Bad handling of BOM with SharedBuffer |
|||||||
Issue descriptionThis is originally reported as http://crbug.com/540988#c19. > Sorry to bother you, but seems like TextResource::decodedText does not work > properly after https://codereview.chromium.org/1431863004. > It hard to provide any test case because of complicated environment. I was > using proxy server which decoded https traffic for me. In that case some time > the first chunk of a text resource was just one byte so with a new > implementation of decodedText, TextResourceDecoder became unable to find a BOM > using function checkForBOM and therefore I had some unpredictable errors in > absolutely normal scripts just because of their UTF8 encoding.
,
Aug 7 2016
,
Aug 12 2016
Guys, I have one more question concerning BOM detection. Seems like ScriptStreamer::notifyAppendData has the same sort of bug. If the first chunk of data is less then 4 bytes it's unable to detect BOM length and starts streaming with it. I don't know if it's because of this bug, but I intermittently have a syntax error in perfectly normal scripts. Any ideas?
,
Aug 15 2016
,
Aug 15 2016
#4: Thanks for reporting again! peria@ is working on it.
,
Aug 15 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/4b42aa218b8ebeef9ef8eef3109df7d89214d38d commit 4b42aa218b8ebeef9ef8eef3109df7d89214d38d Author: peria <peria@chromium.org> Date: Mon Aug 15 09:25:14 2016 This CL creates a method to get a partial data of SharedBuffer. This new method allows us to read a part of a buffer with specifying starting position and length as a copy. BUG= 634935 Review-Url: https://codereview.chromium.org/2249533003 Cr-Commit-Position: refs/heads/master@{#411951} [modify] https://crrev.com/4b42aa218b8ebeef9ef8eef3109df7d89214d38d/third_party/WebKit/Source/platform/SharedBuffer.cpp [modify] https://crrev.com/4b42aa218b8ebeef9ef8eef3109df7d89214d38d/third_party/WebKit/Source/platform/SharedBuffer.h [modify] https://crrev.com/4b42aa218b8ebeef9ef8eef3109df7d89214d38d/third_party/WebKit/Source/platform/SharedBufferTest.cpp
,
Aug 16 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/58cdacd743ce7c608a0284906549366a211df0f5 commit 58cdacd743ce7c608a0284906549366a211df0f5 Author: peria <peria@chromium.org> Date: Tue Aug 16 10:27:54 2016 Load 4 bytes to detect BOM. It is guaranteed that the shared buffer contains s_smallScriptThreashold (=30*1024) bytes, but it is not guaranteed that a chunked segment holds >=2 bytes. Before this CL, we might hit such a short segment and failed to detect BOM of the script. This CL copies leading 4 bytes, which is needed and enough to detect BOM, and avoids to lack data. BUG= 634935 Review-Url: https://codereview.chromium.org/2245003002 Cr-Commit-Position: refs/heads/master@{#412206} [modify] https://crrev.com/58cdacd743ce7c608a0284906549366a211df0f5/third_party/WebKit/Source/bindings/core/v8/ScriptStreamer.cpp
,
Aug 16 2016
There can be the same issue in other files, but I fixed the figured bug. So let me close this issue as Fixed. FYI, as far as I searched, this was the only place where SharedBuffer::getSomeData() was used in unintentional style.
,
Aug 16 2016
Can you take a look at SourceStream::fetchDataFromResourceBuffer at ScriptStreamer.cpp. I think it needs to be fixed as well. You might need to do something like this:
for (size_t i = 0; i < chunks.size(); ++i) {
if (chunkLengths[i] < lengthOfBOM) {
// We've hit a case when our first chunk length is less then a BOM
// so just skip this chunk
lengthOfBOM -= chunkLengths[i];
continue;
}
memcpy(copiedData + offset, chunks[i] + lengthOfBOM, chunkLengths[i] - lengthOfBOM);
offset += chunkLengths[i] - lengthOfBOM;
// BOM is only in the first chunk
lengthOfBOM = 0;
}
,
Aug 16 2016
Yes, it needs! Thank you for pointing it.
,
Aug 16 2016
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/be99583f3e0d6ebf59ca413a5c2fa09d535a05fc commit be99583f3e0d6ebf59ca413a5c2fa09d535a05fc Author: peria <peria@chromium.org> Date: Tue Aug 16 15:44:11 2016 Avoids accessing out of range in ScriptStreamer If resource buffer's first chunk is shorter than BOM length, ScriptStreamer accesses out of range. BUG= 634935 Review-Url: https://codereview.chromium.org/2252653002 Cr-Commit-Position: refs/heads/master@{#412252} [modify] https://crrev.com/be99583f3e0d6ebf59ca413a5c2fa09d535a05fc/third_party/WebKit/Source/bindings/core/v8/ScriptStreamer.cpp
,
Aug 17 2016
Update to be fixed again. Let me know if you find other bad handlings.
,
Aug 17 2016
|
|||||||
►
Sign in to add a comment |
|||||||
Comment 1 by bugdroid1@chromium.org
, Aug 7 2016