Bug 187167

Summary: [WinCairo] WebKit MiniBrowser crashes when attempting to navigate to certain URLs
Product: WebKit Reporter: Christopher Reid <chris.reid>
Component: New BugsAssignee: Nobody <webkit-unassigned>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, andersca, bfulgham, commit-queue, don.olmstead, Hironori.Fujii, mcatanzaro, pvollan, rniwa, webkit-bug-importer, ysuzuki
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch for landing
none
Archive of layout-test-results from webkit-cq-03 for mac-sierra none

Description Christopher Reid 2018-06-28 19:16:08 PDT 
It is crashing due to mishandling of buffers when doing string conversion.
Comment 1 Christopher Reid 2018-06-28 19:24:05 PDT 
Created attachment 343887 [details]
Patch
Comment 2 Fujii Hironori 2018-06-28 21:27:57 PDT 
Comment on attachment 343887 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=343887&action=review

I'm not a reviewer. This is an informal review.

> Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:48
> +std::vector<char> toUtf8(const wchar_t* src, size_t srcLength)

Why do you want to use std::vector<char> for utf-8 strings?

> Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:233
> +    SetWindowText(thisWindow.m_urlBarWnd, urlString.data());

Why did you replace c_str with data? Windows API expects a null-terminated string.
Comment 3 Christopher Reid 2018-06-28 22:41:31 PDT 
(In reply to Fujii Hironori from comment #2)
> Comment on attachment 343887 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=343887&action=review
> 
> I'm not a reviewer. This is an informal review.
> 
> > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:48
> > +std::vector<char> toUtf8(const wchar_t* src, size_t srcLength)
> 
> Why do you want to use std::vector<char> for utf-8 strings?

This function was copying the buffer to a std::string just for callers to call c_str() on the returned string.
I wanted to use std::vector here as that copy didn't seem needed.

> > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:233
> > +    SetWindowText(thisWindow.m_urlBarWnd, urlString.data());
> 
> Why did you replace c_str with data? Windows API expects a null-terminated
> string.

Oops right, those ones shouldn't have been changed.
Comment 4 Christopher Reid 2018-06-29 01:32:42 PDT 
Created attachment 343896 [details]
Patch
Comment 5 Fujii Hironori 2018-06-29 02:11:20 PDT 
Super. LGTM.
Comment 6 Anders Carlsson 2018-06-30 08:30:59 PDT 
Comment on attachment 343896 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=343896&action=review

> Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:62
> -    return adoptWK(WKStringCreateWithUTF8CString(utf8.c_str()));
> +    return adoptWK(WKStringCreateWithUTF8CString(utf8.data()));

Pretty sure WKStringCreateWithUTF8CString expects a null terminated string.

> Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:69
> -    return adoptWK(WKURLCreateWithUTF8CString(utf8.c_str()));
> +    return adoptWK(WKURLCreateWithUTF8CString(utf8.data()));

Same here.
Comment 7 Michael Catanzaro 2018-06-30 14:04:25 PDT 
(In reply to Fujii Hironori from comment #2)
> > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:233
> > +    SetWindowText(thisWindow.m_urlBarWnd, urlString.data());
> 
> Why did you replace c_str with data? Windows API expects a null-terminated
> string.

Note that for std::string, c_str() and data() are equivalent since C++ 11 (i.e. data() is now guaranteed to be null-terminated).
Comment 8 Christopher Reid 2018-07-02 14:35:15 PDT 
(In reply to Anders Carlsson from comment #6)
> Comment on attachment 343896 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=343896&action=review
> 
> > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:62
> > -    return adoptWK(WKStringCreateWithUTF8CString(utf8.c_str()));
> > +    return adoptWK(WKStringCreateWithUTF8CString(utf8.data()));
> 
> Pretty sure WKStringCreateWithUTF8CString expects a null terminated string.

I think that's okay, toUtf8() is null terminating the buffer.
Comment 9 Alex Christensen 2018-07-05 10:45:59 PDT 
Comment on attachment 343896 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=343896&action=review

> Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:48
> +std::vector<char> toUtf8(const wchar_t* src, size_t srcLength)

toNullTerminatedUTF8?
Comment 10 Christopher Reid 2018-07-06 13:27:16 PDT 
Created attachment 344449 [details]
Patch for landing
Comment 11 WebKit Commit Bot 2018-07-06 14:34:11 PDT 
Comment on attachment 344449 [details]
Patch for landing

Rejecting attachment 344449 [details] from commit-queue.

New failing tests:
media/media-fullscreen-return-to-inline.html
Full output: https://webkit-queues.webkit.org/results/8459655
Comment 12 WebKit Commit Bot 2018-07-06 14:34:13 PDT 
Created attachment 344455 [details]
Archive of layout-test-results from webkit-cq-03 for mac-sierra

The attached test failures were seen while running run-webkit-tests on the commit-queue.
Bot: webkit-cq-03  Port: mac-sierra  Platform: Mac OS X 10.12.6
Comment 13 WebKit Commit Bot 2018-07-06 19:24:42 PDT 
Comment on attachment 344449 [details]
Patch for landing

Clearing flags on attachment: 344449

Committed r233610: <https://trac.webkit.org/changeset/233610>
Comment 14 WebKit Commit Bot 2018-07-06 19:24:44 PDT 
All reviewed patches have been landed.  Closing bug.
Comment 15 Radar WebKit Bug Importer 2018-07-06 19:26:54 PDT 
<rdar://problem/41918558>