RESOLVED FIXED 159663
[WK2] Protect against bad database data in LocalStorageDatabase::importItems() 
https://bugs.webkit.org/show_bug.cgi?id=159663
Summary [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
Chris Dumez
Reported 2016-07-11 21:32:33 PDT
Protect against bad database data in LocalStorageDatabase::importItems(). We crash if the database contains a null key or a null value so protect against it given that we have evidence it can happen.
Attachments
Patch (2.03 KB, patch)
2016-07-11 21:34 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (16.93 KB, patch)
2016-07-12 11:37 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Patch (15.58 KB, patch)
2016-07-12 14:14 PDT, Chris Dumez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Chris Dumez
Comment 1 2016-07-11 21:32:59 PDT
<rdar://problem/18995873>
Chris Dumez
Comment 2 2016-07-11 21:34:54 PDT
Created attachment 283386 [details] Patch
Benjamin Poulain
Comment 3 2016-07-11 23:24:08 PDT
Comment on attachment 283386 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=283386&action=review > Source/WebKit2/ChangeLog:3 > + [WK2] Protect against bad database data in LocalStorageDatabase::importItems() Why no test? Especially since you can reproduce?
Chris Dumez
Comment 4 2016-07-12 06:57:56 PDT
(In reply to comment #3) > Comment on attachment 283386 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=283386&action=review > > > Source/WebKit2/ChangeLog:3 > > + [WK2] Protect against bad database data in LocalStorageDatabase::importItems() > > Why no test? Especially since you can reproduce? We do not know how we can end up with null entries in the database. I can reproduce the crash only by using the database a user provided. See radar for more info.
Brady Eidson
Comment 5 2016-07-12 09:47:27 PDT
(In reply to comment #4) > (In reply to comment #3) > > Comment on attachment 283386 [details] > > Patch > > > > View in context: > > https://bugs.webkit.org/attachment.cgi?id=283386&action=review > > > > > Source/WebKit2/ChangeLog:3 > > > + [WK2] Protect against bad database data in LocalStorageDatabase::importItems() > > > > Why no test? Especially since you can reproduce? > > We do not know how we can end up with null entries in the database. I can > reproduce the crash only by using the database a user provided. See radar > for more info. I recently added an API test with bad SQLite database files; It's unknown how to generate those bad SQLite DB files, but it is known what happens once you have them. So you should actually be able to test this. Take a look at the API test IDBDeleteRecovery.
Chris Dumez
Comment 6 2016-07-12 10:02:59 PDT
(In reply to comment #5) > (In reply to comment #4) > > (In reply to comment #3) > > > Comment on attachment 283386 [details] > > > Patch > > > > > > View in context: > > > https://bugs.webkit.org/attachment.cgi?id=283386&action=review > > > > > > > Source/WebKit2/ChangeLog:3 > > > > + [WK2] Protect against bad database data in LocalStorageDatabase::importItems() > > > > > > Why no test? Especially since you can reproduce? > > > > We do not know how we can end up with null entries in the database. I can > > reproduce the crash only by using the database a user provided. See radar > > for more info. > > I recently added an API test with bad SQLite database files; It's unknown > how to generate those bad SQLite DB files, but it is known what happens once > you have them. > > So you should actually be able to test this. > > Take a look at the API test IDBDeleteRecovery. Thanks for the info, I am working on it.
Chris Dumez
Comment 7 2016-07-12 11:37:18 PDT
Created attachment 283435 [details] Patch
Chris Dumez
Comment 8 2016-07-12 14:14:40 PDT
Created attachment 283445 [details] Patch
Chris Dumez
Comment 9 2016-07-12 14:52:05 PDT
Comment on attachment 283445 [details] Patch Clearing flags on attachment: 283445 Committed r203129: <http://trac.webkit.org/changeset/203129>
Chris Dumez
Comment 10 2016-07-12 14:52:10 PDT
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.