22750 – [gtk] webkit up to r39121 crash on image urls like http:///sitename.com

Bug 22750 - [gtk] webkit up to r39121 crash on image urls like http:///sitename.com

Summary: [gtk] webkit up to r39121 crash on image urls like http:///sitename.com

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	528+ (Nightly build)
Hardware:	PC Linux

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	Gtk

Depends on:
Blocks:

Reported:	2008-12-08 20:27 PST by Alexander Butenko
Modified:	2008-12-31 08:38 PST (History)
CC List:	0 users

See Also:

Attachments
test case (96.93 KB, text/html) 2008-12-08 20:33 PST, Alexander Butenko	no flags	Details
core from webkit-debug (9.65 KB, text/plain) 2008-12-11 13:26 PST, Alexander Butenko	no flags	Details
gdb bt (9.65 KB, text/plain) 2008-12-11 13:26 PST, Alexander Butenko	no flags	Details
gdb run (8.32 KB, text/plain) 2008-12-11 13:27 PST, Alexander Butenko	no flags	Details
new simplified test (29 bytes, text/plain) 2008-12-23 20:58 PST, Alexander Butenko	no flags	Details
patch which fixes a crash (735 bytes, patch) 2008-12-24 09:25 PST, Alexander Butenko	zecke: review-	Details \| Formatted Diff \| Diff
updated patch (1.48 KB, patch) 2008-12-24 18:43 PST, Alexander Butenko	no flags	Details \| Formatted Diff \| Diff
coding style fix (1.46 KB, patch) 2008-12-27 10:39 PST, Alexander Butenko	no flags	Details \| Formatted Diff \| Diff
typo (1.46 KB, patch) 2008-12-27 10:44 PST, Alexander Butenko	zecke: review+	Details \| Formatted Diff \| Diff
Show Obsolete (5) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alexander Butenko 2008-12-08 20:27:54 PST

attached a saved html on which i get repeatable crash with midori-git and webkit-svn. 

File is a wget'ed output of http://cgi.ebay.com/IBM-Lenovo-ThinkPad-X61-C2D-12-1-120GB-3G-HSPDA_W0QQitemZ270313235609QQcmdZViewItemQQptZLaptops_Nov05?hash=item270313235609&_trksid=p3286.c0.m14&_trkparms=72%3A1234%7C66%3A2%7C65%3A12%7C39%3A1%7C240%3A1318%7C301%3A1%7C293%3A1%7C294%3A50

webkit is built with ./configure --with-http-backend=soup --prefix=/usr/ --disable-svg --disable-geolocation --disable-video --enable-optimizations

Comment 1 Alexander Butenko 2008-12-08 20:33:07 PST

Created attachment 25870 [details]
test case

Comment 2 Alexander Butenko 2008-12-11 13:26:29 PST

Created attachment 25959 [details]
core from webkit-debug

Comment 3 Alexander Butenko 2008-12-11 13:26:59 PST

Created attachment 25960 [details]
gdb bt

Comment 4 Alexander Butenko 2008-12-11 13:27:21 PST

Created attachment 25961 [details]
gdb run

Comment 5 Alexander Butenko 2008-12-23 20:57:11 PST

ok. stripped down html source and found where is an issue.

Now, im getting stable crash on a simple html page like:
<img src=http:///google.com>

Three slashes in image url is a cause of a crash.

Comment 6 Alexander Butenko 2008-12-23 20:58:03 PST

Created attachment 26234 [details]
new simplified test

Comment 7 Alexander Butenko 2008-12-24 09:25:18 PST

Created attachment 26238 [details]
patch which fixes a crash

Comment 8 Holger Freyther 2008-12-24 18:04:41 PST

Comment on attachment 26238 [details]
patch which fixes a crash

Please see http://webkit.org/coding/contributing.html and attach a new version with a ChangeLog and an applyable patch.



> --- ResourceHandleSoup.cpp	2008-12-24 13:16:59.000000000 -0400
> +++ ResourceHandleSoup.cpp.new	2008-12-24 13:18:07.000000000 -0400
> @@ -335,7 +335,8 @@
>  
>      if (equalIgnoringCase(protocol, "data"))
>          return startData(urlString);
> -    else if (equalIgnoringCase(protocol, "http") || equalIgnoringCase(protocol, "https"))
> +    else if ( (equalIgnoringCase(protocol, "http") || equalIgnoringCase(protocol, "https") ) &&
> +                SOUP_URI_VALID_FOR_HTTP(soup_uri_new(urlString.utf8().data())))
>          return startHttp(urlString);


why did you decide to do this check here and not within startHttp? Is there anyone else calling startHttp?

Comment 9 Alexander Butenko 2008-12-24 18:27:46 PST

the point of the check here is that once url will not be valid we will fallback to last 'else' to call didFail() without a code duplication. 

I will update patch shortly to include changelog.

Comment 10 Alexander Butenko 2008-12-24 18:43:20 PST

Created attachment 26243 [details]
updated patch

Comment 11 Holger Freyther 2008-12-26 06:50:54 PST

(In reply to comment #10)
> Created an attachment (id=26243) [review]

Okay, I'm convinced that this is the right patch. There is one minor style issue thiugh. Would you mind uploading a new patch without the extra whitespace in the if? WebKit.org has a rather strict CodingStyle.

Comment 12 Alexander Butenko 2008-12-27 10:39:21 PST

Created attachment 26269 [details]
coding style fix

Comment 13 Alexander Butenko 2008-12-27 10:44:31 PST

Created attachment 26270 [details]
typo

Comment 14 Holger Freyther 2008-12-31 06:07:39 PST

Comment on attachment 26270 [details]
typo

thanks.

Comment 15 Holger Freyther 2008-12-31 08:38:03 PST

Landed in r39528.