diff options
Diffstat (limited to 'Source/WebKit2')
10 files changed, 54 insertions, 4 deletions
diff --git a/Source/WebKit2/Platform/IPC/unix/ConnectionUnix.cpp b/Source/WebKit2/Platform/IPC/unix/ConnectionUnix.cpp index 18d02cdd9..3902003f9 100644 --- a/Source/WebKit2/Platform/IPC/unix/ConnectionUnix.cpp +++ b/Source/WebKit2/Platform/IPC/unix/ConnectionUnix.cpp @@ -199,6 +199,11 @@ bool Connection::processMessage() memcpy(&messageInfo, messageData, sizeof(messageInfo)); messageData += sizeof(messageInfo); + if (messageInfo.attachmentCount() > attachmentMaxAmount || (!messageInfo.isMessageBodyIsOutOfLine() && messageInfo.bodySize() > messageMaxSize)) { + ASSERT_NOT_REACHED(); + return false; + } + size_t messageLength = sizeof(MessageInfo) + messageInfo.attachmentCount() * sizeof(AttachmentInfo) + (messageInfo.isMessageBodyIsOutOfLine() ? 0 : messageInfo.bodySize()); if (m_readBuffer.size() < messageLength) return false; @@ -256,7 +261,7 @@ bool Connection::processMessage() if (messageInfo.isMessageBodyIsOutOfLine()) { ASSERT(messageInfo.bodySize()); - if (attachmentInfo[attachmentCount].isNull()) { + if (attachmentInfo[attachmentCount].isNull() || attachmentInfo[attachmentCount].getSize() != messageInfo.bodySize()) { ASSERT_NOT_REACHED(); return false; } @@ -334,6 +339,10 @@ static ssize_t readBytesFromSocket(int socketDescriptor, Vector<uint8_t>& buffer struct cmsghdr* controlMessage; for (controlMessage = CMSG_FIRSTHDR(&message); controlMessage; controlMessage = CMSG_NXTHDR(&message, controlMessage)) { if (controlMessage->cmsg_level == SOL_SOCKET && controlMessage->cmsg_type == SCM_RIGHTS) { + if (controlMessage->cmsg_len < CMSG_LEN(0) || controlMessage->cmsg_len > attachmentMaxAmount) { + ASSERT_NOT_REACHED(); + break; + } size_t previousFileDescriptorsSize = fileDescriptors.size(); size_t fileDescriptorsCount = (controlMessage->cmsg_len - CMSG_LEN(0)) / sizeof(int); fileDescriptors.grow(fileDescriptors.size() + fileDescriptorsCount); diff --git a/Source/WebKit2/Shared/qt/NativeWebTouchEventQt.cpp b/Source/WebKit2/Shared/qt/NativeWebTouchEventQt.cpp index 5792ef623..f6cc58825 100644 --- a/Source/WebKit2/Shared/qt/NativeWebTouchEventQt.cpp +++ b/Source/WebKit2/Shared/qt/NativeWebTouchEventQt.cpp @@ -26,6 +26,8 @@ #include "config.h" #include "NativeWebTouchEvent.h" +#if ENABLE(TOUCH_EVENTS) + #include "WebEventFactory.h" namespace WebKit { @@ -37,3 +39,5 @@ NativeWebTouchEvent::NativeWebTouchEvent(const QTouchEvent* event, const QTransf } } // namespace WebKit + +#endif // ENABLE(TOUCH_EVENTS) diff --git a/Source/WebKit2/UIProcess/API/qt/tests/CMakeLists.txt b/Source/WebKit2/UIProcess/API/qt/tests/CMakeLists.txt index b26366492..899a9e038 100644 --- a/Source/WebKit2/UIProcess/API/qt/tests/CMakeLists.txt +++ b/Source/WebKit2/UIProcess/API/qt/tests/CMakeLists.txt @@ -87,7 +87,9 @@ set(qmltests_LIBRARIES add_executable(tst_qmltests_WebView ${qmltests_SOURCES}) target_compile_definitions(tst_qmltests_WebView PRIVATE ${tst_qmltests_WebView_DEFINITIONS}) target_link_libraries(tst_qmltests_WebView ${qmltests_LIBRARIES}) +set_target_properties(tst_qmltests_WebView PROPERTIES AUTOMOC ON) add_executable(tst_qmltests_DesktopBehavior ${qmltests_SOURCES}) target_compile_definitions(tst_qmltests_DesktopBehavior PRIVATE ${tst_qmltests_DesktopBehavior_DEFINITIONS}) target_link_libraries(tst_qmltests_DesktopBehavior ${qmltests_LIBRARIES}) +set_target_properties(tst_qmltests_DesktopBehavior PROPERTIES AUTOMOC ON) diff --git a/Source/WebKit2/UIProcess/UserContent/WebUserContentControllerProxy.cpp b/Source/WebKit2/UIProcess/UserContent/WebUserContentControllerProxy.cpp index b40662f06..d27175cee 100644 --- a/Source/WebKit2/UIProcess/UserContent/WebUserContentControllerProxy.cpp +++ b/Source/WebKit2/UIProcess/UserContent/WebUserContentControllerProxy.cpp @@ -116,7 +116,7 @@ void WebUserContentControllerProxy::addUserScript(API::UserScript& userScript) void WebUserContentControllerProxy::removeUserScript(const API::UserScript& userScript) { for (WebProcessProxy* process : m_processes) - process->connection()->send(Messages::WebUserContentController::RemoveUserScript({ userScript.userScript().url().string() }), m_identifier); + process->connection()->send(Messages::WebUserContentController::RemoveUserScript(userScript.userScript().url().string()), m_identifier); m_userScripts->elements().removeAll(&userScript); } @@ -140,7 +140,7 @@ void WebUserContentControllerProxy::addUserStyleSheet(API::UserStyleSheet& userS void WebUserContentControllerProxy::removeUserStyleSheet(const API::UserStyleSheet& userStyleSheet) { for (WebProcessProxy* process : m_processes) - process->connection()->send(Messages::WebUserContentController::RemoveUserStyleSheet({ userStyleSheet.userStyleSheet().url().string() }), m_identifier); + process->connection()->send(Messages::WebUserContentController::RemoveUserStyleSheet(userStyleSheet.userStyleSheet().url().string()), m_identifier); m_userStyleSheets->elements().removeAll(&userStyleSheet); } diff --git a/Source/WebKit2/UIProcess/qt/QtPageClient.cpp b/Source/WebKit2/UIProcess/qt/QtPageClient.cpp index c4edb793e..5f62dc600 100644 --- a/Source/WebKit2/UIProcess/qt/QtPageClient.cpp +++ b/Source/WebKit2/UIProcess/qt/QtPageClient.cpp @@ -110,10 +110,12 @@ void QtPageClient::didChangeViewportProperties(const WebCore::ViewportAttributes QQuickWebViewPrivate::get(m_webView)->didChangeViewportProperties(attr); } +#if ENABLE(DRAG_SUPPORT) void QtPageClient::startDrag(const WebCore::DragData& dragData, PassRefPtr<ShareableBitmap> dragImage) { m_eventHandler->startDrag(dragData, dragImage); } +#endif void QtPageClient::handleDownloadRequest(DownloadProxy* download) { diff --git a/Source/WebKit2/UIProcess/qt/QtPageClient.h b/Source/WebKit2/UIProcess/qt/QtPageClient.h index 3467ceaa9..b31720bc8 100644 --- a/Source/WebKit2/UIProcess/qt/QtPageClient.h +++ b/Source/WebKit2/UIProcess/qt/QtPageClient.h @@ -73,7 +73,9 @@ public: void updateAcceleratedCompositingMode(const LayerTreeContext&) override; void pageClosed() override { } void preferencesDidChange() override { } +#if ENABLE(DRAG_SUPPORT) void startDrag(const WebCore::DragData&, PassRefPtr<ShareableBitmap> dragImage) override; +#endif void setCursor(const WebCore::Cursor&) override; void setCursorHiddenUntilMouseMoves(bool) override; void toolTipChanged(const String&, const String&) override; diff --git a/Source/WebKit2/UIProcess/qt/QtWebPageEventHandler.cpp b/Source/WebKit2/UIProcess/qt/QtWebPageEventHandler.cpp index d05649736..2a7d6f15e 100644 --- a/Source/WebKit2/UIProcess/qt/QtWebPageEventHandler.cpp +++ b/Source/WebKit2/UIProcess/qt/QtWebPageEventHandler.cpp @@ -184,16 +184,21 @@ void QtWebPageEventHandler::handleHoverMoveEvent(QHoverEvent* ev) void QtWebPageEventHandler::handleDragEnterEvent(QDragEnterEvent* ev) { +#if ENABLE(DRAG_SUPPORT) m_webPageProxy->resetCurrentDragInformation(); QTransform fromItemTransform = m_webPage->transformFromItem(); // FIXME: Should not use QCursor::pos() DragData dragData(ev->mimeData(), fromItemTransform.map(ev->pos()), QCursor::pos(), dropActionToDragOperation(ev->possibleActions())); m_webPageProxy->dragEntered(dragData); ev->acceptProposedAction(); +#else + Q_UNUSED(ev); +#endif } void QtWebPageEventHandler::handleDragLeaveEvent(QDragLeaveEvent* ev) { +#if ENABLE(DRAG_SUPPORT) bool accepted = ev->isAccepted(); // FIXME: Should not use QCursor::pos() @@ -202,10 +207,14 @@ void QtWebPageEventHandler::handleDragLeaveEvent(QDragLeaveEvent* ev) m_webPageProxy->resetCurrentDragInformation(); ev->setAccepted(accepted); +#else + Q_UNUSED(ev); +#endif } void QtWebPageEventHandler::handleDragMoveEvent(QDragMoveEvent* ev) { +#if ENABLE(DRAG_SUPPORT) bool accepted = ev->isAccepted(); QTransform fromItemTransform = m_webPage->transformFromItem(); @@ -217,10 +226,14 @@ void QtWebPageEventHandler::handleDragMoveEvent(QDragMoveEvent* ev) ev->accept(); ev->setAccepted(accepted); +#else + Q_UNUSED(ev); +#endif } void QtWebPageEventHandler::handleDropEvent(QDropEvent* ev) { +#if ENABLE(DRAG_SUPPORT) bool accepted = ev->isAccepted(); QTransform fromItemTransform = m_webPage->transformFromItem(); // FIXME: Should not use QCursor::pos() @@ -232,6 +245,9 @@ void QtWebPageEventHandler::handleDropEvent(QDropEvent* ev) ev->accept(); ev->setAccepted(accepted); +#else + Q_UNUSED(ev); +#endif } void QtWebPageEventHandler::activateTapHighlight(const QTouchEvent::TouchPoint& point) @@ -615,6 +631,7 @@ void QtWebPageEventHandler::didFindZoomableArea(const IntPoint& target, const In void QtWebPageEventHandler::startDrag(const WebCore::DragData& dragData, PassRefPtr<ShareableBitmap> dragImage) { +#if ENABLE(DRAG_SUPPORT) QImage dragQImage; if (dragImage) dragQImage = dragImage->createQImage(); @@ -639,6 +656,10 @@ void QtWebPageEventHandler::startDrag(const WebCore::DragData& dragData, PassRef } m_webPageProxy->dragEnded(clientPosition, globalPosition, dropActionToDragOperation(actualDropAction)); +#else + Q_UNUSED(dragData); + Q_UNUSED(dragImage); +#endif } } // namespace WebKit diff --git a/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp b/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp index dcb73b3ff..dde8526fb 100644 --- a/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp +++ b/Source/WebKit2/WebProcess/InjectedBundle/DOM/InjectedBundleRangeHandle.cpp @@ -1,5 +1,5 @@ /* - * Copyright (C) 2010, 2015 Apple Inc. All rights reserved. + * Copyright (C) 2010, 2015-2016 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -114,6 +114,8 @@ PassRefPtr<WebImage> InjectedBundleRangeHandle::renderedImage(SnapshotOptions op if (!frameView) return nullptr; + Ref<Frame> protector(*frame); + VisibleSelection oldSelection = frame->selection().selection(); frame->selection().setSelection(VisibleSelection(*m_range)); diff --git a/Source/WebKit2/WebProcess/WebCoreSupport/qt/WebDragClientQt.cpp b/Source/WebKit2/WebProcess/WebCoreSupport/qt/WebDragClientQt.cpp index 380208a46..8b93b2903 100644 --- a/Source/WebKit2/WebProcess/WebCoreSupport/qt/WebDragClientQt.cpp +++ b/Source/WebKit2/WebProcess/WebCoreSupport/qt/WebDragClientQt.cpp @@ -26,6 +26,8 @@ #include "config.h" #include "WebDragClient.h" +#if ENABLE(DRAG_SUPPORT) + #include "DataTransfer.h" #include "DragData.h" #include "GraphicsContext.h" @@ -67,3 +69,5 @@ void WebDragClient::startDrag(DragImageRef dragImage, const IntPoint& clientPosi } } + +#endif // ENABLE(DRAG_SUPPORT) diff --git a/Source/WebKit2/WebProcess/WebPage/WebPage.cpp b/Source/WebKit2/WebProcess/WebPage/WebPage.cpp index c8d54d523..6a69492d9 100644 --- a/Source/WebKit2/WebProcess/WebPage/WebPage.cpp +++ b/Source/WebKit2/WebProcess/WebPage/WebPage.cpp @@ -4493,6 +4493,8 @@ void WebPage::insertTextAsync(const String& text, const EditingRange& replacemen { Frame& frame = m_page->focusController().focusedOrMainFrame(); + Ref<Frame> protector(frame); + if (replacementEditingRange.location != notFound) { RefPtr<Range> replacementRange = rangeFromEditingRange(frame, replacementEditingRange, static_cast<EditingRangeIsRelativeTo>(editingRangeIsRelativeTo)); if (replacementRange) @@ -4655,6 +4657,8 @@ void WebPage::setComposition(const String& text, const Vector<CompositionUnderli return; } + Ref<Frame> protector(*targetFrame); + if (replacementLength > 0) { // The layout needs to be uptodate before setting a selection targetFrame->document()->updateLayout(); |