[webkit-changes] [170934] trunk/Source/WebKit2

[aestes]

Title: [170934] trunk/Source/WebKit2

Revision

170934

Author

aes...@apple.com

Date

2014-07-09 14:58:13 -0700 (Wed, 09 Jul 2014)

Log Message

[iOS] WebKit can crash under QuickLookDocumentData::encode() when viewing a QuickLook preview
https://bugs.webkit.org/show_bug.cgi?id=134780

Reviewed by Tim Horton.

Don't use CFDataCreateWithBytesNoCopy() when we can't guarantee the lifetime of the copied-from DataReference
will match or exceed that of the CFDataRef. Copy the data instead.

* WebProcess/Network/WebResourceLoader.cpp:
(WebKit::WebResourceLoader::didReceiveData):

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp

Diff

Modified: trunk/Source/WebKit2/ChangeLog (170933 => 170934)

--- trunk/Source/WebKit2/ChangeLog	2014-07-09 21:56:05 UTC (rev 170933)
+++ trunk/Source/WebKit2/ChangeLog	2014-07-09 21:58:13 UTC (rev 170934)
@@ -1,3 +1,16 @@
+2014-07-09  Andy Estes  <aes...@apple.com>
+
+        [iOS] WebKit can crash under QuickLookDocumentData::encode() when viewing a QuickLook preview
+        https://bugs.webkit.org/show_bug.cgi?id=134780
+
+        Reviewed by Tim Horton.
+
+        Don't use CFDataCreateWithBytesNoCopy() when we can't guarantee the lifetime of the copied-from DataReference
+        will match or exceed that of the CFDataRef. Copy the data instead.
+
+        * WebProcess/Network/WebResourceLoader.cpp:
+        (WebKit::WebResourceLoader::didReceiveData):
+
 2014-07-09  Pratik Solanki  <psola...@apple.com>
 
         Move resource buffering from SynchronousNetworkLoaderClient to NetworkResourceLoader

Modified: trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp (170933 => 170934)

--- trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp	2014-07-09 21:56:05 UTC (rev 170933)
+++ trunk/Source/WebKit2/WebProcess/Network/WebResourceLoader.cpp	2014-07-09 21:58:13 UTC (rev 170934)
@@ -141,8 +141,7 @@
 
 #if USE(QUICK_LOOK)
     if (m_quickLookHandle) {
-        RetainPtr<CFDataRef> rawData = adoptCF(CFDataCreateWithBytesNoCopy(0, data.data(), data.size(), kCFAllocatorNull));
-        if (m_quickLookHandle->didReceiveData(rawData.get()))
+        if (m_quickLookHandle->didReceiveData(adoptCF(CFDataCreate(kCFAllocatorDefault, data.data(), data.size())).get()))
             return;
     }
 #endif

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes