[Content Filtering] Crash when allowing a 0-byte resource to load
authoraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Oct 2015 00:01:34 +0000 (00:01 +0000)
committeraestes@apple.com <aestes@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Thu, 29 Oct 2015 00:01:34 +0000 (00:01 +0000)
https://bugs.webkit.org/show_bug.cgi?id=150644
<rdar://problem/23288538>

Reviewed by Darin Adler.

Source/WebCore:

Test: contentfiltering/allow-empty-document.html

* loader/ContentFilter.cpp:
(WebCore::ContentFilter::deliverResourceData): resourceBuffer will be null if the resource contained no data.

LayoutTests:

* contentfiltering/allow-empty-document-expected.html: Added.
* contentfiltering/allow-empty-document.html: Added.
* contentfiltering/resources/empty.html: Added.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@191706 268f45cc-cd09-0410-ab3c-d52691b4dbfc

LayoutTests/ChangeLog
LayoutTests/contentfiltering/allow-empty-document-expected.html [new file with mode: 0644]
LayoutTests/contentfiltering/allow-empty-document.html [new file with mode: 0644]
LayoutTests/contentfiltering/resources/empty.html [new file with mode: 0644]
Source/WebCore/ChangeLog
Source/WebCore/loader/ContentFilter.cpp

index 5660e0bee34807b59e6c0cc3baf5882b38762014..3e285266eb1ca8a7879c82736e22add8b7e55117 100644 (file)
@@ -1,3 +1,15 @@
+2015-10-28  Andy Estes  <aestes@apple.com>
+
+        [Content Filtering] Crash when allowing a 0-byte resource to load
+        https://bugs.webkit.org/show_bug.cgi?id=150644
+        <rdar://problem/23288538>
+
+        Reviewed by Darin Adler.
+
+        * contentfiltering/allow-empty-document-expected.html: Added.
+        * contentfiltering/allow-empty-document.html: Added.
+        * contentfiltering/resources/empty.html: Added.
+
 2015-10-28  Mark Lam  <mark.lam@apple.com>
 
         Update FTL to support UntypedUse operands for op_sub.
diff --git a/LayoutTests/contentfiltering/allow-empty-document-expected.html b/LayoutTests/contentfiltering/allow-empty-document-expected.html
new file mode 100644 (file)
index 0000000..0a6ff38
--- /dev/null
@@ -0,0 +1,2 @@
+<!DOCTYPE html>
+<iframe src="resources/empty.html"></iframe>
diff --git a/LayoutTests/contentfiltering/allow-empty-document.html b/LayoutTests/contentfiltering/allow-empty-document.html
new file mode 100644 (file)
index 0000000..4f1c050
--- /dev/null
@@ -0,0 +1,10 @@
+<!DOCTYPE html>
+<script>
+    if (window.internals) {
+        var settings = window.internals.mockContentFilterSettings;
+        settings.enabled = true;
+        settings.decisionPoint = settings.DECISION_POINT_AFTER_FINISHED_ADDING_DATA;
+        settings.decision = settings.DECISION_ALLOW;
+    }
+</script>
+<iframe src="resources/empty.html"></iframe>
diff --git a/LayoutTests/contentfiltering/resources/empty.html b/LayoutTests/contentfiltering/resources/empty.html
new file mode 100644 (file)
index 0000000..e69de29
index a52332e69d937f15add57611813b69820e76c20e..d31f599d11a837aa4a23c3848a5d4cf06dae8fd7 100644 (file)
@@ -1,3 +1,16 @@
+2015-10-28  Andy Estes  <aestes@apple.com>
+
+        [Content Filtering] Crash when allowing a 0-byte resource to load
+        https://bugs.webkit.org/show_bug.cgi?id=150644
+        <rdar://problem/23288538>
+
+        Reviewed by Darin Adler.
+
+        Test: contentfiltering/allow-empty-document.html
+
+        * loader/ContentFilter.cpp:
+        (WebCore::ContentFilter::deliverResourceData): resourceBuffer will be null if the resource contained no data.
+
 2015-10-28  Chris Dumez  <cdumez@apple.com>
 
         Assertion failure in WebCore::FrameLoader::stopLoading() running fast/events tests
index 25d70ee29d2af37b0e36e2f0290f978bbea64214..2f600cb816b4f46d662efa745bc37c83f9a1750b 100644 (file)
@@ -259,8 +259,8 @@ void ContentFilter::didDecide(State state)
 void ContentFilter::deliverResourceData(CachedResource& resource)
 {
     ASSERT(resource.dataBufferingPolicy() == BufferData);
-    const SharedBuffer& resourceBuffer = *resource.resourceBuffer();
-    m_documentLoader.dataReceived(&resource, resourceBuffer.data(), resourceBuffer.size());
+    if (auto* resourceBuffer = resource.resourceBuffer())
+        m_documentLoader.dataReceived(&resource, resourceBuffer->data(), resourceBuffer->size());
 }
 
 } // namespace WebCore