2017 07:41:41 +0000 (07:41 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 19 Oct 2017 07:41:41 +0000 (07:41 +0000)
https://bugs.webkit.org/show_bug.cgi?id=178434

Patch by Basuke Suzuki <Basuke.Suzuki@sony.com> on 2017-10-19
Reviewed by Ryosuke Niwa.

* platform/network/curl/CurlRequest.cpp:
(WebCore::CurlRequest::resolveBlobReferences):
(WebCore::CurlRequest::setupPOST):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@223681 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/platform/network/curl/CurlRequest.cpp

index cc127ea..6640b85 100644 (file)
@@ -1,3 +1,14 @@
+2017-10-19  Basuke Suzuki  <Basuke.Suzuki@sony.com>
+
+        [curl] Segfault in WebCore::CurlRequest::setupPOST
+        https://bugs.webkit.org/show_bug.cgi?id=178434
+
+        Reviewed by Ryosuke Niwa.
+
+        * platform/network/curl/CurlRequest.cpp:
+        (WebCore::CurlRequest::resolveBlobReferences):
+        (WebCore::CurlRequest::setupPOST):
+
 2017-10-18  Ryosuke Niwa  <rniwa@webkit.org>
 
         Don't expose raw HTML in pasteboard to the web content
index 8d366c5..91ebd8d 100644 (file)
@@ -391,12 +391,12 @@ void CurlRequest::resolveBlobReferences(ResourceRequest& request)
 {
     ASSERT(isMainThread());
 
-    RefPtr<FormData> formData = request.httpBody();
-    if (!formData)
+    auto body = request.httpBody();
+    if (!body || body->isEmpty())
         return;
 
     // Resolve the blob elements so the formData can correctly report it's size.
-    formData = formData->resolveBlobReferences();
+    RefPtr<FormData> formData = body->resolveBlobReferences();
     request.setHTTPBody(WTFMove(formData));
 }
 
@@ -418,13 +418,17 @@ void CurlRequest::setupPOST(ResourceRequest& request)
 {
     m_curlHandle->enableHttpPostRequest();
 
-    auto numElements = request.httpBody()->elements().size();
+    auto body = request.httpBody();
+    if (!body || body->isEmpty())
+        return;
+
+    auto numElements = body->elements().size();
     if (!numElements)
         return;
 
     // Do not stream for simple POST data
     if (numElements == 1) {
-        m_postBuffer = request.httpBody()->flatten();
+        m_postBuffer = body->flatten();
         if (m_postBuffer.size())
             m_curlHandle->setPostFields(m_postBuffer.data(), m_postBuffer.size());
     } else