[SCM] WebKit Debian packaging branch, webkit-1.2, updated. upstream/1.1.90-6072-g9a69373
Gustavo Noronha Silva
gns at gnome.org
Thu Apr 8 02:24:54 UTC 2010
The following commit has been merged in the webkit-1.2 branch:
commit 6a068ec6795b84fddc5b11b7c1efe011d5079821
Author: eric at webkit.org <eric at webkit.org@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Date: Fri Apr 2 00:44:03 2010 +0000
2010-04-01 Chris Evans <cevans at chromium.org>
Reviewed by Adam Barth.
Add test for XSLT NULL crash:
https://bugs.webkit.org/show_bug.cgi?id=36804
* LayoutTests/fast/xsl/xslt-bad-import-uri.html: added
* LayoutTests/fast/xsl/xslt-bad-import-uri-expected.txt: added
* LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xml: added
* LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xsl: added
2010-04-01 Chris Evans <cevans at chromium.org>
Reviewed by Adam Barth.
Fix a NULL pointer crash if @import fails to load a stylesheet.
https://bugs.webkit.org/show_bug.cgi?id=36804
Test: fast/xsl/xslt-bad-import-uri.html
* xml/XSLStyleSheetLibxslt.cpp:
(WebCore::XSLStyleSheet::parseString):
Handle an empty string gracefully. An empty string has a NULL
buffer, which we pass in to xmlCreateMemoryParserCtxt(). It returns
NULL if it is passed a NULL buffer.
In the top-level XSL case, the current code does not crash "by luck"
because the other APIs used can handle a NULL argument. In the
@import case, additional code runs which will deference the NULL.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@56956 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 9f7dbc3..08a3cf2 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2010-04-01 Chris Evans <cevans at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Add test for XSLT NULL crash:
+ https://bugs.webkit.org/show_bug.cgi?id=36804
+
+ * LayoutTests/fast/xsl/xslt-bad-import-uri.html: added
+ * LayoutTests/fast/xsl/xslt-bad-import-uri-expected.txt: added
+ * LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xml: added
+ * LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xsl: added
+
2010-04-01 Chris Fleizach <cfleizach at apple.com>
Reviewed by Beth Dakin.
diff --git a/LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xml b/LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xml
new file mode 100644
index 0000000..4751c19
--- /dev/null
+++ b/LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xml
@@ -0,0 +1,4 @@
+<?xml version='1.0' encoding="UTF-8" ?>
+<?xml-stylesheet type="text/xsl" href="xslt-bad-import-uri.xsl"?>
+<catalog>
+</catalog>
diff --git a/LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xsl b/LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xsl
new file mode 100644
index 0000000..a85512c
--- /dev/null
+++ b/LayoutTests/fast/xsl/resources/xslt-bad-import-uri.xsl
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
+<xsl:import href="nosuchfileatall"/>
+<xsl:template match="/">
+ <xsl:apply-imports/>
+</xsl:template>
+</xsl:stylesheet>
diff --git a/LayoutTests/fast/xsl/xslt-bad-import-uri-expected.txt b/LayoutTests/fast/xsl/xslt-bad-import-uri-expected.txt
new file mode 100644
index 0000000..a62b979
--- /dev/null
+++ b/LayoutTests/fast/xsl/xslt-bad-import-uri-expected.txt
@@ -0,0 +1 @@
+This tests that a bad @import URI does not cause a crash.
diff --git a/LayoutTests/fast/xsl/xslt-bad-import-uri.html b/LayoutTests/fast/xsl/xslt-bad-import-uri.html
new file mode 100644
index 0000000..aa3d991
--- /dev/null
+++ b/LayoutTests/fast/xsl/xslt-bad-import-uri.html
@@ -0,0 +1,18 @@
+<html>
+<head>
+<script>
+if (window.layoutTestController) {
+ layoutTestController.dumpAsText();
+ layoutTestController.waitUntilDone();
+}
+function frameLoaded() {
+ if (window.layoutTestController)
+ layoutTestController.notifyDone();
+}
+</script>
+</head>
+<body>
+This tests that a bad @import URI does not cause a crash.
+<iframe src="resources/xslt-bad-import-uri.xml" onload="frameLoaded()"></iframe>
+</body>
+</html>
diff --git a/WebCore/ChangeLog b/WebCore/ChangeLog
index c58d667..9a1546c 100644
--- a/WebCore/ChangeLog
+++ b/WebCore/ChangeLog
@@ -1,3 +1,22 @@
+2010-04-01 Chris Evans <cevans at chromium.org>
+
+ Reviewed by Adam Barth.
+
+ Fix a NULL pointer crash if @import fails to load a stylesheet.
+
+ https://bugs.webkit.org/show_bug.cgi?id=36804
+
+ Test: fast/xsl/xslt-bad-import-uri.html
+
+ * xml/XSLStyleSheetLibxslt.cpp:
+ (WebCore::XSLStyleSheet::parseString):
+ Handle an empty string gracefully. An empty string has a NULL
+ buffer, which we pass in to xmlCreateMemoryParserCtxt(). It returns
+ NULL if it is passed a NULL buffer.
+ In the top-level XSL case, the current code does not crash "by luck"
+ because the other APIs used can handle a NULL argument. In the
+ @import case, additional code runs which will deference the NULL.
+
2010-04-01 Chris Fleizach <cfleizach at apple.com>
Reviewed by Beth Dakin.
diff --git a/WebCore/xml/XSLStyleSheetLibxslt.cpp b/WebCore/xml/XSLStyleSheetLibxslt.cpp
index dbd806a..cd0a6d4 100644
--- a/WebCore/xml/XSLStyleSheetLibxslt.cpp
+++ b/WebCore/xml/XSLStyleSheetLibxslt.cpp
@@ -154,6 +154,8 @@ bool XSLStyleSheet::parseString(const String& string, bool)
int size = string.length() * sizeof(UChar);
xmlParserCtxtPtr ctxt = xmlCreateMemoryParserCtxt(buffer, size);
+ if (!ctxt)
+ return 0;
if (m_parentStyleSheet) {
// The XSL transform may leave the newly-transformed document
--
WebKit Debian packaging
More information about the Pkg-webkit-commits
mailing list