diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog index 9ddcc655d8ca..0e6a036404e4 100644 --- a/Source/WebCore/ChangeLog +++ b/Source/WebCore/ChangeLog @@ -1,3 +1,18 @@ +2017-08-10 Carlos Garcia Campos + + [GTK] Crashes in WebCore::PasteboardHelper::fillSelectionData when source file of drag is unavailable + https://bugs.webkit.org/show_bug.cgi?id=174161 + + Reviewed by Xabier Rodriguez-Calvar. + + In r219385 we changed the early return in fillSelectionData() to check the selection data length instead of the + data pointer. However, the gtk_selection_data_get_length() can return -1, so we need to check also if the value + less than 0. The case of setting an empty string could be valid depending on the target type, so it's better to + return early only when data lenght is less than 0 and handle the 0 length case in each target. + + * platform/gtk/PasteboardHelper.cpp: + (WebCore::PasteboardHelper::fillSelectionData): + 2017-08-10 Antti Koivisto Text renderer updates should be done by RenderTreeUpdater diff --git a/Source/WebCore/platform/gtk/PasteboardHelper.cpp b/Source/WebCore/platform/gtk/PasteboardHelper.cpp index eeb7cf76868a..d251e6892749 100644 --- a/Source/WebCore/platform/gtk/PasteboardHelper.cpp +++ b/Source/WebCore/platform/gtk/PasteboardHelper.cpp @@ -209,7 +209,7 @@ void PasteboardHelper::fillSelectionData(const SelectionData& selection, unsigne void PasteboardHelper::fillSelectionData(GtkSelectionData* data, unsigned /* info */, SelectionData& selection) { - if (!gtk_selection_data_get_length(data)) + if (gtk_selection_data_get_length(data) < 0) return; GdkAtom target = gtk_selection_data_get_target(data); @@ -228,11 +228,11 @@ void PasteboardHelper::fillSelectionData(GtkSelectionData* data, unsigned /* inf // Give preference to text/uri-list here, as it can hold more // than one URI but still take the label if there is one. - if (!selection.hasURIList()) + if (!selection.hasURIList() && !pieces.isEmpty()) selection.setURIList(pieces[0]); if (pieces.size() > 1) selection.setText(pieces[1]); - } else if (target == unknownAtom) { + } else if (target == unknownAtom && gtk_selection_data_get_length(data)) { GRefPtr variant = g_variant_new_parsed(reinterpret_cast(gtk_selection_data_get_data(data))); GUniqueOutPtr key;