diff options
| author | Ryosuke Niwa <rniwa@webkit.org> | 2014-04-14 12:12:30 +0200 |
|---|---|---|
| committer | The Qt Project <gerrit-noreply@qt-project.org> | 2014-04-16 05:54:58 +0200 |
| commit | 8fb157f8b7822b62b2df5668f77a67b608b39267 (patch) | |
| tree | cd613f1cf72fa9c66ac257d2f21f9bcc3c0a5751 | |
| parent | 2c3ef650ca5de71d38f88a2568a3e3a4368bbc14 (diff) | |
| download | qtwebkit-8fb157f8b7822b62b2df5668f77a67b608b39267.tar.gz | |
Crash when submitting form in a document with null encoding
https://bugs.webkit.org/show_bug.cgi?id=123975
Reviewed by Alexey Proskuryakov.
Source/WebCore:
Merge https://chromium.googlesource.com/chromium/blink/+/bba01a7fff09e3053ada96ababac2a6e4261fe5f
The CString object which is passed to normalizeLineEndingsToCRLF() can be
a null string. It is created in FormDataList::appendString(), and it
produces a null CString if FormDataList::m_encoding is a null encoding.
Test: fast/forms/form-submit-in-image-document.html
* platform/text/LineEnding.cpp:
(internalNormalizeLineEndingsToCRLF):
Change-Id: Ia36bcf292fb4d1da7e4bb21e2eddf1146eecd71c
git-svn-id: http://svn.webkit.org/repository/webkit/trunk@158868 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Reviewed-by: Michael Bruning <michael.bruning@digia.com>
| -rw-r--r-- | Source/WebCore/platform/text/LineEnding.cpp | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/Source/WebCore/platform/text/LineEnding.cpp b/Source/WebCore/platform/text/LineEnding.cpp index ff5707988..243e08962 100644 --- a/Source/WebCore/platform/text/LineEnding.cpp +++ b/Source/WebCore/platform/text/LineEnding.cpp @@ -96,6 +96,8 @@ private: void internalNormalizeLineEndingsToCRLF(const CString& from, OutputBuffer& buffer) { + if (!from.length()) + return; // Compute the new length. size_t newLen = 0; const char* p = from.data(); |