-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick 259548.825@safari-7615-branch (9b3d228). rdar://110459666
jsc_fuz/wktr: null ptr deref in WebCore::IDBRequest::dispatchEvent(WebCore::Event&) rdar://110459666 Reviewed by Brady Eidson. Make sure untrusted event does not change the internal state of IDBRequest. Also, move the assert that request must have pending activity when event is being dispatched to a later point, because IDBRequest::dispatchEvent might be invoked from JavaScript code (i.e. request does not actually have pending activity). Test: storage/indexeddb/modern/request-dispatch-untrusted-event.html storage/indexeddb/modern/request-dispatch-untrusted-event-private.html * LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-expected.txt: Added. * LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private-expected.txt: Added. * LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private.html: Added. * LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event.html: Added. * LayoutTests/storage/indexeddb/modern/resources/request-dispatch-untrusted-event.js: Added. (loadImage): (openDatabase): * Source/WebCore/Modules/indexeddb/IDBRequest.cpp: (WebCore::IDBRequest::dispatchEvent): Canonical link: https://commits.webkit.org/259548.825@safari-7615-branch
- Loading branch information
1 parent
77073e6
commit bf79ad4
Showing
6 changed files
with
72 additions
and
4 deletions.
There are no files selected for viewing
11 changes: 11 additions & 0 deletions
11
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
This test verifies dispatching untrusted event should not cause crash. | ||
|
||
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". | ||
|
||
|
||
image = new Image(); | ||
openRequest = indexedDB.open(dbname); | ||
PASS successfullyParsed is true | ||
|
||
TEST COMPLETE | ||
|
11 changes: 11 additions & 0 deletions
11
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
This test verifies dispatching untrusted event should not cause crash. | ||
|
||
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". | ||
|
||
|
||
image = new Image(); | ||
openRequest = indexedDB.open(dbname); | ||
PASS successfullyParsed is true | ||
|
||
TEST COMPLETE | ||
|
10 changes: 10 additions & 0 deletions
10
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event-private.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,10 @@ | ||
<!-- webkit-test-runner [ useEphemeralSession=true ] --> | ||
<html> | ||
<head> | ||
<script src="../../../resources/js-test.js"></script> | ||
<script src="../resources/shared.js"></script> | ||
</head> | ||
<body> | ||
<script src="resources/request-dispatch-untrusted-event.js"></script> | ||
</body> | ||
</html> |
9 changes: 9 additions & 0 deletions
9
LayoutTests/storage/indexeddb/modern/request-dispatch-untrusted-event.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,9 @@ | ||
<html> | ||
<head> | ||
<script src="../../../resources/js-test.js"></script> | ||
<script src="../resources/shared.js"></script> | ||
</head> | ||
<body> | ||
<script src="resources/request-dispatch-untrusted-event.js"></script> | ||
</body> | ||
</html> |
24 changes: 24 additions & 0 deletions
24
LayoutTests/storage/indexeddb/modern/resources/request-dispatch-untrusted-event.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
description("This test verifies dispatching untrusted event should not cause crash."); | ||
|
||
setDBNameFromPath(); | ||
|
||
function loadImage() | ||
{ | ||
evalAndLog("image = new Image();"); | ||
image.onerror = (error) => { | ||
imageError = error; | ||
openDatabase(); | ||
}; | ||
// Generate an error event. | ||
image.src = 'data:'; | ||
} | ||
|
||
function openDatabase() | ||
{ | ||
evalAndLog("openRequest = indexedDB.open(dbname);"); | ||
openRequest.onupgradeneeded = () => { openRequest.dispatchEvent(imageError); }; | ||
// Ensure there is no crash after error event is dispatched. | ||
openRequest.onerror = () => { setTimeout(finishJSTest, 0); }; | ||
} | ||
|
||
loadImage(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters