[Content Filtering] Crash when allowing a 0-byte resource to load

author aestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Thu, 29 Oct 2015 00:01:34 +0000 (00:01 +0000)

committer aestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>

Thu, 29 Oct 2015 00:01:34 +0000 (00:01 +0000)
author aestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Oct 2015 00:01:34 +0000 (00:01 +0000)
committer aestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Oct 2015 00:01:34 +0000 (00:01 +0000)
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog

index 5660e0bee34807b59e6c0cc3baf5882b38762014..3e285266eb1ca8a7879c82736e22add8b7e55117 100644 (file)
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2015-10-28  Andy Estes  <aestes@apple.com>
+
+        [Content Filtering] Crash when allowing a 0-byte resource to load
+        https://bugs.webkit.org/show_bug.cgi?id=150644
+        <rdar://problem/23288538>
+
+        Reviewed by Darin Adler.
+
+        * contentfiltering/allow-empty-document-expected.html: Added.
+        * contentfiltering/allow-empty-document.html: Added.
+        * contentfiltering/resources/empty.html: Added.
+
  2015-10-28  Mark Lam  <mark.lam@apple.com>
  
          Update FTL to support UntypedUse operands for op_sub.
diff --git a/LayoutTests/contentfiltering/allow-empty-document-expected.html b/LayoutTests/contentfiltering/allow-empty-document-expected.html

new file mode 100644 (file)

index 0000000..0a6ff38
--- /dev/null
+++ b/LayoutTests/contentfiltering/allow-empty-document-expected.html
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<iframe src="resources/empty.html"></iframe>
diff --git a/LayoutTests/contentfiltering/allow-empty-document.html b/LayoutTests/contentfiltering/allow-empty-document.html

new file mode 100644 (file)

index 0000000..4f1c050
--- /dev/null
+++ b/LayoutTests/contentfiltering/allow-empty-document.html
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script>
+    if (window.internals) {
+        var settings = window.internals.mockContentFilterSettings;
+        settings.enabled = true;
+        settings.decisionPoint = settings.DECISION_POINT_AFTER_FINISHED_ADDING_DATA;
+        settings.decision = settings.DECISION_ALLOW;
+    }
+</script>
+<iframe src="resources/empty.html"></iframe>
diff --git a/LayoutTests/contentfiltering/resources/empty.html b/LayoutTests/contentfiltering/resources/empty.html

new file mode 100644 (file)

index 0000000..e69de29
diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog

index a52332e69d937f15add57611813b69820e76c20e..d31f599d11a837aa4a23c3848a5d4cf06dae8fd7 100644 (file)
--- a/Source/WebCore/ChangeLog
+++ b/Source/WebCore/ChangeLog
@@ -1,3 +1,16 @@
+2015-10-28  Andy Estes  <aestes@apple.com>
+
+        [Content Filtering] Crash when allowing a 0-byte resource to load
+        https://bugs.webkit.org/show_bug.cgi?id=150644
+        <rdar://problem/23288538>
+
+        Reviewed by Darin Adler.
+
+        Test: contentfiltering/allow-empty-document.html
+
+        * loader/ContentFilter.cpp:
+        (WebCore::ContentFilter::deliverResourceData): resourceBuffer will be null if the resource contained no data.
+
  2015-10-28  Chris Dumez  <cdumez@apple.com>
  
          Assertion failure in WebCore::FrameLoader::stopLoading() running fast/events tests
diff --git a/Source/WebCore/loader/ContentFilter.cpp b/Source/WebCore/loader/ContentFilter.cpp

index 25d70ee29d2af37b0e36e2f0290f978bbea64214..2f600cb816b4f46d662efa745bc37c83f9a1750b 100644 (file)
--- a/Source/WebCore/loader/ContentFilter.cpp
+++ b/Source/WebCore/loader/ContentFilter.cpp
@@ -259,8 +259,8 @@ void ContentFilter::didDecide(State state)
  void ContentFilter::deliverResourceData(CachedResource& resource)
  {
      ASSERT(resource.dataBufferingPolicy() == BufferData);
-    const SharedBuffer& resourceBuffer = *resource.resourceBuffer();
-    m_documentLoader.dataReceived(&resource, resourceBuffer.data(), resourceBuffer.size());
+    if (auto* resourceBuffer = resource.resourceBuffer())
+        m_documentLoader.dataReceived(&resource, resourceBuffer->data(), resourceBuffer->size());
  }
  
  } // namespace WebCore
author	aestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Thu, 29 Oct 2015 00:01:34 +0000 (00:01 +0000)
committer	aestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
	Thu, 29 Oct 2015 00:01:34 +0000 (00:01 +0000)
LayoutTests/ChangeLog		patch \| blob \| history
LayoutTests/contentfiltering/allow-empty-document-expected.html	[new file with mode: 0644]	patch \| blob
LayoutTests/contentfiltering/allow-empty-document.html	[new file with mode: 0644]	patch \| blob
LayoutTests/contentfiltering/resources/empty.html	[new file with mode: 0644]	patch \| blob
Source/WebCore/ChangeLog		patch \| blob \| history
Source/WebCore/loader/ContentFilter.cpp		patch \| blob \| history