Bug 12111

Summary: Uninitialized variable in -[WebDefaultPolicyDelegate webView:decidePolicyForMIMEType:request:frame:decisionListener:]
Product: WebKit Reporter: Jim Correia <jim.correia>
Component: WebKit Misc.Assignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: ap, ddkilzer, opendarwin
Priority: P2 Keywords: InRadar
Version: 420+   
Hardware: Mac   
OS: OS X 10.4   
Bug Depends on:    
Bug Blocks: 16700    
Attachments:
Description Flags
Patch v1
beidson: review+
Patch v2 (change false to NO) beidson: review+

Jim Correia
Reported 2007-01-04 06:45:56 PST
-[WebDefaultPolicyDelegate webView:decidePolicyForMIMEType:request:frame:decisionListener:] has the following code in its implementation: if ([[request URL] isFileURL]) { BOOL isDirectory; [[NSFileManager defaultManager] fileExistsAtPath:[[request URL] path] isDirectory:&isDirectory]; if (isDirectory) { [listener ignore]; isDirectory is only filled in by the NSFileManager method in the case that the file exists. In all other cases we are using an uninitialized variable. Initializing the variable is sufficient to solve the problem. See also rdar://problem/4908081
Attachments
Patch v1 (1.26 KB, patch)
2007-01-04 23:05 PST, David Kilzer (:ddkilzer) 		beidson: review+
DetailsFormatted DiffDiff
Patch v2 (change false to NO) (1.26 KB, patch)
2007-01-04 23:21 PST, David Kilzer (:ddkilzer) 		beidson: review+
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2007-01-04 11:05:39 PST
(In reply to comment #0) > isDirectory is only filled in by the NSFileManager method in the case that the > file exists. In all other cases we are using an uninitialized variable. > Initializing the variable is sufficient to solve the problem. Does the BOOL type not default to 'false' if not explicitly set?
Alexey Proskuryakov
Comment 2 2007-01-04 11:56:27 PST
Confirmed (automatic BOOL variables aren't automatically initialized). Is this just a potential problem, or there are real life circumstances where the delegate gets called for a non-existent object?
Jim Correia
Comment 3 2007-01-04 14:08:50 PST
Yes, it is a real life problem in my application. (I provided more details in radar, which I realize is only readable by Apple people.) Essentially I'm using a custom URL protocol to load web archives to avoid the problem where WebKit will load the original resource from the network or filesystem (which may no longer exist.) I'm not rewriting the URLs, only providing data, so the web policy delegate will see the original file url which doesn't point to an existing path.
David Kilzer (:ddkilzer)
Comment 4 2007-01-04 23:05:16 PST
Created attachment 12235 [details] Patch v1 The obvious fix.
Brady Eidson
Comment 5 2007-01-04 23:11:42 PST
Comment on attachment 12235 [details] Patch v1 surly you mean "BOOL isDirectory = NO"? otherwise r+
David Kilzer (:ddkilzer)
Comment 6 2007-01-04 23:21:50 PST
Created attachment 12236 [details] Patch v2 (change false to NO) Now with correct-style points!
David Kilzer (:ddkilzer)
Comment 7 2007-01-04 23:38:48 PST
Committed revision 18612.
Jeff Johnson
Comment 8 2008-01-01 14:52:40 PST
This was not a good fix. -[NSFileManager fileExistsAtPath:isDirectory] may or may not modify the variable isDirectory; that's a private implementation detail of NSFileManager. What should be done is to check the return value of [[NSFileManager defaultManager] fileExistsAtPath:[[request URL] path] isDirectory:&isDirectory] before using isDirectory.
David Kilzer (:ddkilzer)
Comment 9 2008-01-01 15:09:07 PST
(In reply to comment #8) > This was not a good fix. -[NSFileManager fileExistsAtPath:isDirectory] may or > may not modify the variable isDirectory; that's a private implementation detail > of NSFileManager. > > What should be done is to check the return value of [[NSFileManager > defaultManager] fileExistsAtPath:[[request URL] path] isDirectory:&isDirectory] > before using isDirectory. Please open a new bug.
David Kilzer (:ddkilzer)
Comment 10 2008-01-01 15:36:37 PST
(In reply to comment #9) > (In reply to comment #8) > > This was not a good fix. -[NSFileManager fileExistsAtPath:isDirectory] may or > > may not modify the variable isDirectory; that's a private implementation detail > > of NSFileManager. > > > > What should be done is to check the return value of [[NSFileManager > > defaultManager] fileExistsAtPath:[[request URL] path] isDirectory:&isDirectory] > > before using isDirectory. > > Please open a new bug. Bug 16700. http://trac.webkit.org/projects/webkit/changeset/18612 http://developer.apple.com/documentation/Cocoa/Reference/Foundation/Classes/NSFileManager_Class/Reference/Reference.html#//apple_ref/occ/instm/NSFileManager/fileExistsAtPath:isDirectory:
Note You need to log in before you can comment on or make changes to this bug.