[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373

Wed Apr 7 23:32:58 UTC 2010

The following commit has been merged in the webkit-1.2 branch:
commit a4bedbb659e2ee9b8286fa29d6314f27ff4447d4
Author: ukai at chromium.org <ukai at chromium.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date:   Thu Nov 12 04:17:59 2009 +0000

    2009-11-11  Fumitoshi Ukai  <ukai at chromium.org>
    
            Reviewed by Alexey Proskuryakov.
    
            Fix WebSocket frame parser of frame_type with high-order bit set.
            https://bugs.webkit.org/show_bug.cgi?id=30668
    
            * websocket/tests/frame-length-longer-than-buffer-expected.txt: Added.
            * websocket/tests/frame-length-longer-than-buffer.html: Added.
            * websocket/tests/frame-length-longer-than-buffer_wsh.py: Added.
            * websocket/tests/frame-length-skip-expected.txt: Added.
            * websocket/tests/frame-length-skip.html: Added.
            * websocket/tests/frame-length-skip_wsh.py: Added.
            * websocket/tests/script-tests/frame-length-longer-than-buffer.js: Added.
            * websocket/tests/script-tests/frame-length-skip.js: Added.
    2009-11-11  Fumitoshi Ukai  <ukai at chromium.org>
    
            Reviewed by Alexey Proskuryakov.
    
            Fix WebSocket frame parser of frame_type with high-order bit set.
            https://bugs.webkit.org/show_bug.cgi?id=30668
    
            If buffer is smaller than frame's length, it should break the loop
            instead of reading next byte.
    
            Tests: websocket/tests/frame-length-longer-than-buffer.html
                   websocket/tests/frame-length-skip.html
    
            * websockets/WebSocketChannel.cpp:
            (WebCore::WebSocketChannel::didReceiveData):
    
    git-svn-id: http://svn.webkit.org/repository/webkit/trunk@50862 268f45cc-cd09-0410-ab3c-d52691b4dbfc

diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index a755f90..e1a7bc6 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,19 @@
+2009-11-11  Fumitoshi Ukai  <ukai at chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Fix WebSocket frame parser of frame_type with high-order bit set.
+        https://bugs.webkit.org/show_bug.cgi?id=30668
+
+        * websocket/tests/frame-length-longer-than-buffer-expected.txt: Added.
+        * websocket/tests/frame-length-longer-than-buffer.html: Added.
+        * websocket/tests/frame-length-longer-than-buffer_wsh.py: Added.
+        * websocket/tests/frame-length-skip-expected.txt: Added.
+        * websocket/tests/frame-length-skip.html: Added.
+        * websocket/tests/frame-length-skip_wsh.py: Added.
+        * websocket/tests/script-tests/frame-length-longer-than-buffer.js: Added.
+        * websocket/tests/script-tests/frame-length-skip.js: Added.
+
 2009-11-11  Csaba Osztrogonác  <ossy at webkit.org>
 
         Put tests into skiplist added in r50830 and r50839 because
diff --git a/LayoutTests/websocket/tests/frame-length-longer-than-buffer-expected.txt b/LayoutTests/websocket/tests/frame-length-longer-than-buffer-expected.txt
new file mode 100644
index 0000000..d9c7e6e
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-longer-than-buffer-expected.txt
@@ -0,0 +1,12 @@
+Make sure WebSocket correctly skip lengthed frame even if received data has incomplete frame.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+WebSocket is open
+received:hello
+1
+PASS areArraysEqual(received_messages, expected_messages) is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/websocket/tests/frame-length-longer-than-buffer.html b/LayoutTests/websocket/tests/frame-length-longer-than-buffer.html
new file mode 100644
index 0000000..a33b742
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-longer-than-buffer.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../fast/js/resources/js-test-post-function.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script src="script-tests/frame-length-longer-than-buffer.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/websocket/tests/frame-length-longer-than-buffer_wsh.py b/LayoutTests/websocket/tests/frame-length-longer-than-buffer_wsh.py
new file mode 100644
index 0000000..8ad868b
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-longer-than-buffer_wsh.py
@@ -0,0 +1,10 @@
+def web_socket_do_extra_handshake(request):
+  pass
+
+def web_socket_transfer_data(request):
+  msg = "\0hello\xff"
+  msg += "\x80\x81\x81"
+  msg += "\x01\xff"
+  msg += "\0should be skipped\xff"
+  request.connection.write(msg)
+  print msg
diff --git a/LayoutTests/websocket/tests/frame-length-skip-expected.txt b/LayoutTests/websocket/tests/frame-length-skip-expected.txt
new file mode 100644
index 0000000..6ce6d0d
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-skip-expected.txt
@@ -0,0 +1,13 @@
+Make sure WebSocket correctly skip lengthed frame.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+WebSocket is open
+received:hello
+received:world
+2
+PASS areArraysEqual(received_messages, expected_messages) is true
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
diff --git a/LayoutTests/websocket/tests/frame-length-skip.html b/LayoutTests/websocket/tests/frame-length-skip.html
new file mode 100644
index 0000000..895617f
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-skip.html
@@ -0,0 +1,13 @@
+<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML//EN">
+<html>
+<head>
+<link rel="stylesheet" href="../../fast/js/resources/js-test-style.css">
+<script src="../../fast/js/resources/js-test-pre.js"></script>
+<script src="../../fast/js/resources/js-test-post-function.js"></script>
+</head>
+<body>
+<div id="description"></div>
+<div id="console"></div>
+<script src="script-tests/frame-length-skip.js"></script>
+</body>
+</html>
diff --git a/LayoutTests/websocket/tests/frame-length-skip_wsh.py b/LayoutTests/websocket/tests/frame-length-skip_wsh.py
new file mode 100644
index 0000000..5571691
--- /dev/null
+++ b/LayoutTests/websocket/tests/frame-length-skip_wsh.py
@@ -0,0 +1,11 @@
+def web_socket_do_extra_handshake(request):
+  pass
+
+def web_socket_transfer_data(request):
+  msg = "\0hello\xff"
+  msg += "\x80\x81\x81"
+  msg += "\x01"
+  msg += "\0should be skipped" + (" " * 109) + "\xff"
+  msg += "\0world\xff"
+  request.connection.write(msg)
+  print msg
diff --git a/LayoutTests/websocket/tests/script-tests/frame-length-longer-than-buffer.js b/LayoutTests/websocket/tests/script-tests/frame-length-longer-than-buffer.js
new file mode 100644
index 0000000..78d629c
--- /dev/null
+++ b/LayoutTests/websocket/tests/script-tests/frame-length-longer-than-buffer.js
@@ -0,0 +1,34 @@
+description("Make sure WebSocket correctly skip lengthed frame even if received data has incomplete frame.");
+if (window.layoutTestController)
+    layoutTestController.waitUntilDone();
+
+var received_messages = [];
+var expected_messages = ["hello"];
+function finish() {
+    debug(received_messages.length);
+    for (var i = 0; i < received_messages; i++) {
+        debug("received[" + i + "]=" + received_messages[i]);
+    }
+
+    shouldBeTrue("areArraysEqual(received_messages, expected_messages)");
+
+    isSuccessfullyParsed();
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var ws = new WebSocket("ws://localhost:8880/websocket/tests/frame-length-longer-than-buffer");
+ws.onopen = function () {
+    debug("WebSocket is open");
+};
+ws.onmessage = function (evt) {
+    debug("received:" + evt.data);
+    received_messages.push(evt.data);
+};
+ws.close = function () {
+    debug("WebSocket is closed");
+    finish();
+};
+setTimeout("finish()", 2000);
+
+var successfullyParsed = true;
diff --git a/LayoutTests/websocket/tests/script-tests/frame-length-skip.js b/LayoutTests/websocket/tests/script-tests/frame-length-skip.js
new file mode 100644
index 0000000..0438796
--- /dev/null
+++ b/LayoutTests/websocket/tests/script-tests/frame-length-skip.js
@@ -0,0 +1,34 @@
+description("Make sure WebSocket correctly skip lengthed frame.");
+if (window.layoutTestController)
+    layoutTestController.waitUntilDone();
+
+var received_messages = [];
+var expected_messages = ["hello", "world"];
+function finish() {
+    debug(received_messages.length);
+    for (var i = 0; i < received_messages; i++) {
+        debug("received[" + i + "]=" + received_messages[i]);
+    }
+
+    shouldBeTrue("areArraysEqual(received_messages, expected_messages)");
+
+    isSuccessfullyParsed();
+    if (window.layoutTestController)
+        layoutTestController.notifyDone();
+}
+
+var ws = new WebSocket("ws://localhost:8880/websocket/tests/frame-length-skip");
+ws.onopen = function () {
+    debug("WebSocket is open");
+};
+ws.onmessage = function (evt) {
+    debug("received:" + evt.data);
+    received_messages.push(evt.data);
+};
+ws.close = function () {
+    debug("WebSocket is closed");
+    finish();
+};
+setTimeout("finish()", 2000);
+
+var successfullyParsed = true;
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index 1dbce8d..034a1ae 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,19 @@
+2009-11-11  Fumitoshi Ukai  <ukai at chromium.org>
+
+        Reviewed by Alexey Proskuryakov.
+
+        Fix WebSocket frame parser of frame_type with high-order bit set.
+        https://bugs.webkit.org/show_bug.cgi?id=30668
+
+        If buffer is smaller than frame's length, it should break the loop
+        instead of reading next byte.
+
+        Tests: websocket/tests/frame-length-longer-than-buffer.html
+               websocket/tests/frame-length-skip.html
+
+        * websockets/WebSocketChannel.cpp:
+        (WebCore::WebSocketChannel::didReceiveData):
+
 2009-11-11  Yusuke Sato  <yusukes at chromium.org>
 
         Reviewed by Adam Barth.
diff --git a/WebCore/websockets/WebSocketChannel.cpp b/WebCore/websockets/WebSocketChannel.cpp
index e71c0fa..a770262 100644
--- a/WebCore/websockets/WebSocketChannel.cpp
+++ b/WebCore/websockets/WebSocketChannel.cpp
@@ -197,7 +197,8 @@ void WebSocketChannel::didReceiveData(SocketStreamHandle* handle, const char* da
             if (p + length < end) {
                 p += length;
                 nextFrame = p;
-            }
+            } else
+                break;
         } else {
             const char* msgStart = p;
             while (p < end && *p != '\xff')

-- 
WebKit Debian packaging

