commit b2852ac07d28f8bb97c4707c61be19a93808110f
author ap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Feb 28 19:49:54 2012 +0000
committer ap@apple.com <ap@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Tue Feb 28 19:49:54 2012 +0000
tree ac780e2b25922cd2f1f2a1117b78c9b2b0bbd6a9
parent d05b38556f3df2138473fc888a3ccf8eef6e47c6

FileReader crashes when file is not readable
https://bugs.webkit.org/show_bug.cgi?id=79715

Reviewed by Jian Li.

Source/WebCore:

Test: fast/files/file-reader-directory-crash.html

* platform/SharedBuffer.cpp: (WebCore::SharedBuffer::SharedBuffer): Crash early if a caller
mixed up in-band error signal with length again.

* platform/network/BlobResourceHandle.cpp:
(WebCore): Changed errors into an enum. Added a proper domain for blob errors.
(WebCore::BlobResourceHandle::didReceiveResponse): There is already a constant for INT_MAX
in C/C++.
(WebCore::BlobResourceHandle::didRead): Don't send "-1" for failure down the success path.
(WebCore::BlobResourceHandle::notifyFail): Use a proper domain for blob errors, and a non-
empty message.

LayoutTests:

* fast/files/file-reader-directory-crash-expected.txt: Added.
* fast/files/file-reader-directory-crash.html: Added.


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@109132 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/platform/network/BlobResourceHandle.cpp

diff --git a/Source/WebCore/platform/network/BlobResourceHandle.cpp b/Source/WebCore/platform/network/BlobResourceHandle.cpp
index 2b94bdb..e8ed075 100644
--- a/Source/WebCore/platform/network/BlobResourceHandle.cpp
+++ b/Source/WebCore/platform/network/BlobResourceHandle.cpp
@@ -65,10 +65,13 @@
 static const char* httpRequestedRangeNotSatisfiableText = "Requested Range Not Satisfiable";
 static const char* httpInternalErrorText = "Internal Server Error";
 
-static const int notFoundError = 1;
-static const int securityError = 2;
-static const int rangeError = 3;
-static const int notReadableError = 4;
+static const char* const webKitBlobResourceDomain = "WebKitBlobResource";
+enum {
+    notFoundError = 1,
+    securityError = 2,
+    rangeError = 3,
+    notReadableError = 4,
+};
 
 ///////////////////////////////////////////////////////////////////////////////
 // BlobResourceSynchronousLoader
@@ -100,9 +103,8 @@
 void BlobResourceSynchronousLoader::didReceiveResponse(ResourceHandle* handle, const ResourceResponse& response)
 {
     // We cannot handle the size that is more than maximum integer.
-    const int intMaxForLength = 0x7fffffff;
-    if (response.expectedContentLength() > intMaxForLength) {
-        m_error = ResourceError(String(), notReadableError, response.url(), String());
+    if (response.expectedContentLength() > INT_MAX) {
+        m_error = ResourceError(webKitBlobResourceDomain, notReadableError, response.url(), "File is too large");
         return;
     }
 
@@ -486,6 +488,11 @@
 
 void BlobResourceHandle::didRead(int bytesRead)
 {
+    if (bytesRead < 0) {
+        failed(notReadableError);
+        return;
+    }
+
     consumeData(m_buffer.data(), bytesRead);
 }
 
@@ -592,7 +599,7 @@
 void BlobResourceHandle::notifyFail(int errorCode)
 {
     if (client())
-        client()->didFail(this, ResourceError(String(), errorCode, firstRequest().url(), String()));
+        client()->didFail(this, ResourceError(webKitBlobResourceDomain, errorCode, firstRequest().url(), String()));
 }
 
 static void doNotifyFinish(void* context)