Bug 187167

Summary:

[WinCairo] WebKit MiniBrowser crashes when attempting to navigate to certain URLs

Product:

WebKit

Reporter:

Christopher Reid <chris.reid>

Component:

New Bugs

Assignee:

Nobody <webkit-unassigned>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, andersca, bfulgham, commit-queue, don.olmstead, fujii.hironori, mcatanzaro, pvollan, rniwa, webkit-bug-importer, ysuzuki

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch for landing	none
Archive of layout-test-results from webkit-cq-03 for mac-sierra	none

Christopher Reid

Reported 2018-06-28 19:16:08 PDT

It is crashing due to mishandling of buffers when doing string conversion.

Attachments
Patch (4.27 KB, patch) 2018-06-28 19:24 PDT, Christopher Reid	no flags	Details Formatted Diff Diff
Patch (3.13 KB, patch) 2018-06-29 01:32 PDT, Christopher Reid	no flags	Details Formatted Diff Diff
Patch for landing (3.40 KB, patch) 2018-07-06 13:27 PDT, Christopher Reid	no flags	Details Formatted Diff Diff
Archive of layout-test-results from webkit-cq-03 for mac-sierra (2.31 MB, application/zip) 2018-07-06 14:34 PDT, WebKit Commit Bot	no flags	Details
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Christopher Reid

Comment 1 2018-06-28 19:24:05 PDT

Created attachment 343887 [details] Patch

Fujii Hironori

Comment 2 2018-06-28 21:27:57 PDT

Comment on attachment 343887 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=343887&action=review I'm not a reviewer. This is an informal review. > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:48 > +std::vector<char> toUtf8(const wchar_t* src, size_t srcLength) Why do you want to use std::vector<char> for utf-8 strings? > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:233 > + SetWindowText(thisWindow.m_urlBarWnd, urlString.data()); Why did you replace c_str with data? Windows API expects a null-terminated string.

Christopher Reid

Comment 3 2018-06-28 22:41:31 PDT

(In reply to Fujii Hironori from comment #2) > Comment on attachment 343887 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=343887&action=review > > I'm not a reviewer. This is an informal review. > > > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:48 > > +std::vector<char> toUtf8(const wchar_t* src, size_t srcLength) > > Why do you want to use std::vector<char> for utf-8 strings? This function was copying the buffer to a std::string just for callers to call c_str() on the returned string. I wanted to use std::vector here as that copy didn't seem needed. > > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:233 > > + SetWindowText(thisWindow.m_urlBarWnd, urlString.data()); > > Why did you replace c_str with data? Windows API expects a null-terminated > string. Oops right, those ones shouldn't have been changed.

Christopher Reid

Comment 4 2018-06-29 01:32:42 PDT

Created attachment 343896 [details] Patch

Fujii Hironori

Comment 5 2018-06-29 02:11:20 PDT

Super. LGTM.

Anders Carlsson

Comment 6 2018-06-30 08:30:59 PDT

Comment on attachment 343896 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=343896&action=review > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:62 > - return adoptWK(WKStringCreateWithUTF8CString(utf8.c_str())); > + return adoptWK(WKStringCreateWithUTF8CString(utf8.data())); Pretty sure WKStringCreateWithUTF8CString expects a null terminated string. > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:69 > - return adoptWK(WKURLCreateWithUTF8CString(utf8.c_str())); > + return adoptWK(WKURLCreateWithUTF8CString(utf8.data())); Same here.

Michael Catanzaro

Comment 7 2018-06-30 14:04:25 PDT

(In reply to Fujii Hironori from comment #2) > > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:233 > > + SetWindowText(thisWindow.m_urlBarWnd, urlString.data()); > > Why did you replace c_str with data? Windows API expects a null-terminated > string. Note that for std::string, c_str() and data() are equivalent since C++ 11 (i.e. data() is now guaranteed to be null-terminated).

Christopher Reid

Comment 8 2018-07-02 14:35:15 PDT

(In reply to Anders Carlsson from comment #6) > Comment on attachment 343896 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=343896&action=review > > > Tools/MiniBrowser/win/WebKitBrowserWindow.cpp:62 > > - return adoptWK(WKStringCreateWithUTF8CString(utf8.c_str())); > > + return adoptWK(WKStringCreateWithUTF8CString(utf8.data())); > > Pretty sure WKStringCreateWithUTF8CString expects a null terminated string. I think that's okay, toUtf8() is null terminating the buffer.

Alex Christensen

Comment 9 2018-07-05 10:45:59 PDT

Christopher Reid

Comment 10 2018-07-06 13:27:16 PDT

Created attachment 344449 [details] Patch for landing

WebKit Commit Bot

Comment 11 2018-07-06 14:34:11 PDT

Comment on attachment 344449 [details] Patch for landing Rejecting attachment 344449 [details] from commit-queue. New failing tests: media/media-fullscreen-return-to-inline.html Full output: https://webkit-queues.webkit.org/results/8459655

WebKit Commit Bot

Comment 12 2018-07-06 14:34:13 PDT

Created attachment 344455 [details] Archive of layout-test-results from webkit-cq-03 for mac-sierra The attached test failures were seen while running run-webkit-tests on the commit-queue. Bot: webkit-cq-03 Port: mac-sierra Platform: Mac OS X 10.12.6

WebKit Commit Bot

Comment 13 2018-07-06 19:24:42 PDT

Comment on attachment 344449 [details] Patch for landing Clearing flags on attachment: 344449 Committed r233610: <https://trac.webkit.org/changeset/233610>

WebKit Commit Bot

Comment 14 2018-07-06 19:24:44 PDT

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 15 2018-07-06 19:26:54 PDT

<rdar://problem/41918558>

Note You need to log in before you can comment on or make changes to this bug.