[webkit-changes] [279787] trunk/Source/WebKit

Fri, 09 Jul 2021 09:55:36 -0700

Title: [279787] trunk/Source/WebKit
Revision
279787
Author
cdu...@apple.com
Date
2021-07-09 09:54:56 -0700 (Fri, 09 Jul 2021)

Log Message

Validate keys in ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources() before using them with HashMap
https://bugs.webkit.org/show_bug.cgi?id=227842

Reviewed by Kate Cheney.

Validate keys in ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources() before using them with HashMap,
to avoid potential crashes. We do not support storing (or looking up) a key with value 0 in a HashMap whose key type
is 'unsigned'.

* NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
(WebKit::ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources):

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (279786 => 279787)


--- trunk/Source/WebKit/ChangeLog	2021-07-09 16:46:05 UTC (rev 279786)
+++ trunk/Source/WebKit/ChangeLog	2021-07-09 16:54:56 UTC (rev 279787)
@@ -1,3 +1,17 @@
+2021-07-09  Chris Dumez  <cdu...@apple.com>
+
+        Validate keys in ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources() before using them with HashMap
+        https://bugs.webkit.org/show_bug.cgi?id=227842
+
+        Reviewed by Kate Cheney.
+
+        Validate keys in ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources() before using them with HashMap,
+        to avoid potential crashes. We do not support storing (or looking up) a key with value 0 in a HashMap whose key type
+        is 'unsigned'.
+
+        * NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp:
+        (WebKit::ResourceLoadStatisticsDatabaseStore::findNotVeryPrevalentResources):
+
 2021-07-09  Jer Noble  <jer.no...@apple.com>
 
         [Cocoa] Make Coordinator playback commands more precise

Modified: trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp (279786 => 279787)


--- trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp	2021-07-09 16:46:05 UTC (rev 279786)
+++ trunk/Source/WebKit/NetworkProcess/Classifier/ResourceLoadStatisticsDatabaseStore.cpp	2021-07-09 16:54:56 UTC (rev 279787)
@@ -1386,10 +1386,12 @@
     if (notVeryPrevalentResourcesStatement) {
         while (notVeryPrevalentResourcesStatement->step() == SQLITE_ROW) {
             unsigned key = static_cast<unsigned>(notVeryPrevalentResourcesStatement->columnInt(0));
+            ASSERT(key);
+            if (!key)
+                continue;
             NotVeryPrevalentResources value({ RegistrableDomain::uncheckedCreateFromRegistrableDomainString(notVeryPrevalentResourcesStatement->columnText(1))
-                , notVeryPrevalentResourcesStatement->columnInt(2) ? ResourceLoadPrevalence::High : ResourceLoadPrevalence::Low
-                , 0, 0, 0, 0 });
-            results.add(key, value);
+                , notVeryPrevalentResourcesStatement->columnInt(2) ? ResourceLoadPrevalence::High : ResourceLoadPrevalence::Low , 0, 0, 0, 0 });
+            results.add(key, WTFMove(value));
         }
     }
 
@@ -1402,6 +1404,9 @@
     if (subresourceUnderTopFrameDomainsStatement) {
         while (subresourceUnderTopFrameDomainsStatement->step() == SQLITE_ROW) {
             unsigned domainID = static_cast<unsigned>(subresourceUnderTopFrameDomainsStatement->columnInt(0));
+            ASSERT(domainID);
+            if (!domainID)
+                continue;
             auto result = results.find(domainID);
             if (result != results.end())
                 result->value.subresourceUnderTopFrameDomainsCount = static_cast<unsigned>(subresourceUnderTopFrameDomainsStatement->columnInt(1));
@@ -1412,6 +1417,9 @@
     if (subresourceUniqueRedirectsToCountStatement) {
         while (subresourceUniqueRedirectsToCountStatement->step() == SQLITE_ROW) {
             unsigned domainID = static_cast<unsigned>(subresourceUniqueRedirectsToCountStatement->columnInt(0));
+            ASSERT(domainID);
+            if (!domainID)
+                continue;
             auto result = results.find(domainID);
             if (result != results.end())
                 result->value.subresourceUniqueRedirectsToCount = static_cast<unsigned>(subresourceUniqueRedirectsToCountStatement->columnInt(1));
@@ -1422,6 +1430,9 @@
     if (subframeUnderTopFrameDomainsCountStatement) {
         while (subframeUnderTopFrameDomainsCountStatement->step() == SQLITE_ROW) {
             unsigned domainID = static_cast<unsigned>(subframeUnderTopFrameDomainsCountStatement->columnInt(0));
+            ASSERT(domainID);
+            if (!domainID)
+                continue;
             auto result = results.find(domainID);
             if (result != results.end())
                 result->value.subframeUnderTopFrameDomainsCount = static_cast<unsigned>(subframeUnderTopFrameDomainsCountStatement->columnInt(1));
@@ -1432,6 +1443,9 @@
     if (topFrameUniqueRedirectsToCountStatement) {
         while (topFrameUniqueRedirectsToCountStatement->step() == SQLITE_ROW) {
             unsigned domainID = static_cast<unsigned>(topFrameUniqueRedirectsToCountStatement->columnInt(0));
+            ASSERT(domainID);
+            if (!domainID)
+                continue;
             auto result = results.find(domainID);
             if (result != results.end())
                 result->value.topFrameUniqueRedirectsToCount = static_cast<unsigned>(topFrameUniqueRedirectsToCountStatement->columnInt(1));

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to