Null check platformData when decoding
https://bugs.webkit.org/show_bug.cgi?id=221442
Patch by Rob Buis <rbuis@igalia.com> on 2021-03-04
Reviewed by Ryosuke Niwa.
Source/WebKit:
Null check platformData when decoding.
Test: ipc/pasteboard-write-custom-data.html
* Shared/WebCoreArgumentCoders.cpp:
(IPC::ArgumentCoder<PasteboardCustomData::Entry>::decode):
LayoutTests:
Add test for this.
* ipc/pasteboard-write-custom-data-expected.txt: Added.
* ipc/pasteboard-write-custom-data.html: Added.
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@273886 268f45cc-cd09-0410-ab3c-d52691b4dbfc
diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
index 6b0dcd9..75adfe3 100644
--- a/LayoutTests/ChangeLog
+++ b/LayoutTests/ChangeLog
@@ -1,3 +1,15 @@
+2021-03-04 Rob Buis <rbuis@igalia.com>
+
+ Null check platformData when decoding
+ https://bugs.webkit.org/show_bug.cgi?id=221442
+
+ Reviewed by Ryosuke Niwa.
+
+ Add test for this.
+
+ * ipc/pasteboard-write-custom-data-expected.txt: Added.
+ * ipc/pasteboard-write-custom-data.html: Added.
+
2021-03-04 Antoine Quint <graouts@webkit.org>
initial value for border-image-outset should be 0
diff --git a/LayoutTests/ipc/pasteboard-write-custom-data-expected.txt b/LayoutTests/ipc/pasteboard-write-custom-data-expected.txt
new file mode 100644
index 0000000..0383162
--- /dev/null
+++ b/LayoutTests/ipc/pasteboard-write-custom-data-expected.txt
@@ -0,0 +1 @@
+Test passes if it does not crash.
diff --git a/LayoutTests/ipc/pasteboard-write-custom-data.html b/LayoutTests/ipc/pasteboard-write-custom-data.html
new file mode 100644
index 0000000..55575eb
--- /dev/null
+++ b/LayoutTests/ipc/pasteboard-write-custom-data.html
@@ -0,0 +1,11 @@
+<!DOCTYPE html><!-- webkit-test-runner [ IPCTestingAPIEnabled=true ] -->
+<html>
+Test passes if it does not crash.
+<script>
+if (window.testRunner)
+ testRunner.dumpAsText();
+if (window.IPC) {
+ buf = new Uint8Array([0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0xff,0xff,0xff,0xff,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x10,0x0,0x0,0x0,0x0,0x0,0xb,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x2,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,0x0,0x0,0x0,0x0,0x0,0x0,0x0,0x9,]);
+ IPC.sendMessage('UI', IPC.webPageProxyID, IPC.messages.WebPasteboardProxy_WriteCustomData.name, [buf]);
+}
+</script>
diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index aebff6e..23f2358 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,3 +1,17 @@
+2021-03-04 Rob Buis <rbuis@igalia.com>
+
+ Null check platformData when decoding
+ https://bugs.webkit.org/show_bug.cgi?id=221442
+
+ Reviewed by Ryosuke Niwa.
+
+ Null check platformData when decoding.
+
+ Test: ipc/pasteboard-write-custom-data.html
+
+ * Shared/WebCoreArgumentCoders.cpp:
+ (IPC::ArgumentCoder<PasteboardCustomData::Entry>::decode):
+
2021-03-04 Kimmo Kinnunen <kkinnunen@apple.com>
IPC stream feature should use client/server naming instead of sender/receiver
diff --git a/Source/WebKit/Shared/WebCoreArgumentCoders.cpp b/Source/WebKit/Shared/WebCoreArgumentCoders.cpp
index 611f462..38dd9d3 100644
--- a/Source/WebKit/Shared/WebCoreArgumentCoders.cpp
+++ b/Source/WebKit/Shared/WebCoreArgumentCoders.cpp
@@ -1571,7 +1571,7 @@
if (hasBuffer) {
RefPtr<SharedBuffer> value;
- if (!decodeSharedBuffer(decoder, value))
+ if (!decodeSharedBuffer(decoder, value) || !value)
return false;
data.platformData = { value.releaseNonNull() };
}
