20295 2008-08-06 03:44:21 -0700 RegularExpression::match should not crash when a null string is passed 2008-08-08 02:32:24 -0700 1 1 1 Unclassified WebKit Text 528+ (Nightly build) All All RESOLVED FIXED P2 Normal --- 1 marco.barisione marco.barisione alp mitz oldest_to_newest 87934 0 marco.barisione 2008-08-06 03:44:21 -0700 RegularExpression::match() passes a null subject string to jsRegExpExecute causing a crash. See also bug #19794 for a discussion on this. 87936 1 22675 marco.barisione 2008-08-06 03:54:59 -0700 Created attachment 22675 Check for null strings 87946 2 22675 eric 2008-08-06 05:22:20 -0700 Comment on attachment 22675 Check for null strings I found the text "... with the null string." a bit confusing. I think that last clause could be removed. Looks great! 87950 3 jmalonzo 2008-08-06 05:47:17 -0700 Removed the last clause before landing. Landed in r35601 87957 4 mitz 2008-08-06 07:30:01 -0700 How was this being hit? Is it possible to make a test case? In previous occurrences of this crash, the fix was applied at the call site. 87959 5 marco.barisione 2008-08-06 07:40:58 -0700 (In reply to comment #4) > How was this being hit? Is it possible to make a test case? In previous > occurrences of this crash, the fix was applied at the call site. RegularExpression::match is called by DOMImplementation::isXMLMIMEType. Of course the mime type should not be null, this is why I'm also proposing to commit patch #22023 to the CURL backend but IMHO it's a good idea to protect RegularExpression::match from crashing. If you think that this is not the best idea we could just throw away this patch or I could write a patch to check for null mime types in DOMImplementation::isXMLMIMEType. 88094 6 alp 2008-08-08 01:30:28 -0700 Does a two-line null check need a whole new copyright entry? 88096 7 marco.barisione 2008-08-08 02:32:24 -0700 (In reply to comment #6) > Does a two-line null check need a whole new copyright entry? Actually no, I just did that out of habit. 22675 2008-08-06 03:54:59 -0700 2008-08-06 05:22:20 -0700 Check for null strings match-null.patch text/plain 1822 marco.barisione ZGlmZiAtLWdpdCBhL1dlYkNvcmUvQ2hhbmdlTG9nIGIvV2ViQ29yZS9DaGFuZ2VMb2cKaW5kZXgg ZDI2YjZiOC4uYWU2ZjNmZCAxMDA2NDQKLS0tIGEvV2ViQ29yZS9DaGFuZ2VMb2cKKysrIGIvV2Vi Q29yZS9DaGFuZ2VMb2cKQEAgLTEsMyArMSwxOSBAQAorMjAwOC0wOC0wNiAgTWFyY28gQmFyaXNp b25lICA8bWFyY28uYmFyaXNpb25lQGNvbGxhYm9yYS5jby51az4KKworICAgICAgICBSZXZpZXdl ZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAgICBodHRwOi8vYnVncy53ZWJraXQub3JnL3No b3dfYnVnLmNnaT9pZD0yMDI5NQorICAgICAgICBSZWd1bGFyRXhwcmVzc2lvbjo6bWF0Y2ggc2hv dWxkIG5vdCBjcmFzaCB3aGVuIGEgbnVsbCBzdHJpbmcgaXMgcGFzc2VkCisKKyAgICAgICAgUmVn dWxhckV4cHJlc3Npb246Om1hdGNoIHVzZWQgdG8gcGFzcyBudWxsIHN1YmplY3Qgc3RyaW5ncyB0 bworICAgICAgICBqc1JlZ0V4cEV4ZWN1dGUgY2F1c2luZyBhbiBBU1NFUlQgZmFpbHVyZSBhbmQg dGhlbiBhIGNyYXNoLgorICAgICAgICBUaGVyZSBpcyBubyBuZWVkIHRvIGZpeCBhbHNvIFJlZ3Vs YXJFeHByZXNzaW9uOnNlYXJjaCBhbmQKKyAgICAgICAgUmVndWxhckV4cHJlc3Npb246OnNlYXJj aFJldiBhcyB0aGV5IGp1c3QgY2FsbAorICAgICAgICBSZWd1bGFyRXhwcmVzc2lvbjo6bWF0Y2gg d2l0aCB0aGUgbnVsbCBzdHJpbmcuCisKKyAgICAgICAgKiBwbGF0Zm9ybS90ZXh0L1JlZ3VsYXJF eHByZXNzaW9uLmNwcDoKKyAgICAgICAgKFdlYkNvcmU6OlJlZ3VsYXJFeHByZXNzaW9uOjptYXRj aCk6IFJldHVybiAtMSBpZiB0aGUgc3RyaW5nIGlzIG51bGwuCisKICAgMjAwOC0wOC0wNiAgRXJp YyBTZWlkZWwgIDxlcmljQHdlYmtpdC5vcmc+CiAKICAgICAgICAgQnVpbGQgZml4IG9ubHksIG5v IHJldmlldy4KZGlmZiAtLWdpdCBhL1dlYkNvcmUvcGxhdGZvcm0vdGV4dC9SZWd1bGFyRXhwcmVz c2lvbi5jcHAgYi9XZWJDb3JlL3BsYXRmb3JtL3RleHQvUmVndWxhckV4cHJlc3Npb24uY3BwCmlu ZGV4IDBkOTg0ODguLjFiOTMzZmYgMTAwNjQ0Ci0tLSBhL1dlYkNvcmUvcGxhdGZvcm0vdGV4dC9S ZWd1bGFyRXhwcmVzc2lvbi5jcHAKKysrIGIvV2ViQ29yZS9wbGF0Zm9ybS90ZXh0L1JlZ3VsYXJF eHByZXNzaW9uLmNwcApAQCAtMSw1ICsxLDYgQEAKIC8qCiAgKiBDb3B5cmlnaHQgKEMpIDIwMDQs IDIwMDggQXBwbGUgSW5jLiBBbGwgcmlnaHRzIHJlc2VydmVkLgorICogQ29weXJpZ2h0IChDKSAy MDA4IENvbGxhYm9yYSBMdGQuCiAgKgogICogUmVkaXN0cmlidXRpb24gYW5kIHVzZSBpbiBzb3Vy Y2UgYW5kIGJpbmFyeSBmb3Jtcywgd2l0aCBvciB3aXRob3V0CiAgKiBtb2RpZmljYXRpb24sIGFy ZSBwZXJtaXR0ZWQgcHJvdmlkZWQgdGhhdCB0aGUgZm9sbG93aW5nIGNvbmRpdGlvbnMKQEAgLTEy OSw2ICsxMzAsOSBAQCBTdHJpbmcgUmVndWxhckV4cHJlc3Npb246OnBhdHRlcm4oKSBjb25zdAog CiBpbnQgUmVndWxhckV4cHJlc3Npb246Om1hdGNoKGNvbnN0IFN0cmluZyYgc3RyLCBpbnQgc3Rh cnRGcm9tLCBpbnQqIG1hdGNoTGVuZ3RoKSBjb25zdAogeworICAgIGlmIChzdHIuaXNOdWxsKCkp CisgICAgICAgIHJldHVybiAtMTsKKwogICAgIGQtPmxhc3RNYXRjaFN0cmluZyA9IHN0cjsKICAg ICAvLyBGaXJzdCAyIG9mZnNldHMgYXJlIHN0YXJ0IGFuZCBlbmQgb2Zmc2V0czsgM3JkIGVudHJ5 IGlzIHVzZWQgaW50ZXJuYWxseSBieSBwY3JlCiAgICAgZC0+bGFzdE1hdGNoQ291bnQgPSBqc1Jl Z0V4cEV4ZWN1dGUoZC0+cmVnZXgsIGQtPmxhc3RNYXRjaFN0cmluZy5jaGFyYWN0ZXJzKCksCg==