WKURLSchemeHandler crashes when sent errors with sync XHR
authorcommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 9 Aug 2018 21:43:48 +0000 (21:43 +0000)
committercommit-queue@webkit.org <commit-queue@webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 9 Aug 2018 21:43:48 +0000 (21:43 +0000)
https://bugs.webkit.org/show_bug.cgi?id=188358

Patch by Alex Christensen <achristensen@webkit.org> on 2018-08-09
Reviewed by Chris Dumez.

Source/WebKit:

* UIProcess/WebURLSchemeTask.cpp:
(WebKit::WebURLSchemeTask::didReceiveData):
(WebKit::WebURLSchemeTask::didComplete):
* UIProcess/WebURLSchemeTask.h:

Tools:

* TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
(-[SyncErrorScheme webView:startURLSchemeTask:]):
(-[SyncErrorScheme webView:stopURLSchemeTask:]):
(-[SyncErrorScheme webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@234735 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog
Source/WebKit/UIProcess/WebURLSchemeTask.cpp
Source/WebKit/UIProcess/WebURLSchemeTask.h
Tools/ChangeLog
Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm

index 8d0f9a4..f303b13 100644 (file)
@@ -1,3 +1,15 @@
+2018-08-09  Alex Christensen  <achristensen@webkit.org>
+
+        WKURLSchemeHandler crashes when sent errors with sync XHR
+        https://bugs.webkit.org/show_bug.cgi?id=188358
+
+        Reviewed by Chris Dumez.
+
+        * UIProcess/WebURLSchemeTask.cpp:
+        (WebKit::WebURLSchemeTask::didReceiveData):
+        (WebKit::WebURLSchemeTask::didComplete):
+        * UIProcess/WebURLSchemeTask.h:
+
 2018-08-09  Sihui Liu  <sihui_liu@apple.com>
 
         REGRESSION (r232083): WKWebView loses first-party cookies on iOS
index 7b247cc..d576a14 100644 (file)
@@ -96,7 +96,7 @@ auto WebURLSchemeTask::didReceiveResponse(const ResourceResponse& response) -> E
     return ExceptionType::None;
 }
 
-auto WebURLSchemeTask::didReceiveData(Ref<SharedBuffer> buffer) -> ExceptionType
+auto WebURLSchemeTask::didReceiveData(Ref<SharedBuffer>&& buffer) -> ExceptionType
 {
     if (m_stopped)
         return ExceptionType::TaskAlreadyStopped;
@@ -110,9 +110,10 @@ auto WebURLSchemeTask::didReceiveData(Ref<SharedBuffer> buffer) -> ExceptionType
     m_dataSent = true;
 
     if (isSync()) {
-        if (!m_syncData)
-            m_syncData = SharedBuffer::create();
-        m_syncData->append(buffer);
+        if (m_syncData)
+            m_syncData->append(buffer);
+        else
+            m_syncData = WTFMove(buffer);
     }
 
     m_page->send(Messages::WebPage::URLSchemeTaskDidReceiveData(m_urlSchemeHandler->identifier(), m_identifier, IPC::SharedBufferDataReference(buffer.ptr())));
@@ -133,7 +134,10 @@ auto WebURLSchemeTask::didComplete(const ResourceError& error) -> ExceptionType
     m_completed = true;
     
     if (isSync()) {
-        m_syncCompletionHandler(m_syncResponse, error, IPC::DataReference { (const uint8_t*)m_syncData->data(), m_syncData->size() });
+        IPC::DataReference data;
+        if (m_syncData)
+            data = { reinterpret_cast<const uint8_t*>(m_syncData->data()), m_syncData->size() };
+        m_syncCompletionHandler(m_syncResponse, error, data);
         m_syncData = nullptr;
     }
 
index ad81dd5..415f7f3 100644 (file)
@@ -70,7 +70,7 @@ public:
     };
     ExceptionType didPerformRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&&);
     ExceptionType didReceiveResponse(const WebCore::ResourceResponse&);
-    ExceptionType didReceiveData(Ref<WebCore::SharedBuffer>);
+    ExceptionType didReceiveData(Ref<WebCore::SharedBuffer>&&);
     ExceptionType didComplete(const WebCore::ResourceError&);
 
     void stop();
index b4d2264..169ad6a 100644 (file)
@@ -1,3 +1,15 @@
+2018-08-09  Alex Christensen  <achristensen@webkit.org>
+
+        WKURLSchemeHandler crashes when sent errors with sync XHR
+        https://bugs.webkit.org/show_bug.cgi?id=188358
+
+        Reviewed by Chris Dumez.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
+        (-[SyncErrorScheme webView:startURLSchemeTask:]):
+        (-[SyncErrorScheme webView:stopURLSchemeTask:]):
+        (-[SyncErrorScheme webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
+
 2018-08-09  Per Arne Vollan  <pvollan@apple.com>
 
         REGRESSION(r234652): fast/scrolling/rtl-scrollbars-animation-property.html is failing
index f0e6897..281fef2 100644 (file)
@@ -538,5 +538,49 @@ TEST(URLSchemeHandler, SyncXHR)
     TestWebKitAPI::Util::run(&receivedStop);
 }
 
+@interface SyncErrorScheme : NSObject <WKURLSchemeHandler, WKUIDelegate>
+@end
+
+@implementation SyncErrorScheme
+
+- (void)webView:(WKWebView *)webView startURLSchemeTask:(id <WKURLSchemeTask>)task
+{
+    if ([task.request.URL.absoluteString isEqualToString:@"syncerror:///main.html"]) {
+        static const char* bytes = "<script>var xhr=new XMLHttpRequest();xhr.open('GET','subresource',false);try{xhr.send(null);alert('no error')}catch(e){alert(e)}</script>";
+        [task didReceiveResponse:[[[NSURLResponse alloc] initWithURL:task.request.URL MIMEType:@"text/html" expectedContentLength:strlen(bytes) textEncodingName:nil] autorelease]];
+        [task didReceiveData:[NSData dataWithBytes:bytes length:strlen(bytes)]];
+        [task didFinish];
+    } else {
+        EXPECT_STREQ(task.request.URL.absoluteString.UTF8String, "syncerror:///subresource");
+        [task didReceiveResponse:[[[NSURLResponse alloc] init] autorelease]];
+        [task didFailWithError:[NSError errorWithDomain:@"TestErrorDomain" code:123 userInfo:nil]];
+    }
+}
+
+- (void)webView:(WKWebView *)webView stopURLSchemeTask:(id <WKURLSchemeTask>)task
+{
+}
+
+- (void)webView:(WKWebView *)webView runJavaScriptAlertPanelWithMessage:(NSString *)message initiatedByFrame:(WKFrameInfo *)frame completionHandler:(void (^)(void))completionHandler
+{
+    EXPECT_STREQ(message.UTF8String, "NetworkError:  A network error occurred.");
+    completionHandler();
+    done = true;
+}
+
+@end
+
+TEST(URLSchemeHandler, SyncXHRError)
+{
+    auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    auto handler = adoptNS([[SyncErrorScheme alloc] init]);
+    [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"syncerror"];
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]);
+    [webView setUIDelegate:handler.get()];
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"syncerror:///main.html"]]];
+    TestWebKitAPI::Util::run(&done);
+}
+
+
 #endif // WK_API_ENABLED