Changeset 234735 in webkit

Timestamp:

Aug 9, 2018, 2:43:48 PM (7 years ago)

Author:

[email protected]

Message:

WKURLSchemeHandler crashes when sent errors with sync XHR
​https://bugs.webkit.org/show_bug.cgi?id=188358

Patch by Alex Christensen <​[email protected]> on 2018-08-09
Reviewed by Chris Dumez.

Source/WebKit:

• UIProcess/WebURLSchemeTask.cpp:

(WebKit::WebURLSchemeTask::didReceiveData):
(WebKit::WebURLSchemeTask::didComplete):

• UIProcess/WebURLSchemeTask.h:

Tools:

• TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:

(-[SyncErrorScheme webView:startURLSchemeTask:]):
(-[SyncErrorScheme webView:stopURLSchemeTask:]):
(-[SyncErrorScheme webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):

Location:

trunk

Files:

• Source/WebKit/ChangeLog (modified) (1 diff)
• Source/WebKit/UIProcess/WebURLSchemeTask.cpp (modified) (3 diffs)
• Source/WebKit/UIProcess/WebURLSchemeTask.h (modified) (1 diff)
• Tools/ChangeLog (modified) (1 diff)
• Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2018-08-09  Alex Christensen  <[email protected]>
+
+        WKURLSchemeHandler crashes when sent errors with sync XHR
+        https://bugs.webkit.org/show_bug.cgi?id=188358
+
+        Reviewed by Chris Dumez.
+
+        * UIProcess/WebURLSchemeTask.cpp:
+        (WebKit::WebURLSchemeTask::didReceiveData):
+        (WebKit::WebURLSchemeTask::didComplete):
+        * UIProcess/WebURLSchemeTask.h:
+
 2018-08-09  Sihui Liu  <[email protected]>
 

trunk/Source/WebKit/UIProcess/WebURLSchemeTask.cpp

@@ -97 +97 @@
 }
 
-auto WebURLSchemeTask::didReceiveData(Ref<SharedBuffer> buffer) -> ExceptionType
+auto WebURLSchemeTask::didReceiveData(Ref<SharedBuffer>&& buffer) -> ExceptionType
 {
     if (m_stopped)
@@ -111 +111 @@
 
     if (isSync()) {
-        if (!m_syncData)
-            m_syncData = SharedBuffer::create();
-        m_syncData->append(buffer);
+        if (m_syncData)
+            m_syncData->append(buffer);
+        else
+            m_syncData = WTFMove(buffer);
     }
 
@@ -134 +135 @@
     
     if (isSync()) {
-        m_syncCompletionHandler(m_syncResponse, error, IPC::DataReference { (const uint8_t*)m_syncData->data(), m_syncData->size() });
+        IPC::DataReference data;
+        if (m_syncData)
+            data = { reinterpret_cast<const uint8_t*>(m_syncData->data()), m_syncData->size() };
+        m_syncCompletionHandler(m_syncResponse, error, data);
         m_syncData = nullptr;
     }

trunk/Source/WebKit/UIProcess/WebURLSchemeTask.h

@@ -71 +71 @@
     ExceptionType didPerformRedirection(WebCore::ResourceResponse&&, WebCore::ResourceRequest&&);
     ExceptionType didReceiveResponse(const WebCore::ResourceResponse&);
-    ExceptionType didReceiveData(Ref<WebCore::SharedBuffer>);
+    ExceptionType didReceiveData(Ref<WebCore::SharedBuffer>&&);
     ExceptionType didComplete(const WebCore::ResourceError&);
 

trunk/Tools/ChangeLog

@@ +1 @@
+2018-08-09  Alex Christensen  <[email protected]>
+
+        WKURLSchemeHandler crashes when sent errors with sync XHR
+        https://bugs.webkit.org/show_bug.cgi?id=188358
+
+        Reviewed by Chris Dumez.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm:
+        (-[SyncErrorScheme webView:startURLSchemeTask:]):
+        (-[SyncErrorScheme webView:stopURLSchemeTask:]):
+        (-[SyncErrorScheme webView:runJavaScriptAlertPanelWithMessage:initiatedByFrame:completionHandler:]):
+
 2018-08-09  Per Arne Vollan  <[email protected]>
 

trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/WKURLSchemeHandler-1.mm

@@ -539 +539 @@
 }
 
+@interface SyncErrorScheme : NSObject <WKURLSchemeHandler, WKUIDelegate>
+@end
+
+@implementation SyncErrorScheme
+
+- (void)webView:(WKWebView *)webView startURLSchemeTask:(id <WKURLSchemeTask>)task
+{
+    if ([task.request.URL.absoluteString isEqualToString:@"syncerror:///main.html"]) {
+        static const char* bytes = "<script>var xhr=new XMLHttpRequest();xhr.open('GET','https://trac.webkit.org/subresource',false);try{xhr.send(null);alert('no error')}catch(e){alert(e)}</script>";
+        [task didReceiveResponse:[[[NSURLResponse alloc] initWithURL:task.request.URL MIMEType:@"text/html" expectedContentLength:strlen(bytes) textEncodingName:nil] autorelease]];
+        [task didReceiveData:[NSData dataWithBytes:bytes length:strlen(bytes)]];
+        [task didFinish];
+    } else {
+        EXPECT_STREQ(task.request.URL.absoluteString.UTF8String, "syncerror:///subresource");
+        [task didReceiveResponse:[[[NSURLResponse alloc] init] autorelease]];
+        [task didFailWithError:[NSError errorWithDomain:@"TestErrorDomain" code:123 userInfo:nil]];
+    }
+}
+
+- (void)webView:(WKWebView *)webView stopURLSchemeTask:(id <WKURLSchemeTask>)task
+{
+}
+
+- (void)webView:(WKWebView *)webView runJavaScriptAlertPanelWithMessage:(NSString *)message initiatedByFrame:(WKFrameInfo *)frame completionHandler:(void (^)(void))completionHandler
+{
+    EXPECT_STREQ(message.UTF8String, "NetworkError:  A network error occurred.");
+    completionHandler();
+    done = true;
+}
+
+@end
+
+TEST(URLSchemeHandler, SyncXHRError)
+{
+    auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    auto handler = adoptNS([[SyncErrorScheme alloc] init]);
+    [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"syncerror"];
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]);
+    [webView setUIDelegate:handler.get()];
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"syncerror:///main.html"]]];
+    TestWebKitAPI::Util::run(&done);
+}
+
+
 #endif // WK_API_ENABLED