Bug 159663 - [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
Summary: [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Chris Dumez
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2016-07-11 21:32 PDT by Chris Dumez
Modified: 2016-07-12 14:52 PDT (History)
2 users (show)

See Also:

Attachments
Patch (2.03 KB, patch)
2016-07-11 21:34 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (16.93 KB, patch)
2016-07-12 11:37 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Patch (15.58 KB, patch)
2016-07-12 14:14 PDT, Chris Dumez 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Chris Dumez 2016-07-11 21:32:33 PDT 
Protect against bad database data in LocalStorageDatabase::importItems(). We crash if the database contains a null key or a null value so protect against it given that we have evidence it can happen.
Comment 1 Chris Dumez 2016-07-11 21:32:59 PDT 
<rdar://problem/18995873>
Comment 2 Chris Dumez 2016-07-11 21:34:54 PDT 
Created attachment 283386 [details]
Patch
Comment 3 Benjamin Poulain 2016-07-11 23:24:08 PDT 
Comment on attachment 283386 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=283386&action=review

> Source/WebKit2/ChangeLog:3
> +        [WK2] Protect against bad database data in LocalStorageDatabase::importItems()

Why no test? Especially since you can reproduce?
Comment 4 Chris Dumez 2016-07-12 06:57:56 PDT 
(In reply to comment #3)
> Comment on attachment 283386 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=283386&action=review
> 
> > Source/WebKit2/ChangeLog:3
> > +        [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
> 
> Why no test? Especially since you can reproduce?

We do not know how we can end up with null entries in the database. I can reproduce the crash only by using the database a user provided. See radar for more info.
Comment 5 Brady Eidson 2016-07-12 09:47:27 PDT 
(In reply to comment #4)
> (In reply to comment #3)
> > Comment on attachment 283386 [details]
> > Patch
> > 
> > View in context:
> > https://bugs.webkit.org/attachment.cgi?id=283386&action=review
> > 
> > > Source/WebKit2/ChangeLog:3
> > > +        [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
> > 
> > Why no test? Especially since you can reproduce?
> 
> We do not know how we can end up with null entries in the database. I can
> reproduce the crash only by using the database a user provided. See radar
> for more info.

I recently added an API test with bad SQLite database files; It's unknown how to generate those bad SQLite DB files, but it is known what happens once you have them.

So you should actually be able to test this.

Take a look at the API test IDBDeleteRecovery.
Comment 6 Chris Dumez 2016-07-12 10:02:59 PDT 
(In reply to comment #5)
> (In reply to comment #4)
> > (In reply to comment #3)
> > > Comment on attachment 283386 [details]
> > > Patch
> > > 
> > > View in context:
> > > https://bugs.webkit.org/attachment.cgi?id=283386&action=review
> > > 
> > > > Source/WebKit2/ChangeLog:3
> > > > +        [WK2] Protect against bad database data in LocalStorageDatabase::importItems()
> > > 
> > > Why no test? Especially since you can reproduce?
> > 
> > We do not know how we can end up with null entries in the database. I can
> > reproduce the crash only by using the database a user provided. See radar
> > for more info.
> 
> I recently added an API test with bad SQLite database files; It's unknown
> how to generate those bad SQLite DB files, but it is known what happens once
> you have them.
> 
> So you should actually be able to test this.
> 
> Take a look at the API test IDBDeleteRecovery.

Thanks for the info, I am working on it.
Comment 7 Chris Dumez 2016-07-12 11:37:18 PDT 
Created attachment 283435 [details]
Patch
Comment 8 Chris Dumez 2016-07-12 14:14:40 PDT 
Created attachment 283445 [details]
Patch
Comment 9 Chris Dumez 2016-07-12 14:52:05 PDT 
Comment on attachment 283445 [details]
Patch

Clearing flags on attachment: 283445

Committed r203129: <http://trac.webkit.org/changeset/203129>
Comment 10 Chris Dumez 2016-07-12 14:52:10 PDT 
All reviewed patches have been landed.  Closing bug.