WebKit Bugzilla
Attachment 370670 Details for
Bug 197941
: [WinCairo] REGRESSION(r245186) Crash in NetworkCache::IOChannel::read in http/tests/IndexedDB some tests
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-197941-20190527145220.patch (text/plain), 2.60 KB, created by
Fujii Hironori
on 2019-05-26 22:52:21 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Fujii Hironori
Created:
2019-05-26 22:52:21 PDT
Size:
2.60 KB
patch
obsolete
>Subversion Revision: 245787 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index cb0de369abb50e6d5846ae41f84bff85b9282741..deb9c1c394f250aa84d7b8a1f77ef9bdb053406d 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,21 @@ >+2019-05-26 Fujii Hironori <Hironori.Fujii@sony.com> >+ >+ [WinCairo] REGRESSION(r245186) Crash in NetworkCache::IOChannel::read in http/tests/IndexedDB some tests >+ https://bugs.webkit.org/show_bug.cgi?id=197941 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ http/tests/IndexedDB some tests were crashing in >+ NetworkCache::IOChannel::read in order to allocate a buffer with >+ std::numeric_limits<size_t>::max() as the size. >+ >+ IOChannel::read should check the file size, and calculate the read >+ size. >+ >+ * NetworkProcess/cache/NetworkCacheIOChannelCurl.cpp: >+ (WebKit::NetworkCache::IOChannel::read): Limit the read buffer >+ size by calling FileSystem::getFileSize. >+ > 2019-05-26 Simon Fraser <simon.fraser@apple.com> > > Move VelocityData to WebCore >diff --git a/Source/WebKit/NetworkProcess/cache/NetworkCacheIOChannelCurl.cpp b/Source/WebKit/NetworkProcess/cache/NetworkCacheIOChannelCurl.cpp >index db49e653d6d2e8802f1db69bd1dfdf3064a84b52..f3c8f93f00be454a33bfe8187d536e6e18ba17ad 100644 >--- a/Source/WebKit/NetworkProcess/cache/NetworkCacheIOChannelCurl.cpp >+++ b/Source/WebKit/NetworkProcess/cache/NetworkCacheIOChannelCurl.cpp >@@ -74,9 +74,17 @@ static inline void runTaskInQueue(Function<void()>&& task, WorkQueue* queue) > void IOChannel::read(size_t offset, size_t size, WorkQueue* queue, Function<void(Data&, int error)>&& completionHandler) > { > runTaskInQueue([this, protectedThis = makeRef(*this), offset, size, completionHandler = WTFMove(completionHandler)] { >- Vector<uint8_t> buffer(size); >+ long long fileSize; >+ if (!FileSystem::getFileSize(m_fileDescriptor, fileSize) || fileSize > std::numeric_limits<size_t>::max()) { >+ Data data; >+ completionHandler(data, -1); >+ return; >+ } >+ size_t readSize = fileSize; >+ readSize = std::min(size, readSize); >+ Vector<uint8_t> buffer(readSize); > FileSystem::seekFile(m_fileDescriptor, offset, FileSystem::FileSeekOrigin::Beginning); >- int err = FileSystem::readFromFile(m_fileDescriptor, reinterpret_cast<char*>(buffer.data()), size); >+ int err = FileSystem::readFromFile(m_fileDescriptor, reinterpret_cast<char*>(buffer.data()), readSize); > err = err < 0 ? err : 0; > auto data = Data(WTFMove(buffer)); > completionHandler(data, err);
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=370670">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 197941
:
370024
| 370670