RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-05-31 11:58:12 +00:00
Code Issues Activity Actions
serenity/Userland/Libraries/LibWeb
History
Ben Wiederhake 3aeb57ed09 AK+Everywhere: Fix data corruption due to code-point-to-char conversion 
In particular, StringView::contains(char) is often used with a u32
code point. When this is done, the compiler will for some reason allow
data corruption to occur silently.

In fact, this is one of two reasons for the following OSS Fuzz issue:
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49184
This is probably a very old bug.

In the particular case of URLParser, AK::is_url_code_point got confused:
    return /* ... */ || "!$&'()*+,-./:;=?@_~"sv.contains(code_point);
If code_point is a large code point that happens to have the correct
lower bytes, AK::is_url_code_point is then convinced that the given
code point is okay, even if it is actually problematic.

This commit fixes *only* the silent data corruption due to the erroneous
conversion, and does not fully resolve OSS-Fuzz#49184.
2022-10-09 10:37:20 -06:00
..
Bindings LibWeb: Make HostDefined and Intrinsics free functions [[nodiscard]] 2022-10-09 10:14:57 +02:00
Cookie Everywhere: Add sv suffix to strings relying on StringView(char const*) 2022-07-12 23:11:35 +02:00
Crypto LibWeb: Remove unecessary dependence on Window from assorted classes 2022-10-01 21:05:32 +01:00
CSS LibWeb+Base: Add grid repeat() functionality 2022-10-09 12:40:18 +01:00
DOM LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
DOMParsing LibWeb: Remove unecessary dependence on Window from DOM and WebIDL 2022-10-01 21:05:32 +01:00
Encoding LibWeb: Remove unecessary dependence on Window from assorted classes 2022-10-01 21:05:32 +01:00
Fetch AK+Everywhere: Fix data corruption due to code-point-to-char conversion 2022-10-09 10:37:20 -06:00
FileAPI LibWeb: Add FileList from the FileAPI spec 2022-10-04 22:05:14 +02:00
Geometry LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
HighResolutionTime LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
HTML LibWeb: Re-implement HTML::Navigator using IDL 2022-10-09 10:14:57 +02:00
Infra LibWeb: Run 'UTF-8 decode' in parse_json_bytes_to_javascript_value() 2022-10-04 20:05:09 +01:00
IntersectionObserver LibWeb: Remove unecessary dependence on Window from assorted classes 2022-10-01 21:05:32 +01:00
Layout LibWeb: Fix ::-webkit-progress-bar/value pseudo elements 2022-10-09 10:11:37 +02:00
Loader LibWeb: Make Fetch::Infrastructure::{Request,Response} ref-counted 2022-10-05 09:14:49 +01:00
MimeSniff LibWeb: Implement more close to spec javascript mime type checking 2022-10-06 16:41:36 +02:00
NavigationTiming LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
Page LibWeb: Implement <input type=file> behavior 2022-10-04 22:05:14 +02:00
Painting LibWeb: Add missing hue-rotate() filter spec comment 2022-10-07 13:08:24 +01:00
Platform LibWeb+WebContent: Add EventLoopPlugin::quit() virtual 2022-10-08 10:54:52 +02:00
ReferrerPolicy LibWeb: Add referrer policy to Fetch::Infrastructure::Request 2022-09-27 14:56:17 +01:00
RequestIdleCallback LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
ResizeObserver LibWeb: Remove unecessary dependence on Window from assorted classes 2022-10-01 21:05:32 +01:00
Scripts Libraries: Move to Userland/Libraries/ 2021-01-12 12:17:46 +01:00
Selection LibWeb: Remove unecessary dependence on Window from assorted classes 2022-10-01 21:05:32 +01:00
Streams LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
SVG LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
Tests Everywhere: Rename WrapperGenerator to BindingsGenerator 2022-09-21 23:06:08 +01:00
UIEvents LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
URL LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
WebAssembly LibWeb: Cleanup unecessary uses and includes of HTML::Window 2022-10-01 21:05:32 +01:00
WebGL LibWeb: Remove unecessary dependence on Window from WebGL and WebSocket 2022-10-01 21:05:32 +01:00
WebIDL LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
WebSockets LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
XHR LibWeb: Add Exposed attribute and IDL spec links where missing 2022-10-09 10:14:57 +02:00
XML LibWeb: Rename HighResolutionTime/{CoarsenTime => TimeOrigin}.cpp/h 2022-10-05 09:12:59 +01:00
CMakeLists.txt LibWeb: Re-implement HTML::Navigator using IDL 2022-10-09 10:14:57 +02:00
Dump.cpp LibWeb: Use Layout::Node::display() everywhere 2022-10-06 16:25:26 +02:00
Dump.h LibWeb: Implement initial CSSFontFaceRule and FontFace classes 2022-03-28 22:25:25 +02:00
FontCache.cpp LibGfx: Move other font-related files to LibGfx/Font/ 2022-04-09 23:48:18 +02:00
FontCache.h LibGfx: Move other font-related files to LibGfx/Font/ 2022-04-09 23:48:18 +02:00
Forward.h LibWeb: Re-implement HTML::Navigator using IDL 2022-10-09 10:14:57 +02:00
idl_files.cmake LibWeb: Re-implement HTML::Navigator using IDL 2022-10-09 10:14:57 +02:00
Namespace.cpp Everything: Move to SPDX license identifiers in all files. 2021-04-22 11:22:27 +02:00
Namespace.h Everything: Move to SPDX license identifiers in all files. 2021-04-22 11:22:27 +02:00
TreeNode.h Everywhere: Run clang-format 2022-04-01 21:24:45 +01:00