Bug 162763

Summary: ASSERTION FAILED: url.containsOnlyASCII() in WebCore::checkEncodedString() when parsing an invalid CSS cursor URL
Product: WebKit Reporter: Andy Estes <aestes>
Component: New BugsAssignee: Andy Estes <aestes>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, commit-queue, darin, sam, simon.fraser, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=141638
Bug Depends on: 170285    
Bug Blocks:    
Attachments:
Description Flags
test case
none
Patch
none
Patch none

Andy Estes
Reported 2016-09-29 18:10:25 PDT
Assertion failures when parsing invalid CSS URLs containing non-ASCII characters
Attachments
test case (245 bytes, text/html)
2016-09-30 15:40 PDT, Andy Estes 		no flags
Details
Patch (11.40 KB, patch)
2016-09-30 18:04 PDT, Andy Estes 		no flags
DetailsFormatted DiffDiff
Patch (11.35 KB, patch)
2016-10-03 12:57 PDT, Andy Estes 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Andy Estes
Comment 1 2016-09-29 18:11:50 PDT
*** This bug has been marked as a duplicate of bug 141638 ***
Andy Estes
Comment 2 2016-09-30 14:49:59 PDT
The test case attached to https://bugs.webkit.org/show_bug.cgi?id=141638 actually demonstrates two issues: 1. CSS URLs with multi-byte Unicode escape sequences fail to parse. 2. Invalid CSS URLs with non-ASCII characters trigger assertions when used with the CSS cursor property. Bug 141638 will track the first issue, and this will track the second.
Radar WebKit Bug Importer
Comment 3 2016-09-30 14:54:27 PDT
<rdar://problem/28572758>
Andy Estes
Comment 4 2016-09-30 15:39:15 PDT
ASSERTION FAILED: url.containsOnlyASCII() /Users/andy/Code/OpenSource/Source/WebCore/platform/URL.cpp(415) : void WebCore::checkEncodedString(const WTF::String &) 1 0x107b2044d WTFCrash 2 0x113a37481 WebCore::checkEncodedString(WTF::String const&) 3 0x113a3004f WebCore::URL::parse(WTF::String const&) 4 0x113a2ff4a WebCore::URL::URL(WebCore::ParsedURLStringTag, WTF::String const&) 5 0x113a30113 WebCore::URL::URL(WebCore::ParsedURLStringTag, WTF::String const&) 6 0x111841ba5 WebCore::CSSCursorImageValue::CSSCursorImageValue(WTF::Ref<WebCore::CSSValue>&&, bool, WebCore::IntPoint const&) 7 0x111841d14 WebCore::CSSCursorImageValue::CSSCursorImageValue(WTF::Ref<WebCore::CSSValue>&&, bool, WebCore::IntPoint const&) 8 0x1118e497b WebCore::CSSCursorImageValue::create(WTF::Ref<WebCore::CSSValue>&&, bool, WebCore::IntPoint const&) 9 0x1118da328 WebCore::CSSParser::parseValue(WebCore::CSSPropertyID, bool) 10 0x1118a7b2d cssyyparse(WebCore::CSSParser*) 11 0x1118d3e03 WebCore::CSSParser::parseSheet(WebCore::StyleSheetContents*, WTF::String const&, WTF::TextPosition const&, WTF::Vector<WTF::Ref<WebCore::CSSRuleSourceData>, 0ul, WTF::CrashOnOverflow, 16ul>*, bool) 12 0x1137993ec WebCore::StyleSheetContents::parseStringAtPosition(WTF::String const&, WTF::TextPosition const&, bool) 13 0x11228022f WebCore::InlineStyleSheetOwner::createSheet(WebCore::Element&, WTF::String const&) 14 0x11227fb14 WebCore::InlineStyleSheetOwner::createSheetFromTextContents(WebCore::Element&) 15 0x11227fceb WebCore::InlineStyleSheetOwner::finishParsingChildren(WebCore::Element&) 16 0x1120ca3a9 WebCore::HTMLStyleElement::finishParsingChildren() 17 0x111fff9d7 WebCore::HTMLElementStack::popCommon() 18 0x11200024b WebCore::HTMLElementStack::pop() 19 0x1120f7496 WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken&) 20 0x1120f4a1d WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&) 21 0x1120f3cd4 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&) 22 0x111fe0501 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&) 23 0x111fe01f3 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&) 24 0x111fdea68 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode) 25 0x111fde5bb WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode) 26 0x111fe1066 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&) 27 0x111a4c782 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&) 28 0x111b86efc WebCore::DocumentWriter::end() 29 0x111b435a6 WebCore::DocumentLoader::finishedLoading(double) 30 0x111b43365 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*) 31 0x11162a39d WebCore::CachedResource::checkNotify()
Andy Estes
Comment 5 2016-09-30 15:40:43 PDT
Created attachment 290400 [details] test case
Andy Estes
Comment 6 2016-09-30 18:04:18 PDT
Created attachment 290415 [details] Patch
youenn fablet
Comment 7 2016-10-01 04:52:13 PDT
Comment on attachment 290415 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=290415&action=review > LayoutTests/ChangeLog:10 > + * platform/mac/fast/css/cursor-with-invalid-url-expected.txt: Added. Shouldn't the expected.txt file be in fast/css?
Andy Estes
Comment 8 2016-10-03 12:54:58 PDT
(In reply to comment #7) > Comment on attachment 290415 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=290415&action=review > > > LayoutTests/ChangeLog:10 > > + * platform/mac/fast/css/cursor-with-invalid-url-expected.txt: Added. > > Shouldn't the expected.txt file be in fast/css? Indeed. Thanks for the review!
Andy Estes
Comment 9 2016-10-03 12:57:27 PDT
Created attachment 290509 [details] Patch
WebKit Commit Bot
Comment 10 2016-10-03 13:30:00 PDT
Comment on attachment 290509 [details] Patch Clearing flags on attachment: 290509 Committed r206744: <http://trac.webkit.org/changeset/206744>
WebKit Commit Bot
Comment 11 2016-10-03 13:30:05 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.