Title: [279787] trunk/Source/WebKit
- Revision
- 279787
- Author
- cdu...@apple.com
- Date
- 2021-07-09 09:54:56 -0700 (Fri, 09 Jul 2021)
Log Message
Validate keys in ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources() before using them with HashMap
https://bugs.webkit.org/show_bug.cgi?id=227842
Reviewed by Kate Cheney.
Validate keys in ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources() before using them with HashMap,
to avoid potential crashes. We do not support storing (or looking up) a key with value 0 in a HashMap whose key type
is 'unsigned'.
* NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
(WebKit::ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (279786 => 279787)
--- trunk/Source/WebKit/ChangeLog 2021-07-09 16:46:05 UTC (rev 279786)
+++ trunk/Source/WebKit/ChangeLog 2021-07-09 16:54:56 UTC (rev 279787)
@@ -1,3 +1,17 @@
+2021-07-09 Chris Dumez <cdu...@apple.com>
+
+ Validate keys in ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources() before using them with HashMap
+ https://bugs.webkit.org/show_bug.cgi?id=227842
+
+ Reviewed by Kate Cheney.
+
+ Validate keys in ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources() before using them with HashMap,
+ to avoid potential crashes. We do not support storing (or looking up) a key with value 0 in a HashMap whose key type
+ is 'unsigned'.
+
+ * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
+ (WebKit::ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources):
+
2021-07-09 Jer Noble <jer.no...@apple.com>
[Cocoa] Make Coordinator playback commands more precise
Modified: trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp (279786 => 279787)
--- trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp 2021-07-09 16:46:05 UTC (rev 279786)
+++ trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp 2021-07-09 16:54:56 UTC (rev 279787)
@@ -1386,10 +1386,12 @@
if (notVeryPrevalentResourcesStatement) {
while (notVeryPrevalentResourcesStatement->step() == SQLITE_ROW) {
unsigned key = static_cast<unsigned>(notVeryPrevalentResourcesStatement->columnInt(0));
+ ASSERT(key);
+ if (!key)
+ continue;
NotVeryPrevalentResources value({ RegistrableDomain::uncheckedCreateFromRegistrableDomainString(notVeryPrevalentResourcesStatement->columnText(1))
- , notVeryPrevalentResourcesStatement->columnInt(2) ? ResourceLoadPrevalence::High : ResourceLoadPrevalence::Low
- , 0, 0, 0, 0 });
- results.add(key, value);
+ , notVeryPrevalentResourcesStatement->columnInt(2) ? ResourceLoadPrevalence::High : ResourceLoadPrevalence::Low , 0, 0, 0, 0 });
+ results.add(key, WTFMove(value));
}
}
@@ -1402,6 +1404,9 @@
if (subresourceUnderTopFrameDomainsStatement) {
while (subresourceUnderTopFrameDomainsStatement->step() == SQLITE_ROW) {
unsigned domainID = static_cast<unsigned>(subresourceUnderTopFrameDomainsStatement->columnInt(0));
+ ASSERT(domainID);
+ if (!domainID)
+ continue;
auto result = results.find(domainID);
if (result != results.end())
result->value.subresourceUnderTopFrameDomainsCount = static_cast<unsigned>(subresourceUnderTopFrameDomainsStatement->columnInt(1));
@@ -1412,6 +1417,9 @@
if (subresourceUniqueRedirectsToCountStatement) {
while (subresourceUniqueRedirectsToCountStatement->step() == SQLITE_ROW) {
unsigned domainID = static_cast<unsigned>(subresourceUniqueRedirectsToCountStatement->columnInt(0));
+ ASSERT(domainID);
+ if (!domainID)
+ continue;
auto result = results.find(domainID);
if (result != results.end())
result->value.subresourceUniqueRedirectsToCount = static_cast<unsigned>(subresourceUniqueRedirectsToCountStatement->columnInt(1));
@@ -1422,6 +1430,9 @@
if (subframeUnderTopFrameDomainsCountStatement) {
while (subframeUnderTopFrameDomainsCountStatement->step() == SQLITE_ROW) {
unsigned domainID = static_cast<unsigned>(subframeUnderTopFrameDomainsCountStatement->columnInt(0));
+ ASSERT(domainID);
+ if (!domainID)
+ continue;
auto result = results.find(domainID);
if (result != results.end())
result->value.subframeUnderTopFrameDomainsCount = static_cast<unsigned>(subframeUnderTopFrameDomainsCountStatement->columnInt(1));
@@ -1432,6 +1443,9 @@
if (topFrameUniqueRedirectsToCountStatement) {
while (topFrameUniqueRedirectsToCountStatement->step() == SQLITE_ROW) {
unsigned domainID = static_cast<unsigned>(topFrameUniqueRedirectsToCountStatement->columnInt(0));
+ ASSERT(domainID);
+ if (!domainID)
+ continue;
auto result = results.find(domainID);
if (result != results.end())
result->value.topFrameUniqueRedirectsToCount = static_cast<unsigned>(topFrameUniqueRedirectsToCountStatement->columnInt(1));
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes