[webkit-changes] [WebKit/WebKit] 2b837e: REGRESSION (257084 at main): Mitigate crashes when ca...

Wenson Hsieh noreply at github.com
Tue Dec 20 12:21:43 PST 2022 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 2b837edd2587d41faa63c8611720ca388405e6fa
      https://github.com/WebKit/WebKit/commit/2b837edd2587d41faa63c8611720ca388405e6fa
  Author: Wenson Hsieh <wenson_hsieh at apple.com>
  Date:   2022-12-20 (Tue, 20 Dec 2022)

  Changed paths:
    M Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
    M Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAlternateHTMLString.mm

  Log Message:
  -----------
  REGRESSION (257084 at main): Mitigate crashes when calling into `WebPageProxy::loadAlternateHTML` with nil data
https://bugs.webkit.org/show_bug.cgi?id=249622
rdar://103459912

Reviewed by Aditya Keerthi.

Prior to the changes in 257084 at main, attempting to call into `WebPageProxy::loadAlternateHTML` with
a nil `NSString` would trigger a load with what was (effectively) empty data, whether it's because
the WebKit client passed in `nil` for the HTML string, or if Foundation returned a nil `NSData` from
`-[NSString dataUsingEncoding:]`, whose return type is a `nullable NSData *`.

After 257084 at main, this now results in a crash underneath `DataSegment::size()` when attempting to
call `CFDataGetLength` on `0x0`, after we send `AddAllowedFirstPartyForCookies` to the network
process and get a response.

While this could potentially be a client error, it's probably a good idea to apply a mitigation
within WebKit in this scenario, since:

-   This keeps behavior in line with shipping WebKit, and
-   `-[NSString dataUsingEncoding:]` is technically allowed to return a `nil` `NSData` from
    nullability annotations, though it's (admittedly) unclear how this would occur when passing in a
    UTF-8 string encoding.

Test: WKWebView.LoadNilAlternateHTMLStringDoesNotCrash

* Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView _loadAlternateHTMLString:baseURL:forUnreachableURL:]):
* Tools/TestWebKitAPI/Tests/WebKitCocoa/LoadAlternateHTMLString.mm:
(TEST):

Canonical link: https://commits.webkit.org/258156@main

More information about the webkit-changes mailing list