Skip to content
Permalink
Browse files
[curl] Segfault in WebCore::CurlRequest::setupPOST
https://bugs.webkit.org/show_bug.cgi?id=178434

Patch by Basuke Suzuki <Basuke.Suzuki@sony.com> on 2017-10-19
Reviewed by Ryosuke Niwa.

* platform/network/curl/CurlRequest.cpp:
(WebCore::CurlRequest::resolveBlobReferences):
(WebCore::CurlRequest::setupPOST):

Canonical link: https://commits.webkit.org/194701@main
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@223681 268f45cc-cd09-0410-ab3c-d52691b4dbfc
  • Loading branch information
basuke authored and webkit-commit-queue committed Oct 19, 2017
1 parent cf2980e commit b8e5859d9288634386cc1c5a160e3439e0252425
Showing with 20 additions and 5 deletions.
  1. +11 −0 Source/WebCore/ChangeLog
  2. +9 −5 Source/WebCore/platform/network/curl/CurlRequest.cpp
@@ -1,3 +1,14 @@
2017-10-19 Basuke Suzuki <Basuke.Suzuki@sony.com>

[curl] Segfault in WebCore::CurlRequest::setupPOST
https://bugs.webkit.org/show_bug.cgi?id=178434

Reviewed by Ryosuke Niwa.

* platform/network/curl/CurlRequest.cpp:
(WebCore::CurlRequest::resolveBlobReferences):
(WebCore::CurlRequest::setupPOST):

2017-10-18 Ryosuke Niwa <rniwa@webkit.org>

Don't expose raw HTML in pasteboard to the web content
@@ -391,12 +391,12 @@ void CurlRequest::resolveBlobReferences(ResourceRequest& request)
{
ASSERT(isMainThread());

RefPtr<FormData> formData = request.httpBody();
if (!formData)
auto body = request.httpBody();
if (!body || body->isEmpty())
return;

// Resolve the blob elements so the formData can correctly report it's size.
formData = formData->resolveBlobReferences();
RefPtr<FormData> formData = body->resolveBlobReferences();
request.setHTTPBody(WTFMove(formData));
}

@@ -418,13 +418,17 @@ void CurlRequest::setupPOST(ResourceRequest& request)
{
m_curlHandle->enableHttpPostRequest();

auto numElements = request.httpBody()->elements().size();
auto body = request.httpBody();
if (!body || body->isEmpty())
return;

auto numElements = body->elements().size();
if (!numElements)
return;

// Do not stream for simple POST data
if (numElements == 1) {
m_postBuffer = request.httpBody()->flatten();
m_postBuffer = body->flatten();
if (m_postBuffer.size())
m_curlHandle->setPostFields(m_postBuffer.data(), m_postBuffer.size());
} else

0 comments on commit b8e5859

Please sign in to comment.