Bug 184325 - fetch() with subresource integrity crashes on zero length body
Summary: fetch() with subresource integrity crashes on zero length body
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Page Loading (show other bugs)
Version: WebKit Nightly Build
Hardware: All macOS 10.13
: P2 Normal
Assignee: Nobody
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2018-04-04 18:07 PDT by Lars Mikkelsen
Modified: 2018-08-07 16:26 PDT (History)
12 users (show)

See Also:

Attachments
com.apple.WebKit.WebContent.crash (115.44 KB, text/plain)
2018-04-04 18:10 PDT, Lars Mikkelsen 		no flags Details
Patch (2.06 KB, patch)
2018-08-06 08:36 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Patch (5.43 KB, patch)
2018-08-06 23:58 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Archive of layout-test-results from ews100 for mac-sierra (2.29 MB, application/zip)
2018-08-07 01:03 PDT, EWS Watchlist 		no flags Details
Archive of layout-test-results from ews107 for mac-sierra-wk2 (2.79 MB, application/zip)
2018-08-07 01:10 PDT, EWS Watchlist 		no flags Details
Archive of layout-test-results from ews112 for mac-sierra (3.02 MB, application/zip)
2018-08-07 01:37 PDT, EWS Watchlist 		no flags Details
Archive of layout-test-results from ews126 for ios-simulator-wk2 (2.37 MB, application/zip)
2018-08-07 01:50 PDT, EWS Watchlist 		no flags Details
Patch (6.18 KB, patch)
2018-08-07 05:12 PDT, Rob Buis 		no flags Details | Formatted Diff | Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Lars Mikkelsen 2018-04-04 18:07:12 PDT 
If the 'integrity' option is used for the fetch() method it will cause a crash when the response has a zero length body. This is reproducible using:

fetch('https://httpbin.org/bytes/0', {integrity: 'sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='});

This affects at least Safari 11.1, Safari Technology Preview 53, and WebKit r230285.
Comment 1 Lars Mikkelsen 2018-04-04 18:10:29 PDT 
Created attachment 337247 [details]
com.apple.WebKit.WebContent.crash
Comment 2 Radar WebKit Bug Importer 2018-04-07 17:05:22 PDT 
<rdar://problem/39262568>
Comment 3 Rob Buis 2018-08-06 08:36:47 PDT 
Created attachment 346628 [details]
Patch
Comment 4 EWS Watchlist 2018-08-06 10:49:51 PDT 
Attachment 346628 [details] did not pass style-queue:


ERROR: Source/WebCore/ChangeLog:8:  You should remove the 'No new tests' and either add and list tests, or explain why no new tests were possible.  [changelog/nonewtests] [5]
Total errors found: 1 in 2 files


If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 5 Rob Buis 2018-08-06 23:58:49 PDT 
Created attachment 346689 [details]
Patch
Comment 6 EWS Watchlist 2018-08-07 01:03:51 PDT 
Comment on attachment 346689 [details]
Patch

Attachment 346689 [details] did not pass mac-ews (mac):
Output: https://webkit-queues.webkit.org/results/8785226

New failing tests:
http/tests/subresource-integrity/sri-fetch-worker.html
Comment 7 EWS Watchlist 2018-08-07 01:03:53 PDT 
Created attachment 346691 [details]
Archive of layout-test-results from ews100 for mac-sierra

The attached test failures were seen while running run-webkit-tests on the mac-ews.
Bot: ews100  Port: mac-sierra  Platform: Mac OS X 10.12.6
Comment 8 EWS Watchlist 2018-08-07 01:10:00 PDT 
Comment on attachment 346689 [details]
Patch

Attachment 346689 [details] did not pass mac-wk2-ews (mac-wk2):
Output: https://webkit-queues.webkit.org/results/8785244

New failing tests:
http/tests/subresource-integrity/sri-fetch-worker.html
Comment 9 EWS Watchlist 2018-08-07 01:10:01 PDT 
Created attachment 346692 [details]
Archive of layout-test-results from ews107 for mac-sierra-wk2

The attached test failures were seen while running run-webkit-tests on the mac-wk2-ews.
Bot: ews107  Port: mac-sierra-wk2  Platform: Mac OS X 10.12.6
Comment 10 EWS Watchlist 2018-08-07 01:37:29 PDT 
Comment on attachment 346689 [details]
Patch

Attachment 346689 [details] did not pass mac-debug-ews (mac):
Output: https://webkit-queues.webkit.org/results/8785303

New failing tests:
http/tests/subresource-integrity/sri-fetch-worker.html
Comment 11 EWS Watchlist 2018-08-07 01:37:31 PDT 
Created attachment 346694 [details]
Archive of layout-test-results from ews112 for mac-sierra

The attached test failures were seen while running run-webkit-tests on the mac-debug-ews.
Bot: ews112  Port: mac-sierra  Platform: Mac OS X 10.12.6
Comment 12 EWS Watchlist 2018-08-07 01:50:56 PDT 
Comment on attachment 346689 [details]
Patch

Attachment 346689 [details] did not pass ios-sim-ews (ios-simulator-wk2):
Output: https://webkit-queues.webkit.org/results/8785321

New failing tests:
http/tests/subresource-integrity/sri-fetch-worker.html
Comment 13 EWS Watchlist 2018-08-07 01:50:58 PDT 
Created attachment 346696 [details]
Archive of layout-test-results from ews126 for ios-simulator-wk2

The attached test failures were seen while running run-webkit-tests on the ios-sim-ews.
Bot: ews126  Port: ios-simulator-wk2  Platform: Mac OS X 10.13.4
Comment 14 Rob Buis 2018-08-07 05:12:06 PDT 
Created attachment 346705 [details]
Patch
Comment 15 Alex Christensen 2018-08-07 15:59:22 PDT 
Comment on attachment 346705 [details]
Patch

Great!
Comment 16 WebKit Commit Bot 2018-08-07 16:26:54 PDT 
Comment on attachment 346705 [details]
Patch

Clearing flags on attachment: 346705

Committed r234678: <https://trac.webkit.org/changeset/234678>
Comment 17 WebKit Commit Bot 2018-08-07 16:26:56 PDT 
All reviewed patches have been landed.  Closing bug.