Crash in WebKitFaviconDatabase when pageURL is unset... moved from https://bugzilla.gnome.org/show_bug.cgi?id=795740. The crash is easy to reproduce when loading https://bugzilla.gnome.org/attachment.cgi?id=371595, but it does not occur when running the same HTML locally. That's weird.
Created attachment 341696 [details] Patch
Thanks for the patch. If this patch contains new public API please make sure it follows the guidelines for new WebKit2 GTK+ API. See http://trac.webkit.org/wiki/WebKitGTK/AddingNewWebKit2API
Comment on attachment 341696 [details] Patch Attachment 341696 [details] did not pass win-ews (win): Output: http://webkit-queues.webkit.org/results/7915536 New failing tests: http/tests/security/canvas-remote-read-remote-video-blocked-no-crossorigin.html
Created attachment 341727 [details] Archive of layout-test-results from ews202 for win-future The attached test failures were seen while running run-webkit-tests on the win-ews. Bot: ews202 Port: win-future Platform: CYGWIN_NT-6.1-2.9.0-0.318-5-3-x86_64-64bit
Comment on attachment 341696 [details] Patch Clearing flags on attachment: 341696 Committed r232397: <https://trac.webkit.org/changeset/232397>
All reviewed patches have been landed. Closing bug.
PS: CVE-2018-11646 was assigned to this.
Please note, the CVE description is: "webkitFaviconDatabaseSetIconForPageURL and webkitFaviconDatabaseSetIconURLForPageURL in UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in Safari Technology Preview Release 57, mishandle an unset pageURL, leading to an application crash." But this code is GLib-specific. It is not built or used by Safari.
(In reply to Michael Catanzaro from comment #8) > But this code is GLib-specific. It is not built or used by Safari. These functions are not built for WPE either, so only WebKitGTK+ is affected.
(In reply to Michael Catanzaro from comment #8) > Please note, the CVE description is: > > "webkitFaviconDatabaseSetIconForPageURL and > webkitFaviconDatabaseSetIconURLForPageURL in > UIProcess/API/glib/WebKitFaviconDatabase.cpp in WebKit, as distributed in > Safari Technology Preview Release 57, mishandle an unset pageURL, leading to > an application crash." > > But this code is GLib-specific. It is not built or used by Safari. I've submitted a description update request to MITRE.