[SCM] WebKit Debian packaging branch, webkit-1.1, updated. upstream/1.1.16-1409-g5afdf4d
ukai at chromium.org
ukai at chromium.org
Thu Dec 3 13:33:21 UTC 2009
The following commit has been merged in the webkit-1.1 branch:
commit 817aadaca2e69380dbafd03bb98cd67c808f8d67
Author: ukai at chromium.org <ukai at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Thu Nov 12 04:17:59 2009 +0000
2009-11-11 Fumitoshi Ukai <ukai at chromium.org>
Reviewed by Alexey Proskuryakov.
Fix WebSocket frame parser of frame_type with high-order bit set.
https://bugs.webkit.org/show_bug.cgi?id=30668
* websocket/tests/frame-length-longer-than-buffer-expected.txt: Added.
* websocket/tests/frame-length-longer-than-buffer.html: Added.
* websocket/tests/frame-length-longer-than-buffer_wsh.py: Added.
* websocket/tests/frame-length-skip-expected.txt: Added.
* websocket/tests/frame-length-skip.html: Added.
* websocket/tests/frame-length-skip_wsh.py: Added.
* websocket/tests/script-tests/frame-length-longer-than-buffer.js: Added.
* websocket/tests/script-tests/frame-length-skip.js: Added.
2009-11-11 Fumitoshi Ukai <ukai at chromium.org>
Reviewed by Alexey Proskuryakov.
Fix WebSocket frame parser of frame_type with high-order bit set.
https://bugs.webkit.org/show_bug.cgi?id=30668
If buffer is smaller than frame's length, it should break the loop
instead of reading next byte.
Tests: websocket/tests/frame-length-longer-than-buffer.html
websocket/tests/frame-length-skip.html
* websockets/WebSocketChannel.cpp:
(WebCore::WebSocketChannel::didReceiveData):
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50862 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index a755f90..e1a7bc6 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,19 @@
+2009-11-11 Fumitoshi Ukai <ukai at chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Fix WebSocket frame parser of frame_type with high-order bit set.
+ https://bugs.webkit.org/show_bug.cgi?id=30668
+
+ * websocket/tests/frame-length-longer-than-buffer-expected.txt: Added.
+ * websocket/tests/frame-length-longer-than-buffer.html: Added.
+ * websocket/tests/frame-length-longer-than-buffer_wsh.py: Added.
+ * websocket/tests/frame-length-skip-expected.txt: Added.
+ * websocket/tests/frame-length-skip.html: Added.
+ * websocket/tests/frame-length-skip_wsh.py: Added.
+ * websocket/tests/script-tests/frame-length-longer-than-buffer.js: Added.
+ * websocket/tests/script-tests/frame-length-skip.js: Added.
+
2009-11-11 Csaba Osztrogonác <ossy at webkit.org>
Put tests into skiplist added in r50830 and r50839 because
diff --git a/LayoutTests/websocket/tests/frame-length-longer-than-buffer-expected.txt b/LayoutTests/websocket/tests/frame-length-longer-than-buffer-expected.txt
new file mode 100644
index 0000000..d9c7e6e
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-longer-than-buffer-expected.txt
@@ -0,0 +1,12 @@
+Make sure WebSocket correctly skip lengthed frame even if received data has incomplete frame.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+WebSocket is open
+received:hello
+1
+PASS areArraysEqual(received_messages, expected_messages) is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/websocket/tests/frame-length-longer-than-buffer.html b/LayoutTests/websocket/tests/frame-length-longer-than-buffer.html
new file mode 100644
index 0000000..a33b742
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-longer-than-buffer.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../fast/js/resources/js-test-post-function.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script src="script-tests/frame-length-longer-than-buffer.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/websocket/tests/frame-length-longer-than-buffer_wsh.py b/LayoutTests/websocket/tests/frame-length-longer-than-buffer_wsh.py
new file mode 100644
index 0000000..8ad868b
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-longer-than-buffer_wsh.py
@@ -0,0 +1,10 @@
+def web_socket_do_extra_handshake(request):
+ pass
+
+def web_socket_transfer_data(request):
+ msg = "\0hello\xff"
+ msg += "\x80\x81\x81"
+ msg += "\x01\xff"
+ msg += "\0should be skipped\xff"
+ request.connection.write(msg)
+ print msg
diff --git a/LayoutTests/websocket/tests/frame-length-skip-expected.txt b/LayoutTests/websocket/tests/frame-length-skip-expected.txt
new file mode 100644
index 0000000..6ce6d0d
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-skip-expected.txt
@@ -0,0 +1,13 @@
+Make sure WebSocket correctly skip lengthed frame.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+WebSocket is open
+received:hello
+received:world
+2
+PASS areArraysEqual(received_messages, expected_messages) is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/websocket/tests/frame-length-skip.html b/LayoutTests/websocket/tests/frame-length-skip.html
new file mode 100644
index 0000000..895617f
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-skip.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../fast/js/resources/js-test-post-function.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script src="script-tests/frame-length-skip.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/websocket/tests/frame-length-skip_wsh.py b/LayoutTests/websocket/tests/frame-length-skip_wsh.py
new file mode 100644
index 0000000..5571691
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-skip_wsh.py
@@ -0,0 +1,11 @@
+def web_socket_do_extra_handshake(request):
+ pass
+
+def web_socket_transfer_data(request):
+ msg = "\0hello\xff"
+ msg += "\x80\x81\x81"
+ msg += "\x01"
+ msg += "\0should be skipped" + (" " * 109) + "\xff"
+ msg += "\0world\xff"
+ request.connection.write(msg)
+ print msg
diff --git a/LayoutTests/websocket/tests/script-tests/frame-length-longer-than-buffer.js b/LayoutTests/websocket/tests/script-tests/frame-length-longer-than-buffer.js
new file mode 100644
index 0000000..78d629c
--- /dev/null
+++ b/LayoutTests/websocket/tests/script-tests/frame-length-longer-than-buffer.js
@@ -0,0 +1,34 @@
+description("Make sure WebSocket correctly skip lengthed frame even if received data has incomplete frame.");
+if (window.layoutTestController)
+ layoutTestController.waitUntilDone();
+
+var received_messages = [];
+var expected_messages = ["hello"];
+function finish() {
+ debug(received_messages.length);
+ for (var i = 0; i < received_messages; i++) {
+ debug("received[" + i + "]=" + received_messages[i]);
+ }
+
+ shouldBeTrue("areArraysEqual(received_messages, expected_messages)");
+
+ isSuccessfullyParsed();
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+var ws = new WebSocket("ws://localhost:8880/websocket/tests/frame-length-longer-than-buffer");
+ws.onopen = function () {
+ debug("WebSocket is open");
+};
+ws.onmessage = function (evt) {
+ debug("received:" + evt.data);
+ received_messages.push(evt.data);
+};
+ws.close = function () {
+ debug("WebSocket is closed");
+ finish();
+};
+setTimeout("finish()", 2000);
+
+var successfullyParsed = true;
diff --git a/LayoutTests/websocket/tests/script-tests/frame-length-skip.js b/LayoutTests/websocket/tests/script-tests/frame-length-skip.js
new file mode 100644
index 0000000..0438796
--- /dev/null
+++ b/LayoutTests/websocket/tests/script-tests/frame-length-skip.js
@@ -0,0 +1,34 @@
+description("Make sure WebSocket correctly skip lengthed frame.");
+if (window.layoutTestController)
+ layoutTestController.waitUntilDone();
+
+var received_messages = [];
+var expected_messages = ["hello", "world"];
+function finish() {
+ debug(received_messages.length);
+ for (var i = 0; i < received_messages; i++) {
+ debug("received[" + i + "]=" + received_messages[i]);
+ }
+
+ shouldBeTrue("areArraysEqual(received_messages, expected_messages)");
+
+ isSuccessfullyParsed();
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+
+var ws = new WebSocket("ws://localhost:8880/websocket/tests/frame-length-skip");
+ws.onopen = function () {
+ debug("WebSocket is open");
+};
+ws.onmessage = function (evt) {
+ debug("received:" + evt.data);
+ received_messages.push(evt.data);
+};
+ws.close = function () {
+ debug("WebSocket is closed");
+ finish();
+};
+setTimeout("finish()", 2000);
+
+var successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 1dbce8d..034a1ae 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2009-11-11 Fumitoshi Ukai <ukai at chromium.org>
+
+ Reviewed by Alexey Proskuryakov.
+
+ Fix WebSocket frame parser of frame_type with high-order bit set.
+ https://bugs.webkit.org/show_bug.cgi?id=30668
+
+ If buffer is smaller than frame's length, it should break the loop
+ instead of reading next byte.
+
+ Tests: websocket/tests/frame-length-longer-than-buffer.html
+ websocket/tests/frame-length-skip.html
+
+ * websockets/WebSocketChannel.cpp:
+ (WebCore::WebSocketChannel::didReceiveData):
+
2009-11-11 Yusuke Sato <yusukes at chromium.org>
Reviewed by Adam Barth.
diff --git a/WebCore/websockets/WebSocketChannel.cpp b/WebCore/websockets/WebSocketChannel.cpp
index e71c0fa..a770262 100644
--- a/WebCore/websockets/WebSocketChannel.cpp
+++ b/WebCore/websockets/WebSocketChannel.cpp
@@ -197,7 +197,8 @@ void WebSocketChannel::didReceiveData(SocketStreamHandle* handle, const char* da
if (p + length < end) {
p += length;
nextFrame = p;
- }
+ } else
+ break;
} else {
const char* msgStart = p;
while (p < end && *p != '\xff')
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list