Bug 162763 - ASSERTION FAILED: url.containsOnlyASCII() in WebCore::checkEncodedString() when parsing an invalid CSS cursor URL
Summary: ASSERTION FAILED: url.containsOnlyASCII() in WebCore::checkEncodedString() wh...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Andy Estes
URL:
Keywords: InRadar
Depends on: 170285
Blocks:
  Show dependency treegraph
 
Reported: 2016-09-29 18:10 PDT by Andy Estes
Modified: 2017-04-03 12:08 PDT (History)
7 users (show)

See Also:

Attachments
test case (245 bytes, text/html)
2016-09-30 15:40 PDT, Andy Estes 		no flags Details
Patch (11.40 KB, patch)
2016-09-30 18:04 PDT, Andy Estes 		no flags Details | Formatted Diff | Diff
Patch (11.35 KB, patch)
2016-10-03 12:57 PDT, Andy Estes 		no flags Details | Formatted Diff | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andy Estes 2016-09-29 18:10:25 PDT 
Assertion failures when parsing invalid CSS URLs containing non-ASCII characters
Comment 1 Andy Estes 2016-09-29 18:11:50 PDT 

*** This bug has been marked as a duplicate of bug 141638 ***
Comment 2 Andy Estes 2016-09-30 14:49:59 PDT 
The test case attached to https://bugs.webkit.org/show_bug.cgi?id=141638 actually demonstrates two issues:

1. CSS URLs with multi-byte Unicode escape sequences fail to parse.
2. Invalid CSS URLs with non-ASCII characters trigger assertions when used with the CSS cursor property.

Bug 141638 will track the first issue, and this will track the second.
Comment 3 Radar WebKit Bug Importer 2016-09-30 14:54:27 PDT 
<rdar://problem/28572758>
Comment 4 Andy Estes 2016-09-30 15:39:15 PDT 
ASSERTION FAILED: url.containsOnlyASCII()
/Users/andy/Code/OpenSource/Source/WebCore/platform/URL.cpp(415) : void WebCore::checkEncodedString(const WTF::String &)
1   0x107b2044d WTFCrash
2   0x113a37481 WebCore::checkEncodedString(WTF::String const&)
3   0x113a3004f WebCore::URL::parse(WTF::String const&)
4   0x113a2ff4a WebCore::URL::URL(WebCore::ParsedURLStringTag, WTF::String const&)
5   0x113a30113 WebCore::URL::URL(WebCore::ParsedURLStringTag, WTF::String const&)
6   0x111841ba5 WebCore::CSSCursorImageValue::CSSCursorImageValue(WTF::Ref<WebCore::CSSValue>&&, bool, WebCore::IntPoint const&)
7   0x111841d14 WebCore::CSSCursorImageValue::CSSCursorImageValue(WTF::Ref<WebCore::CSSValue>&&, bool, WebCore::IntPoint const&)
8   0x1118e497b WebCore::CSSCursorImageValue::create(WTF::Ref<WebCore::CSSValue>&&, bool, WebCore::IntPoint const&)
9   0x1118da328 WebCore::CSSParser::parseValue(WebCore::CSSPropertyID, bool)
10  0x1118a7b2d cssyyparse(WebCore::CSSParser*)
11  0x1118d3e03 WebCore::CSSParser::parseSheet(WebCore::StyleSheetContents*, WTF::String const&, WTF::TextPosition const&, WTF::Vector<WTF::Ref<WebCore::CSSRuleSourceData>, 0ul, WTF::CrashOnOverflow, 16ul>*, bool)
12  0x1137993ec WebCore::StyleSheetContents::parseStringAtPosition(WTF::String const&, WTF::TextPosition const&, bool)
13  0x11228022f WebCore::InlineStyleSheetOwner::createSheet(WebCore::Element&, WTF::String const&)
14  0x11227fb14 WebCore::InlineStyleSheetOwner::createSheetFromTextContents(WebCore::Element&)
15  0x11227fceb WebCore::InlineStyleSheetOwner::finishParsingChildren(WebCore::Element&)
16  0x1120ca3a9 WebCore::HTMLStyleElement::finishParsingChildren()
17  0x111fff9d7 WebCore::HTMLElementStack::popCommon()
18  0x11200024b WebCore::HTMLElementStack::pop()
19  0x1120f7496 WebCore::HTMLTreeBuilder::processEndTag(WebCore::AtomicHTMLToken&)
20  0x1120f4a1d WebCore::HTMLTreeBuilder::processToken(WebCore::AtomicHTMLToken&)
21  0x1120f3cd4 WebCore::HTMLTreeBuilder::constructTree(WebCore::AtomicHTMLToken&)
22  0x111fe0501 WebCore::HTMLDocumentParser::constructTreeFromHTMLToken(WebCore::HTMLTokenizer::TokenPtr&)
23  0x111fe01f3 WebCore::HTMLDocumentParser::pumpTokenizerLoop(WebCore::HTMLDocumentParser::SynchronousMode, bool, WebCore::PumpSession&)
24  0x111fdea68 WebCore::HTMLDocumentParser::pumpTokenizer(WebCore::HTMLDocumentParser::SynchronousMode)
25  0x111fde5bb WebCore::HTMLDocumentParser::pumpTokenizerIfPossible(WebCore::HTMLDocumentParser::SynchronousMode)
26  0x111fe1066 WebCore::HTMLDocumentParser::append(WTF::RefPtr<WTF::StringImpl>&&)
27  0x111a4c782 WebCore::DecodedDataDocumentParser::flush(WebCore::DocumentWriter&)
28  0x111b86efc WebCore::DocumentWriter::end()
29  0x111b435a6 WebCore::DocumentLoader::finishedLoading(double)
30  0x111b43365 WebCore::DocumentLoader::notifyFinished(WebCore::CachedResource*)
31  0x11162a39d WebCore::CachedResource::checkNotify()
Comment 5 Andy Estes 2016-09-30 15:40:43 PDT 
Created attachment 290400 [details]
test case
Comment 6 Andy Estes 2016-09-30 18:04:18 PDT 
Created attachment 290415 [details]
Patch
Comment 7 youenn fablet 2016-10-01 04:52:13 PDT 
Comment on attachment 290415 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=290415&action=review

> LayoutTests/ChangeLog:10
> +        * platform/mac/fast/css/cursor-with-invalid-url-expected.txt: Added.

Shouldn't the expected.txt file be in fast/css?
Comment 8 Andy Estes 2016-10-03 12:54:58 PDT 
(In reply to comment #7)
> Comment on attachment 290415 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=290415&action=review
> 
> > LayoutTests/ChangeLog:10
> > +        * platform/mac/fast/css/cursor-with-invalid-url-expected.txt: Added.
> 
> Shouldn't the expected.txt file be in fast/css?

Indeed. Thanks for the review!
Comment 9 Andy Estes 2016-10-03 12:57:27 PDT 
Created attachment 290509 [details]
Patch
Comment 10 WebKit Commit Bot 2016-10-03 13:30:00 PDT 
Comment on attachment 290509 [details]
Patch

Clearing flags on attachment: 290509

Committed r206744: <http://trac.webkit.org/changeset/206744>
Comment 11 WebKit Commit Bot 2016-10-03 13:30:05 PDT 
All reviewed patches have been landed.  Closing bug.