Title: [210682] trunk/Source/WebCore
- Revision
- 210682
- Author
- commit-qu...@webkit.org
- Date
- 2017-01-12 15:12:13 -0800 (Thu, 12 Jan 2017)
Log Message
Make ApplicationCacheHost::maybeLoadSynchronously more robust
https://bugs.webkit.org/show_bug.cgi?id=165192
Patch by Youenn Fablet <you...@apple.com> on 2017-01-12
Reviewed by Alex Christensen.
No change of behavior.
Currently, in case out parameter "data" is not null and shouldLoadResourceFromApplicationCache returns false and resource is null, we might dereference a null pointer when calling maybeLoadSynchronously.
We refactor the code to ensure that this case cannot happen anymore.
* loader/appcache/ApplicationCacheHost.cpp:
(WebCore::bufferFromResource):
(WebCore::ApplicationCacheHost::maybeLoadSynchronously):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (210681 => 210682)
--- trunk/Source/WebCore/ChangeLog 2017-01-12 22:49:51 UTC (rev 210681)
+++ trunk/Source/WebCore/ChangeLog 2017-01-12 23:12:13 UTC (rev 210682)
@@ -1,3 +1,18 @@
+2017-01-12 Youenn Fablet <you...@apple.com>
+
+ Make ApplicationCacheHost::maybeLoadSynchronously more robust
+ https://bugs.webkit.org/show_bug.cgi?id=165192
+
+ Reviewed by Alex Christensen.
+
+ No change of behavior.
+ Currently, in case out parameter "data" is not null and shouldLoadResourceFromApplicationCache returns false and resource is null, we might dereference a null pointer when calling maybeLoadSynchronously.
+ We refactor the code to ensure that this case cannot happen anymore.
+
+ * loader/appcache/ApplicationCacheHost.cpp:
+ (WebCore::bufferFromResource):
+ (WebCore::ApplicationCacheHost::maybeLoadSynchronously):
+
2017-01-12 Alex Christensen <achristen...@webkit.org>
Update style of ResourceHandleInternal
Modified: trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp (210681 => 210682)
--- trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2017-01-12 22:49:51 UTC (rev 210681)
+++ trunk/Source/WebCore/loader/appcache/ApplicationCacheHost.cpp 2017-01-12 23:12:13 UTC (rev 210682)
@@ -231,25 +231,30 @@
return url;
}
+static inline RefPtr<SharedBuffer> bufferFromResource(ApplicationCacheResource& resource)
+{
+ // FIXME: Clients probably do not need a copy of the SharedBuffer.
+ // Remove the call to copy() once we ensure SharedBuffer will not be modified.
+ if (resource.path().isEmpty())
+ return resource.data().copy();
+ return SharedBuffer::createWithContentsOfFile(resource.path());
+}
+
bool ApplicationCacheHost::maybeLoadSynchronously(ResourceRequest& request, ResourceError& error, ResourceResponse& response, RefPtr<SharedBuffer>& data)
{
ApplicationCacheResource* resource;
- if (shouldLoadResourceFromApplicationCache(request, resource)) {
- if (resource) {
- // FIXME: Clients proably do not need a copy of the SharedBuffer.
- // Remove the call to copy() once we ensure SharedBuffer will not be modified.
- if (resource->path().isEmpty())
- data = ""
- else
- data = ""
- }
- if (!data)
- error = m_documentLoader.frameLoader()->client().cannotShowURLError(request);
- else
- response = resource->response();
+ if (!shouldLoadResourceFromApplicationCache(request, resource))
+ return false;
+
+ RefPtr<SharedBuffer> responseData = resource ? bufferFromResource(*resource) : nullptr;
+ if (!responseData) {
+ error = m_documentLoader.frameLoader()->client().cannotShowURLError(request);
return true;
}
- return false;
+
+ response = resource->response();
+ data = ""
+ return true;
}
void ApplicationCacheHost::maybeLoadFallbackSynchronously(const ResourceRequest& request, ResourceError& error, ResourceResponse& response, RefPtr<SharedBuffer>& data)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
