Bug 20295 - RegularExpression::match should not crash when a null string is passed
Summary: RegularExpression::match should not crash when a null string is passed
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: Text (show other bugs)
Version: 528+ (Nightly build)
Hardware: All All
: P2 Normal
Assignee: Marco Barisione
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-08-06 03:44 PDT by Marco Barisione
Modified: 2008-08-08 02:32 PDT (History)
2 users (show)

See Also:

Attachments
Check for null strings (1.78 KB, patch)
2008-08-06 03:54 PDT, Marco Barisione 		eric: review+
Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marco Barisione 2008-08-06 03:44:21 PDT 
RegularExpression::match() passes a null subject string to jsRegExpExecute causing a crash.

See also bug #19794 for a discussion on this.
Comment 1 Marco Barisione 2008-08-06 03:54:59 PDT 
Created attachment 22675 [details]
Check for null strings
Comment 2 Eric Seidel (no email) 2008-08-06 05:22:20 PDT 
Comment on attachment 22675 [details]
Check for null strings

I found the text "...  with the null string." a bit confusing.  I think that last clause could be removed.   Looks great!
Comment 3 Jan Alonzo 2008-08-06 05:47:17 PDT 
Removed the last clause before landing. Landed in r35601
Comment 4 mitz 2008-08-06 07:30:01 PDT 
How was this being hit? Is it possible to make a test case? In previous occurrences of this crash, the fix was applied at the call site.
Comment 5 Marco Barisione 2008-08-06 07:40:58 PDT 
(In reply to comment #4)
> How was this being hit? Is it possible to make a test case? In previous
> occurrences of this crash, the fix was applied at the call site.

RegularExpression::match is called by DOMImplementation::isXMLMIMEType. Of course the mime type should not be null, this is why I'm also proposing to commit patch #22023 to the CURL backend but IMHO it's a good idea to protect RegularExpression::match from crashing.
If you think that this is not the best idea we could just throw away this patch or I could write a patch to check for null mime types in DOMImplementation::isXMLMIMEType.
Comment 6 Alp Toker 2008-08-08 01:30:28 PDT 
Does a two-line null check need a whole new copyright entry?
Comment 7 Marco Barisione 2008-08-08 02:32:24 PDT 
(In reply to comment #6)
> Does a two-line null check need a whole new copyright entry?

Actually no, I just did that out of habit.