47717 2010-10-15 03:08:07 -0700 [GTK] Do a stricter check for invalid base64 dataURLs 2010-10-15 03:39:21 -0700 1 1 1 Unclassified WebKit WebKitGTK 528+ (Nightly build) PC OS X 10.5 RESOLVED FIXED P2 Normal --- 0 svillar webkit-unassigned commit-queue rniwa oldest_to_newest 294667 0 svillar 2010-10-15 03:08:07 -0700 In https://bugs.webkit.org/show_bug.cgi?id=47666 we rolled back a more strict version of base64 decoding added in https://bugs.webkit.org/show_bug.cgi?id=44261 because the test LayoutTests/editing/undo/orphaned-selection-crash-bug32823-2.html started to fail. As commented here https://bugs.webkit.org/show_bug.cgi?id=47661#c10 the actual problem was not the test but the new code in ResourceHandleSoup.cpp that incorrectly does not finish the load of the dataURL if the base64 decoding fails. We should restore the old strict base64 decoding and gracefully end the load when an error occurs. 294669 1 70846 svillar 2010-10-15 03:19:33 -0700 Created attachment 70846 Fix for the bug This patch both restores the more strict base64 decoding and it also allows ResourceHandleSoup to properly finish the load of the resource when invalid base64 data is provided. 294670 2 svillar 2010-10-15 03:20:19 -0700 Ryosuke might be interested in the fix 294671 3 70846 xan.lopez 2010-10-15 03:23:01 -0700 Comment on attachment 70846 Fix for the bug Looks good to me. 294674 4 70846 commit-queue 2010-10-15 03:39:16 -0700 Comment on attachment 70846 Fix for the bug Clearing flags on attachment: 70846 Committed r69848: <http://trac.webkit.org/changeset/69848> 294675 5 commit-queue 2010-10-15 03:39:21 -0700 All reviewed patches have been landed. Closing bug. 70846 2010-10-15 03:19:33 -0700 2010-10-15 03:39:16 -0700 Fix for the bug 0001-Fix-for-47717.patch text/plain 3214 svillar RnJvbSA4ZTFjOTM4NjU4MGZkYTY5ZGE0ZDkyYjE2YWRiYjhhNjM4N2ExZjNjIE1vbiBTZXAgMTcg MDA6MDA6MDAgMjAwMQpGcm9tOiBTZXJnaW8gVmlsbGFyIFNlbmluIDxzdmlsbGFyQGlnYWxpYS5j b20+CkRhdGU6IEZyaSwgMTUgT2N0IDIwMTAgMTI6MTc6MzIgKzAyMDAKU3ViamVjdDogW1BBVENI XSBGaXggZm9yIDQ3NzE3CgotLS0KIFdlYkNvcmUvQ2hhbmdlTG9nICAgICAgICAgICAgICAgICAg ICAgICAgICAgICAgICAgIHwgICAyMSArKysrKysrKysrKysrKysrKysrKwogLi4uL3BsYXRmb3Jt L25ldHdvcmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAuY3BwICAgfCAgICAyICsKIC4uLi9uZXR3 b3JrL3NvdXAvY2FjaGUvc291cC1yZXF1ZXN0LWRhdGEuYyAgICAgICAgIHwgICAxMiArKysrKysr Ky0tCiAzIGZpbGVzIGNoYW5nZWQsIDMyIGluc2VydGlvbnMoKyksIDMgZGVsZXRpb25zKC0pCgpk aWZmIC0tZ2l0IGEvV2ViQ29yZS9DaGFuZ2VMb2cgYi9XZWJDb3JlL0NoYW5nZUxvZwppbmRleCBj NmFiZDhmLi5iZDI2YTgyIDEwMDY0NAotLS0gYS9XZWJDb3JlL0NoYW5nZUxvZworKysgYi9XZWJD b3JlL0NoYW5nZUxvZwpAQCAtMSwzICsxLDI0IEBACisyMDEwLTEwLTE1ICBTZXJnaW8gVmlsbGFy IFNlbmluICA8c3ZpbGxhckBpZ2FsaWEuY29tPgorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9E WSAoT09QUyEpLgorCisgICAgICAgIFtHVEtdIERvIGEgc3RyaWN0ZXIgY2hlY2sgZm9yIGludmFs aWQgYmFzZTY0IGRhdGFVUkxzCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3df YnVnLmNnaT9pZD00NzcxNworCisgICAgICAgIFJlc3RvcmUgdGhlIHN0cmljdCBiYXNlNjQgZGVj b2Rpbmcgd2UgYWRkZWQgaW4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19i dWcuY2dpP2lkPTQ0MjYxIGFuZCB0aGVuIHJvbGxlZCBiYWNrCisgICAgICAgIGluIGh0dHBzOi8v YnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9pZD00NzY2NiBkdWUgdG8gYSBmYWlsaW5nCisg ICAgICAgIHRlc3QuIFRoZSBhY3R1YWwgaXNzdWUgd2FzIHRoYXQgd2Ugd2VyZSBub3QgZmluaXNo aW5nIHRoZSBsb2FkIG9mCisgICAgICAgIHRoZSByZXNvdXJjZSBncmFjZWZ1bGx5IHdoZW4gYW4g ZXJyb3IgaGFwcGVuZWQuCisKKyAgICAgICAgTG9hZGluZyBpbnZhbGlkIGJhc2U2NC1lbmNvZGVk IGRhdGE6Ly8gVVJMcyBhcmUgbm93IGhhbmRsZWQKKyAgICAgICAgcHJvcGVybHkuCisKKyAgICAg ICAgKiBwbGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNwcDoKKyAgICAg ICAgKFdlYkNvcmU6OnBhcnNlRGF0YVVybCk6CisgICAgICAgICogcGxhdGZvcm0vbmV0d29yay9z b3VwL2NhY2hlL3NvdXAtcmVxdWVzdC1kYXRhLmM6CisgICAgICAgICh3ZWJraXRfc291cF9yZXF1 ZXN0X2RhdGFfc2VuZCk6CisKIDIwMTAtMTAtMTQgIEppYSBQdSAgPGpwdUBhcHBsZS5jb20+CiAK ICAgICAgICAgUmV2aWV3ZWQgYnkgQWRlbGUgUGV0ZXJzb24uCmRpZmYgLS1naXQgYS9XZWJDb3Jl L3BsYXRmb3JtL25ldHdvcmsvc291cC9SZXNvdXJjZUhhbmRsZVNvdXAuY3BwIGIvV2ViQ29yZS9w bGF0Zm9ybS9uZXR3b3JrL3NvdXAvUmVzb3VyY2VIYW5kbGVTb3VwLmNwcAppbmRleCBkNWNiMWRh Li4wZDYyZGU0IDEwMDY0NAotLS0gYS9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9SZXNv dXJjZUhhbmRsZVNvdXAuY3BwCisrKyBiL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9zb3VwL1Jl c291cmNlSGFuZGxlU291cC5jcHAKQEAgLTM0OCwxMiArMzQ4LDE0IEBAIHN0YXRpYyBnYm9vbGVh biBwYXJzZURhdGFVcmwoZ3BvaW50ZXIgY2FsbGJhY2tEYXRhKQogICAgIGQtPm1fc291cFJlcXVl c3QgPSBhZG9wdFBsYXRmb3JtUmVmKHdlYmtpdF9zb3VwX3JlcXVlc3Rlcl9yZXF1ZXN0KGQtPm1f cmVxdWVzdGVyLmdldCgpLCBoYW5kbGUtPmZpcnN0UmVxdWVzdCgpLnVybCgpLnN0cmluZygpLnV0 ZjgoKS5kYXRhKCksIHNlc3Npb24sICZlcnJvci5vdXRQdHIoKSkpOwogICAgIGlmIChlcnJvcikg ewogICAgICAgICBkLT5tX3NvdXBSZXF1ZXN0ID0gMDsKKyAgICAgICAgY2xpZW50LT5kaWRGaW5p c2hMb2FkaW5nKGhhbmRsZSwgMCk7CiAgICAgICAgIHJldHVybiBmYWxzZTsKICAgICB9CiAKICAg ICBkLT5tX2lucHV0U3RyZWFtID0gYWRvcHRQbGF0Zm9ybVJlZih3ZWJraXRfc291cF9yZXF1ZXN0 X3NlbmQoZC0+bV9zb3VwUmVxdWVzdC5nZXQoKSwgMCwgJmVycm9yLm91dFB0cigpKSk7CiAgICAg aWYgKGVycm9yKSB7CiAgICAgICAgIGQtPm1faW5wdXRTdHJlYW0gPSAwOworICAgICAgICBjbGll bnQtPmRpZEZpbmlzaExvYWRpbmcoaGFuZGxlLCAwKTsKICAgICAgICAgcmV0dXJuIGZhbHNlOwog ICAgIH0KIApkaWZmIC0tZ2l0IGEvV2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvY2FjaGUv c291cC1yZXF1ZXN0LWRhdGEuYyBiL1dlYkNvcmUvcGxhdGZvcm0vbmV0d29yay9zb3VwL2NhY2hl L3NvdXAtcmVxdWVzdC1kYXRhLmMKaW5kZXggNDYzZmNlZi4uY2VkNWM0YSAxMDA2NDQKLS0tIGEv V2ViQ29yZS9wbGF0Zm9ybS9uZXR3b3JrL3NvdXAvY2FjaGUvc291cC1yZXF1ZXN0LWRhdGEuYwor KysgYi9XZWJDb3JlL3BsYXRmb3JtL25ldHdvcmsvc291cC9jYWNoZS9zb3VwLXJlcXVlc3QtZGF0 YS5jCkBAIC05OCw5ICs5OCwxNSBAQCB3ZWJraXRfc291cF9yZXF1ZXN0X2RhdGFfc2VuZCAoV2Vi S2l0U291cFJlcXVlc3QgICAqcmVxdWVzdCwKIAkJZ3VjaGFyICpidWY7CiAKIAkJaWYgKGJhc2U2 NCkgewotCQkJYnVmID0gZ19iYXNlNjRfZGVjb2RlIChzdGFydCwgJmRhdGEtPnByaXYtPmNvbnRl bnRfbGVuZ3RoKTsKLQotCQkJaWYgKCFidWYgfHwgZGF0YS0+cHJpdi0+Y29udGVudF9sZW5ndGgg PD0gMCkgeworCQkJaW50IGlubGVuLCBzdGF0ZSA9IDA7CisJCQlndWludCBzYXZlID0gMDsKKwor CQkJaW5sZW4gPSBzdHJsZW4gKHN0YXJ0KTsKKwkJCWJ1ZiA9IGdfbWFsbG9jMCAoaW5sZW4gKiAz IC8gNCArIDMpOworCQkJZGF0YS0+cHJpdi0+Y29udGVudF9sZW5ndGggPQorCQkJCWdfYmFzZTY0 X2RlY29kZV9zdGVwIChzdGFydCwgaW5sZW4sIGJ1ZiwKKwkJCQkJCSAgICAgICZzdGF0ZSwgJnNh dmUpOworCQkJaWYgKHN0YXRlICE9IDApIHsKIAkJCQlnX2ZyZWUgKGJ1Zik7CiAJCQkJZ290byBm YWlsOwogCQkJfQotLSAKMS43LjEKCg==