Title: [233036] trunk/Source/WebCore
- Revision
- 233036
- Author
- mcatanz...@igalia.com
- Date
- 2018-06-21 06:37:05 -0700 (Thu, 21 Jun 2018)
Log Message
Bad optional access in WebCore::ContentSecurityPolicySource::portMatches
https://bugs.webkit.org/show_bug.cgi?id=186535
Reviewed by Daniel Bates.
Make sure the ports have explicit values before dereferencing them.
This is hard to test. If the layout test script-src-parsing-implicit-and-explicit-port-number
continues to pass for WebKitLegacy, then I have at least probably not broken anything. To
reproduce the crash in a layout test that I can run, I think I would need to implement
internals.registerDefaultPortForProtocol for modern WebKit, which is too much work for this
crash. Otherwise, we'd need to run the test server on port 80, which would be unfriendly.
* page/csp/ContentSecurityPolicySource.cpp:
(WebCore::ContentSecurityPolicySource::portMatches const):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (233035 => 233036)
--- trunk/Source/WebCore/ChangeLog 2018-06-21 11:03:58 UTC (rev 233035)
+++ trunk/Source/WebCore/ChangeLog 2018-06-21 13:37:05 UTC (rev 233036)
@@ -1,3 +1,21 @@
+2018-06-21 Michael Catanzaro <mcatanz...@igalia.com>
+
+ Bad optional access in WebCore::ContentSecurityPolicySource::portMatches
+ https://bugs.webkit.org/show_bug.cgi?id=186535
+
+ Reviewed by Daniel Bates.
+
+ Make sure the ports have explicit values before dereferencing them.
+
+ This is hard to test. If the layout test script-src-parsing-implicit-and-explicit-port-number
+ continues to pass for WebKitLegacy, then I have at least probably not broken anything. To
+ reproduce the crash in a layout test that I can run, I think I would need to implement
+ internals.registerDefaultPortForProtocol for modern WebKit, which is too much work for this
+ crash. Otherwise, we'd need to run the test server on port 80, which would be unfriendly.
+
+ * page/csp/ContentSecurityPolicySource.cpp:
+ (WebCore::ContentSecurityPolicySource::portMatches const):
+
2018-06-21 Fujii Hironori <hironori.fu...@sony.com>
[GStreamer] ASSERTION FAILED: end.isValid() in PlatformTimeRanges::add
Modified: trunk/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp (233035 => 233036)
--- trunk/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp 2018-06-21 11:03:58 UTC (rev 233035)
+++ trunk/Source/WebCore/page/csp/ContentSecurityPolicySource.cpp 2018-06-21 13:37:05 UTC (rev 233036)
@@ -100,7 +100,7 @@
if (port == m_port)
return true;
- if (isDefaultPortForProtocol(m_port.value(), "http") && ((!port && url.protocolIs("https")) || isDefaultPortForProtocol(port.value(), "https")))
+ if ((m_port && isDefaultPortForProtocol(m_port.value(), "http")) && ((!port && url.protocolIs("https")) || (port && isDefaultPortForProtocol(port.value(), "https"))))
return true;
if (!port)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
