<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[193830] trunk</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/193830">193830</a></dd>
<dt>Author</dt> <dd>mario@webkit.org</dd>
<dt>Date</dt> <dd>2015-12-09 06:52:46 -0800 (Wed, 09 Dec 2015)</dd>
</dl>
<h3>Log Message</h3>
<pre>[GTK] Crash in WebProcess when loading large content with custom URI schemes
https://bugs.webkit.org/show_bug.cgi?id=144262
Reviewed by Carlos Garcia Campos.
Source/WebKit2:
Properly handle scenarios where errors happen after reading the first
chunk of data coming from the GInputStream provided by the application.
* UIProcess/API/gtk/WebKitWebContextPrivate.h:
* UIProcess/API/gtk/WebKitWebContext.cpp:
(webkitWebContextIsLoadingCustomProtocol): New, checks whether a load
is still in progress, after the startLoading method has been called.
* UIProcess/API/gtk/WebKitURISchemeRequest.cpp:
(webkitURISchemeRequestReadCallback): Early return if the stream has been
cancelled on finish_error, so that we make sure we don't keep on reading
the GInputStream after that point.
(webkit_uri_scheme_request_finish_error): Don't send a didFailWithError
message to the Network process if the load is not longer in progress.
* Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp:
(WebKit::CustomProtocolManagerImpl::didFailWithError): Handle the case where
an error is notified from the UI process after the first chunk has been read.
(WebKit::CustomProtocolManagerImpl::didReceiveResponse): Handle the case where
data might no longer be available if an error happened even before this point.
* WebProcess/soup/WebKitSoupRequestInputStream.h:
* WebProcess/soup/WebKitSoupRequestInputStream.cpp:
(webkitSoupRequestInputStreamDidFailWithError): Notify the custom GInputStream
that we no longer want to keep reading data in chunks due to a specific error.
(webkitSoupRequestInputStreamReadAsync): Early finish the GTask with a specific
error whenever webkitSoupRequestInputStreamDidFailWithError() has been called.
Tools:
Added new unit test to check the additional scenarios we now
handle for custom URI schemes.
* TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebContext.cpp:
(generateHTMLContent): New helper function to generate big enough content.
(testWebContextURIScheme): New unit test.</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebKit2ChangeLog">trunk/Source/WebKit2/ChangeLog</a></li>
<li><a href="#trunkSourceWebKit2SharedNetworkCustomProtocolssoupCustomProtocolManagerImplcpp">trunk/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPIgtkWebKitURISchemeRequestcpp">trunk/Source/WebKit2/UIProcess/API/gtk/WebKitURISchemeRequest.cpp</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPIgtkWebKitWebContextcpp">trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp</a></li>
<li><a href="#trunkSourceWebKit2UIProcessAPIgtkWebKitWebContextPrivateh">trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebContextPrivate.h</a></li>
<li><a href="#trunkSourceWebKit2WebProcesssoupWebKitSoupRequestInputStreamcpp">trunk/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.cpp</a></li>
<li><a href="#trunkSourceWebKit2WebProcesssoupWebKitSoupRequestInputStreamh">trunk/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.h</a></li>
<li><a href="#trunkToolsChangeLog">trunk/Tools/ChangeLog</a></li>
<li><a href="#trunkToolsTestWebKitAPITestsWebKit2GtkTestWebKitWebContextcpp">trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebContext.cpp</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebKit2ChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/ChangeLog (193829 => 193830)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/ChangeLog 2015-12-09 14:46:11 UTC (rev 193829)
+++ trunk/Source/WebKit2/ChangeLog 2015-12-09 14:52:46 UTC (rev 193830)
</span><span class="lines">@@ -1,3 +1,35 @@
</span><ins>+2015-12-09 Mario Sanchez Prada <mario@endlessm.com>
+
+ [GTK] Crash in WebProcess when loading large content with custom URI schemes
+ https://bugs.webkit.org/show_bug.cgi?id=144262
+
+ Reviewed by Carlos Garcia Campos.
+
+ Properly handle scenarios where errors happen after reading the first
+ chunk of data coming from the GInputStream provided by the application.
+
+ * UIProcess/API/gtk/WebKitWebContextPrivate.h:
+ * UIProcess/API/gtk/WebKitWebContext.cpp:
+ (webkitWebContextIsLoadingCustomProtocol): New, checks whether a load
+ is still in progress, after the startLoading method has been called.
+ * UIProcess/API/gtk/WebKitURISchemeRequest.cpp:
+ (webkitURISchemeRequestReadCallback): Early return if the stream has been
+ cancelled on finish_error, so that we make sure we don't keep on reading
+ the GInputStream after that point.
+ (webkit_uri_scheme_request_finish_error): Don't send a didFailWithError
+ message to the Network process if the load is not longer in progress.
+ * Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp:
+ (WebKit::CustomProtocolManagerImpl::didFailWithError): Handle the case where
+ an error is notified from the UI process after the first chunk has been read.
+ (WebKit::CustomProtocolManagerImpl::didReceiveResponse): Handle the case where
+ data might no longer be available if an error happened even before this point.
+ * WebProcess/soup/WebKitSoupRequestInputStream.h:
+ * WebProcess/soup/WebKitSoupRequestInputStream.cpp:
+ (webkitSoupRequestInputStreamDidFailWithError): Notify the custom GInputStream
+ that we no longer want to keep reading data in chunks due to a specific error.
+ (webkitSoupRequestInputStreamReadAsync): Early finish the GTask with a specific
+ error whenever webkitSoupRequestInputStreamDidFailWithError() has been called.
+
</ins><span class="cx"> 2015-12-09 Ryuan Choi <ryuan.choi@navercorp.com>
</span><span class="cx">
</span><span class="cx"> [CoordinatedGraphics][EFL] Fix unhandled web process message when launching MiniBrowser
</span></span></pre></div>
<a id="trunkSourceWebKit2SharedNetworkCustomProtocolssoupCustomProtocolManagerImplcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp (193829 => 193830)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp 2015-12-09 14:46:11 UTC (rev 193829)
+++ trunk/Source/WebKit2/Shared/Network/CustomProtocols/soup/CustomProtocolManagerImpl.cpp 2015-12-09 14:52:46 UTC (rev 193830)
</span><span class="lines">@@ -116,11 +116,18 @@
</span><span class="cx"> WebSoupRequestAsyncData* data = m_customProtocolMap.get(customProtocolID);
</span><span class="cx"> ASSERT(data);
</span><span class="cx">
</span><del>- GRefPtr<GTask> task = data->releaseTask();
- ASSERT(task.get());
- g_task_return_new_error(task.get(), g_quark_from_string(error.domain().utf8().data()),
- error.errorCode(), "%s", error.localizedDescription().utf8().data());
</del><ins>+ // Either we haven't started reading the stream yet, in which case we need to complete the
+ // task first, or we failed reading it and the task was already completed by didLoadData().
+ ASSERT(!data->stream || !data->task);
</ins><span class="cx">
</span><ins>+ if (!data->stream) {
+ GRefPtr<GTask> task = data->releaseTask();
+ ASSERT(task.get());
+ g_task_return_new_error(task.get(), g_quark_from_string(error.domain().utf8().data()),
+ error.errorCode(), "%s", error.localizedDescription().utf8().data());
+ } else
+ webkitSoupRequestInputStreamDidFailWithError(WEBKIT_SOUP_REQUEST_INPUT_STREAM(data->stream.get()), error);
+
</ins><span class="cx"> m_customProtocolMap.remove(customProtocolID);
</span><span class="cx"> }
</span><span class="cx">
</span><span class="lines">@@ -170,7 +177,10 @@
</span><span class="cx"> void CustomProtocolManagerImpl::didReceiveResponse(uint64_t customProtocolID, const WebCore::ResourceResponse& response)
</span><span class="cx"> {
</span><span class="cx"> WebSoupRequestAsyncData* data = m_customProtocolMap.get(customProtocolID);
</span><del>- ASSERT(data);
</del><ins>+ // The data might have been removed from the request map if an error happened even before this point.
+ if (!data)
+ return;
+
</ins><span class="cx"> ASSERT(data->task);
</span><span class="cx">
</span><span class="cx"> WebKitSoupRequestGeneric* request = WEBKIT_SOUP_REQUEST_GENERIC(g_task_get_source_object(data->task));
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPIgtkWebKitURISchemeRequestcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/gtk/WebKitURISchemeRequest.cpp (193829 => 193830)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/gtk/WebKitURISchemeRequest.cpp 2015-12-09 14:46:11 UTC (rev 193829)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/WebKitURISchemeRequest.cpp 2015-12-09 14:52:46 UTC (rev 193830)
</span><span class="lines">@@ -166,6 +166,11 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ // Need to check the stream before proceeding as it can be cancelled if finish_error
+ // was previously call, which won't be detected by g_input_stream_read_finish().
+ if (!request->priv->stream)
+ return;
+
</ins><span class="cx"> WebKitURISchemeRequestPrivate* priv = request->priv;
</span><span class="cx"> Ref<API::Data> webData = API::Data::create(reinterpret_cast<const unsigned char*>(priv->readBuffer), bytesRead);
</span><span class="cx"> if (!priv->bytesRead) {
</span><span class="lines">@@ -230,7 +235,10 @@
</span><span class="cx"> g_return_if_fail(error);
</span><span class="cx">
</span><span class="cx"> WebKitURISchemeRequestPrivate* priv = request->priv;
</span><ins>+ if (!webkitWebContextIsLoadingCustomProtocol(priv->webContext, priv->requestID))
+ return;
</ins><span class="cx">
</span><ins>+ priv->stream = nullptr;
</ins><span class="cx"> WebCore::ResourceError resourceError(g_quark_to_string(error->domain), toWebCoreError(error->code), priv->uri.data(), String::fromUTF8(error->message));
</span><span class="cx"> priv->webRequestManager->didFailWithError(priv->requestID, resourceError);
</span><span class="cx"> webkitWebContextDidFinishLoadingCustomProtocol(priv->webContext, priv->requestID);
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPIgtkWebKitWebContextcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp (193829 => 193830)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp 2015-12-09 14:46:11 UTC (rev 193829)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebContext.cpp 2015-12-09 14:52:46 UTC (rev 193830)
</span><span class="lines">@@ -1294,6 +1294,11 @@
</span><span class="cx"> context->priv->uriSchemeRequests.remove(customProtocolID);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+bool webkitWebContextIsLoadingCustomProtocol(WebKitWebContext* context, uint64_t customProtocolID)
+{
+ return context->priv->uriSchemeRequests.get(customProtocolID);
+}
+
</ins><span class="cx"> void webkitWebContextCreatePageForWebView(WebKitWebContext* context, WebKitWebView* webView, WebKitUserContentManager* userContentManager, WebKitWebView* relatedView)
</span><span class="cx"> {
</span><span class="cx"> WebKitWebViewBase* webViewBase = WEBKIT_WEB_VIEW_BASE(webView);
</span></span></pre></div>
<a id="trunkSourceWebKit2UIProcessAPIgtkWebKitWebContextPrivateh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebContextPrivate.h (193829 => 193830)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebContextPrivate.h 2015-12-09 14:46:11 UTC (rev 193829)
+++ trunk/Source/WebKit2/UIProcess/API/gtk/WebKitWebContextPrivate.h 2015-12-09 14:52:46 UTC (rev 193830)
</span><span class="lines">@@ -42,6 +42,7 @@
</span><span class="cx"> void webkitWebContextStartLoadingCustomProtocol(WebKitWebContext*, uint64_t customProtocolID, API::URLRequest*);
</span><span class="cx"> void webkitWebContextStopLoadingCustomProtocol(WebKitWebContext*, uint64_t customProtocolID);
</span><span class="cx"> void webkitWebContextDidFinishLoadingCustomProtocol(WebKitWebContext*, uint64_t customProtocolID);
</span><ins>+bool webkitWebContextIsLoadingCustomProtocol(WebKitWebContext*, uint64_t customProtocolID);
</ins><span class="cx"> void webkitWebContextCreatePageForWebView(WebKitWebContext*, WebKitWebView*, WebKitUserContentManager*, WebKitWebView*);
</span><span class="cx"> void webkitWebContextWebViewDestroyed(WebKitWebContext*, WebKitWebView*);
</span><span class="cx"> WebKitWebView* webkitWebContextGetWebViewForPage(WebKitWebContext*, WebKit::WebPageProxy*);
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcesssoupWebKitSoupRequestInputStreamcpp"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.cpp (193829 => 193830)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.cpp 2015-12-09 14:46:11 UTC (rev 193829)
+++ trunk/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.cpp 2015-12-09 14:52:46 UTC (rev 193830)
</span><span class="lines">@@ -23,6 +23,7 @@
</span><span class="cx"> #include <wtf/Lock.h>
</span><span class="cx"> #include <wtf/Threading.h>
</span><span class="cx"> #include <wtf/glib/GRefPtr.h>
</span><ins>+#include <wtf/glib/GUniquePtr.h>
</ins><span class="cx">
</span><span class="cx"> struct AsyncReadData {
</span><span class="cx"> AsyncReadData(GTask* task, void* buffer, gsize count)
</span><span class="lines">@@ -42,6 +43,8 @@
</span><span class="cx"> uint64_t bytesReceived;
</span><span class="cx"> uint64_t bytesRead;
</span><span class="cx">
</span><ins>+ GUniquePtr<GError> error;
+
</ins><span class="cx"> Lock readLock;
</span><span class="cx"> std::unique_ptr<AsyncReadData> pendingAsyncRead;
</span><span class="cx"> };
</span><span class="lines">@@ -92,6 +95,11 @@
</span><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ if (stream->priv->error.get()) {
+ g_task_return_error(task.get(), stream->priv->error.release());
+ return;
+ }
+
</ins><span class="cx"> if (webkitSoupRequestInputStreamHasDataToRead(stream)) {
</span><span class="cx"> webkitSoupRequestInputStreamReadAsyncResultComplete(task.get(), buffer, count);
</span><span class="cx"> return;
</span><span class="lines">@@ -163,6 +171,18 @@
</span><span class="cx"> webkitSoupRequestInputStreamPendingReadAsyncComplete(stream);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+void webkitSoupRequestInputStreamDidFailWithError(WebKitSoupRequestInputStream* stream, const WebCore::ResourceError& resourceError)
+{
+ GUniquePtr<GError> error(g_error_new(g_quark_from_string(resourceError.domain().utf8().data()), resourceError.errorCode(), "%s", resourceError.localizedDescription().utf8().data()));
+ if (stream->priv->pendingAsyncRead) {
+ AsyncReadData* data = stream->priv->pendingAsyncRead.get();
+ g_task_return_error(data->task.get(), error.release());
+ } else {
+ stream->priv->contentLength = stream->priv->bytesReceived;
+ stream->priv->error = WTF::move(error);
+ }
+}
+
</ins><span class="cx"> bool webkitSoupRequestInputStreamFinished(WebKitSoupRequestInputStream* stream)
</span><span class="cx"> {
</span><span class="cx"> return !webkitSoupRequestInputStreamIsWaitingForData(stream);
</span></span></pre></div>
<a id="trunkSourceWebKit2WebProcesssoupWebKitSoupRequestInputStreamh"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.h (193829 => 193830)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.h 2015-12-09 14:46:11 UTC (rev 193829)
+++ trunk/Source/WebKit2/WebProcess/soup/WebKitSoupRequestInputStream.h 2015-12-09 14:52:46 UTC (rev 193830)
</span><span class="lines">@@ -20,6 +20,7 @@
</span><span class="cx"> #ifndef WebKitSoupRequestInputStream_h
</span><span class="cx"> #define WebKitSoupRequestInputStream_h
</span><span class="cx">
</span><ins>+#include <WebCore/ResourceError.h>
</ins><span class="cx"> #include <gio/gio.h>
</span><span class="cx">
</span><span class="cx"> G_BEGIN_DECLS
</span><span class="lines">@@ -48,6 +49,7 @@
</span><span class="cx"> GType webkit_soup_request_input_stream_get_type();
</span><span class="cx"> GInputStream* webkitSoupRequestInputStreamNew(uint64_t contentLength);
</span><span class="cx"> void webkitSoupRequestInputStreamAddData(WebKitSoupRequestInputStream*, const void* data, size_t dataLength);
</span><ins>+void webkitSoupRequestInputStreamDidFailWithError(WebKitSoupRequestInputStream*, const WebCore::ResourceError&);
</ins><span class="cx"> bool webkitSoupRequestInputStreamFinished(WebKitSoupRequestInputStream*);
</span><span class="cx">
</span><span class="cx"> G_END_DECLS
</span></span></pre></div>
<a id="trunkToolsChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Tools/ChangeLog (193829 => 193830)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/ChangeLog 2015-12-09 14:46:11 UTC (rev 193829)
+++ trunk/Tools/ChangeLog 2015-12-09 14:52:46 UTC (rev 193830)
</span><span class="lines">@@ -1,3 +1,17 @@
</span><ins>+2015-12-09 Mario Sanchez Prada <mario@endlessm.com>
+
+ [GTK] Crash in WebProcess when loading large content with custom URI schemes
+ https://bugs.webkit.org/show_bug.cgi?id=144262
+
+ Reviewed by Carlos Garcia Campos.
+
+ Added new unit test to check the additional scenarios we now
+ handle for custom URI schemes.
+
+ * TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebContext.cpp:
+ (generateHTMLContent): New helper function to generate big enough content.
+ (testWebContextURIScheme): New unit test.
+
</ins><span class="cx"> 2015-12-09 Ryuan Choi <ryuan.choi@navercorp.com>
</span><span class="cx">
</span><span class="cx"> [EFL] Fix unhandled web process message when launching MiniBrowser
</span></span></pre></div>
<a id="trunkToolsTestWebKitAPITestsWebKit2GtkTestWebKitWebContextcpp"></a>
<div class="modfile"><h4>Modified: trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebContext.cpp (193829 => 193830)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebContext.cpp 2015-12-09 14:46:11 UTC (rev 193829)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKit2Gtk/TestWebKitWebContext.cpp 2015-12-09 14:52:46 UTC (rev 193830)
</span><span class="lines">@@ -26,6 +26,7 @@
</span><span class="cx"> #include <wtf/HashMap.h>
</span><span class="cx"> #include <wtf/glib/GRefPtr.h>
</span><span class="cx"> #include <wtf/glib/GUniquePtr.h>
</span><ins>+#include <wtf/text/StringBuilder.h>
</ins><span class="cx"> #include <wtf/text/StringHash.h>
</span><span class="cx">
</span><span class="cx"> static WebKitTestServer* kServer;
</span><span class="lines">@@ -197,8 +198,11 @@
</span><span class="cx"> static const char* kEchoHTMLFormat = "<html><body>%s</body></html>";
</span><span class="cx"> static const char* errorDomain = "test";
</span><span class="cx"> static const int errorCode = 10;
</span><del>-static const char* errorMessage = "Error message.";
</del><span class="cx">
</span><ins>+static const char* genericErrorMessage = "Error message.";
+static const char* beforeReceiveResponseErrorMessage = "Error before didReceiveResponse.";
+static const char* afterInitialChunkErrorMessage = "Error after reading the initial chunk.";
+
</ins><span class="cx"> class URISchemeTest: public LoadTrackingTest {
</span><span class="cx"> public:
</span><span class="cx"> MAKE_GLIB_TEST_FIXTURE(URISchemeTest);
</span><span class="lines">@@ -229,23 +233,38 @@
</span><span class="cx">
</span><span class="cx"> g_assert(webkit_uri_scheme_request_get_web_view(request) == test->m_webView);
</span><span class="cx">
</span><del>- GRefPtr<GInputStream> inputStream = adoptGRef(g_memory_input_stream_new());
- test->assertObjectIsDeletedWhenTestFinishes(G_OBJECT(inputStream.get()));
-
</del><span class="cx"> const char* scheme = webkit_uri_scheme_request_get_scheme(request);
</span><span class="cx"> g_assert(scheme);
</span><span class="cx"> g_assert(test->m_handlersMap.contains(String::fromUTF8(scheme)));
</span><span class="cx">
</span><ins>+ const URISchemeHandler& handler = test->m_handlersMap.get(String::fromUTF8(scheme));
+
+ GRefPtr<GInputStream> inputStream = adoptGRef(g_memory_input_stream_new());
+ test->assertObjectIsDeletedWhenTestFinishes(G_OBJECT(inputStream.get()));
+
+ const gchar* requestPath = webkit_uri_scheme_request_get_path(request);
+
</ins><span class="cx"> if (!g_strcmp0(scheme, "error")) {
</span><del>- GUniquePtr<GError> error(g_error_new_literal(g_quark_from_string(errorDomain), errorCode, errorMessage));
- webkit_uri_scheme_request_finish_error(request, error.get());
</del><ins>+ if (!g_strcmp0(requestPath, "before-response")) {
+ GUniquePtr<GError> error(g_error_new_literal(g_quark_from_string(errorDomain), errorCode, beforeReceiveResponseErrorMessage));
+ // We call finish() and then finish_error() to make sure that not even
+ // the didReceiveResponse message is processed at the time of failing.
+ webkit_uri_scheme_request_finish(request, G_INPUT_STREAM(inputStream.get()), handler.replyLength, handler.mimeType.data());
+ webkit_uri_scheme_request_finish_error(request, error.get());
+ } else if (!g_strcmp0(requestPath, "after-first-chunk")) {
+ g_memory_input_stream_add_data(G_MEMORY_INPUT_STREAM(inputStream.get()), handler.reply.data(), handler.reply.length(), 0);
+ webkit_uri_scheme_request_finish(request, inputStream.get(), handler.replyLength, handler.mimeType.data());
+ // We need to wait until we reach the load-committed state before calling webkit_uri_scheme_request_finish_error(),
+ // so we rely on the test using finishOnCommittedAndWaitUntilLoadFinished() to actually call it from loadCommitted().
+ } else {
+ GUniquePtr<GError> error(g_error_new_literal(g_quark_from_string(errorDomain), errorCode, genericErrorMessage));
+ webkit_uri_scheme_request_finish_error(request, error.get());
+ }
</ins><span class="cx"> return;
</span><span class="cx"> }
</span><span class="cx">
</span><del>- const URISchemeHandler& handler = test->m_handlersMap.get(String::fromUTF8(scheme));
-
</del><span class="cx"> if (!g_strcmp0(scheme, "echo")) {
</span><del>- char* replyHTML = g_strdup_printf(handler.reply.data(), webkit_uri_scheme_request_get_path(request));
</del><ins>+ char* replyHTML = g_strdup_printf(handler.reply.data(), requestPath);
</ins><span class="cx"> g_memory_input_stream_add_data(G_MEMORY_INPUT_STREAM(inputStream.get()), replyHTML, strlen(replyHTML), g_free);
</span><span class="cx"> } else if (!g_strcmp0(scheme, "closed"))
</span><span class="cx"> g_input_stream_close(inputStream.get(), 0, 0);
</span><span class="lines">@@ -261,10 +280,55 @@
</span><span class="cx"> webkit_web_context_register_uri_scheme(m_webContext.get(), scheme, uriSchemeRequestCallback, this, 0);
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+ virtual void loadCommitted() override
+ {
+ if (m_finishOnCommitted) {
+ GUniquePtr<GError> error(g_error_new_literal(g_quark_from_string(errorDomain), errorCode, afterInitialChunkErrorMessage));
+ webkit_uri_scheme_request_finish_error(m_uriSchemeRequest.get(), error.get());
+ }
+
+ LoadTrackingTest::loadCommitted();
+ }
+
+ void finishOnCommittedAndWaitUntilLoadFinished()
+ {
+ m_finishOnCommitted = true;
+ waitUntilLoadFinished();
+ m_finishOnCommitted = false;
+ }
+
</ins><span class="cx"> GRefPtr<WebKitURISchemeRequest> m_uriSchemeRequest;
</span><span class="cx"> HashMap<String, URISchemeHandler> m_handlersMap;
</span><ins>+ bool m_finishOnCommitted { false };
</ins><span class="cx"> };
</span><span class="cx">
</span><ins>+String generateHTMLContent(unsigned contentLength)
+{
+ String baseString("abcdefghijklmnopqrstuvwxyz0123457890");
+ unsigned baseLength = baseString.length();
+
+ StringBuilder builder;
+ builder.append("<html><body>");
+
+ if (contentLength <= baseLength)
+ builder.append(baseString, 0, contentLength);
+ else {
+ unsigned currentLength = 0;
+ while (currentLength < contentLength) {
+ if ((currentLength + baseLength) <= contentLength)
+ builder.append(baseString);
+ else
+ builder.append(baseString, 0, contentLength - currentLength);
+
+ // Account for the 12 characters of the '<html><body>' prefix.
+ currentLength = builder.length() - 12;
+ }
+ }
+ builder.append("</body></html>");
+
+ return builder.toString();
+}
+
</ins><span class="cx"> static void testWebContextURIScheme(URISchemeTest* test, gconstpointer)
</span><span class="cx"> {
</span><span class="cx"> test->registerURISchemeHandler("foo", kBarHTML, strlen(kBarHTML), "text/html");
</span><span class="lines">@@ -307,15 +371,36 @@
</span><span class="cx"> g_assert(!test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
</span><span class="cx"> g_assert(!test->m_loadEvents.contains(LoadTrackingTest::LoadFailed));
</span><span class="cx">
</span><del>- test->registerURISchemeHandler("error", 0, 0, 0);
</del><ins>+ // Anything over 8192 bytes will get multiple calls to g_input_stream_read_async in
+ // WebKitURISchemeRequest when reading data, but we still need way more than that to
+ // ensure that we reach the load-committed state before failing, so we use an 8MB HTML.
+ String longHTMLContent = generateHTMLContent(8 * 1024 * 1024);
+ test->registerURISchemeHandler("error", longHTMLContent.utf8().data(), -1, "text/html");
</ins><span class="cx"> test->m_loadEvents.clear();
</span><span class="cx"> test->loadURI("error:error");
</span><span class="cx"> test->waitUntilLoadFinished();
</span><span class="cx"> g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
</span><span class="cx"> g_assert(test->m_loadFailed);
</span><span class="cx"> g_assert_error(test->m_error.get(), g_quark_from_string(errorDomain), errorCode);
</span><del>- g_assert_cmpstr(test->m_error->message, ==, errorMessage);
</del><ins>+ g_assert_cmpstr(test->m_error->message, ==, genericErrorMessage);
</ins><span class="cx">
</span><ins>+ test->m_loadEvents.clear();
+ test->loadURI("error:before-response");
+ test->waitUntilLoadFinished();
+ g_assert(test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
+ g_assert(test->m_loadFailed);
+ g_assert_error(test->m_error.get(), g_quark_from_string(errorDomain), errorCode);
+ g_assert_cmpstr(test->m_error->message, ==, beforeReceiveResponseErrorMessage);
+
+ test->m_loadEvents.clear();
+ test->loadURI("error:after-first-chunk");
+ test->finishOnCommittedAndWaitUntilLoadFinished();
+ g_assert(!test->m_loadEvents.contains(LoadTrackingTest::ProvisionalLoadFailed));
+ g_assert(test->m_loadEvents.contains(LoadTrackingTest::LoadFailed));
+ g_assert(test->m_loadFailed);
+ g_assert_error(test->m_error.get(), g_quark_from_string(errorDomain), errorCode);
+ g_assert_cmpstr(test->m_error->message, ==, afterInitialChunkErrorMessage);
+
</ins><span class="cx"> test->registerURISchemeHandler("closed", 0, 0, 0);
</span><span class="cx"> test->m_loadEvents.clear();
</span><span class="cx"> test->loadURI("closed:input-stream");
</span></span></pre>
</div>
</div>
</body>
</html>