Ignore:
Timestamp:
Aug 26, 2014, 2:39:51 PM (11 years ago)
Author:
Brent Fulgham
Message:

[Win] WebKit IDL incorrectly passes HWND as OLE_HANDLE
https://bugs.webkit.org/show_bug.cgi?id=136258
<rdar://problem/18134138>

Reviewed by Tim Horton.

Avoid 32/64-bit truncation by preventing 64-bit HWND (and other)
values from passing through the 32-bit OLE_HANDLE data type.

Source/WebCore:

  • platform/win/WindowMessageBroadcaster.cpp:

(WebCore::WindowMessageBroadcaster::addListener):
(WebCore::WindowMessageBroadcaster::removeListener):
(WebCore::WindowMessageBroadcaster::destroy):
(WebCore::WindowMessageBroadcaster::unsubclassWindow):
(WebCore::WindowMessageBroadcaster::SubclassedWndProc):

Source/WebKit/win:

  • Interfaces/IWebDocument.idl:
  • Interfaces/IWebEmbeddedView.idl:
  • Interfaces/IWebErrorPrivate.idl:
  • Interfaces/IWebFrameLoadDelegate.idl:
  • Interfaces/IWebFramePrivate.idl:
  • Interfaces/IWebHistoryItem.idl:
  • Interfaces/IWebIconDatabase.idl:
  • Interfaces/IWebMutableURLRequestPrivate.idl:
  • Interfaces/IWebUIDelegate.idl:
  • Interfaces/IWebUIDelegatePrivate.idl:
  • Interfaces/IWebURLResponsePrivate.idl:
  • Interfaces/IWebView.idl:
  • Interfaces/IWebViewPrivate.idl:
  • WebCoreSupport/EmbeddedWidget.cpp:

(EmbeddedWidget::createWindow):

  • WebCoreSupport/WebChromeClient.cpp:

(WebChromeClient::rootViewToScreen):
(WebChromeClient::screenToRootView):
(WebChromeClient::platformPageClient):
(WebChromeClient::runOpenPanel):
(WebChromeClient::setCursor):

  • WebCoreSupport/WebContextMenuClient.cpp:

(WebContextMenuClient::customizeMenu):

  • WebCoreSupport/WebFrameLoaderClient.cpp:

(WebFrameLoaderClient::createPlugin):

  • WebCoreSupport/WebInspectorClient.cpp:

(WebInspectorClient::openInspectorFrontend):
(WebInspectorClient::highlight):
(WebInspectorFrontendClient::setAttachedWindowHeight):
(WebInspectorFrontendClient::closeWindowWithoutNotifications):
(WebInspectorFrontendClient::showWindowWithoutNotifications):

  • WebCoreSupport/WebInspectorClient.h:
  • WebCoreSupport/WebInspectorDelegate.cpp:
  • WebCoreSupport/WebInspectorDelegate.h:

(WebInspectorDelegate::webViewFirstResponder):
(WebInspectorDelegate::makeFirstResponder):
(WebInspectorDelegate::contextMenuItemsForElement):
(WebInspectorDelegate::trackCustomPopupMenu):
(WebInspectorDelegate::addCustomMenuDrawingData):
(WebInspectorDelegate::cleanUpCustomMenuDrawingData):
(WebInspectorDelegate::drawHeaderInRect):
(WebInspectorDelegate::drawFooterInRect):

  • WebDropSource.cpp:

(generateMouseEvent):
(WebDropSource::GiveFeedback):

  • WebError.cpp:

(WebError::sslPeerCertificate):

  • WebError.h:
  • WebFrame.cpp:

(WebFrame::paintDocumentRectToContext):
(WebFrame::paintScrollViewRectToContextAtPoint):
(WebFrame::createSubframeWithOwnerElement):
(WebFrame::initWithWebView):
(WebFrame::drawHeader):
(WebFrame::drawFooter):

  • WebFrame.h:
  • WebHistoryItem.cpp:

(WebHistoryItem::icon):

  • WebHistoryItem.h:
  • WebIconDatabase.cpp:

(WebIconDatabase::iconForURL):
(WebIconDatabase::defaultIconWithSize):

  • WebIconDatabase.h:
  • WebMutableURLRequest.cpp:

(WebMutableURLRequest::setClientCertificate):

  • WebMutableURLRequest.h:
  • WebNodeHighlight.cpp:

(WebNodeHighlight::WebNodeHighlight):

  • WebURLResponse.cpp:

(WebURLResponse::sslPeerCertificate):

  • WebURLResponse.h:
  • WebView.cpp:

(WebView::paintIntoBackingStore):
(WebView::handleContextMenuEvent):
(WebView::onInitMenuPopup):
(WebView::onUninitMenuPopup):
(WebView::WebViewWndProc):
(WebView::dispatchDidReceiveIconFromWebFrame):
(WebView::setHostWindow):
(WebView::hostWindow):
(WebView::generateSelectionImage):
(WebView::mainFrameIcon):
(WebView::viewWindow):
(WebView::paintDocumentRectToContext):
(WebView::paintScrollViewRectToContextAtPoint):
(WebView::backingStore):
(WebView::fullScreenClientSetParentWindow):

  • WebView.h:

Tools:

  • DumpRenderTree/win/AccessibilityControllerWin.cpp:

(AccessibilityController::rootElement):

  • DumpRenderTree/win/DumpRenderTree.cpp:

(resetWebViewToConsistentStateBeforeTesting):
(runTest):
(createWebViewAndOffscreenWindow):

  • DumpRenderTree/win/FrameLoadDelegate.h:

(FrameLoadDelegate::didReceiveIcon):

  • DumpRenderTree/win/TestRunnerWin.cpp:

(TestRunner::setWindowIsKey):

  • DumpRenderTree/win/UIDelegate.cpp:

(UIDelegate::trackCustomPopupMenu):
(UIDelegate::drawHeaderInRect):
(UIDelegate::drawFooterInRect):
(UIDelegate::webViewClose):
(UIDelegate::webViewFocus):
(UIDelegate::webViewSetCursor):
(UIDelegate::drawBackground):

  • DumpRenderTree/win/UIDelegate.h:

(UIDelegate::webViewFirstResponder):
(UIDelegate::makeFirstResponder):
(UIDelegate::contextMenuItemsForElement):
(UIDelegate::addCustomMenuDrawingData):
(UIDelegate::cleanUpCustomMenuDrawingData):
(UIDelegate::webViewLostFocus):

  • TestWebKitAPI/Tests/WebKit/win/WebViewDestruction.cpp:

(TestWebKitAPI::WebViewDestructionWithHostWindow::SetUp):

  • WinLauncher/PrintWebUIDelegate.cpp:

(PrintWebUIDelegate::drawHeaderInRect):
(PrintWebUIDelegate::drawFooterInRect):

  • WinLauncher/PrintWebUIDelegate.h:

(PrintWebUIDelegate::webViewFirstResponder):
(PrintWebUIDelegate::makeFirstResponder):
(PrintWebUIDelegate::contextMenuItemsForElement):
(PrintWebUIDelegate::trackCustomPopupMenu):
(PrintWebUIDelegate::addCustomMenuDrawingData):
(PrintWebUIDelegate::cleanUpCustomMenuDrawingData):

  • WinLauncher/WinLauncher.cpp:

(WinLauncher::prepareViews):

  • WinLauncher/WinLauncherWebHost.h:

(WinLauncherWebHost::didReceiveIcon):

File:
1 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/win/WebIconDatabase.cpp

    r165676 r172977  
    11/*
    2  * Copyright (C) 2006, 2007, 2008, 2009, 2013 Apple Inc. All rights reserved.
     2 * Copyright (C) 2006, 2007, 2008, 2009, 2013-2014 Apple Inc. All rights reserved.
    33 *
    44 * Redistribution and use in source and binary forms, with or without
     
    162162}
    163163
    164 HRESULT WebIconDatabase::iconForURL(
    165         /* [in] */ BSTR url,
    166         /* [optional][in] */ LPSIZE size,
    167         /* [optional][in] */ BOOL /*cache*/,
    168         /* [retval][out] */ OLE_HANDLE* bitmap)
     164HRESULT WebIconDatabase::iconForURL(BSTR url, LPSIZE size, BOOL /*cache*/, HBITMAP* bitmap)
    169165{
    170166    if (!size)
     
    179175    // Make sure we check for the case of an "empty image"
    180176    if (icon && icon->width()) {
    181         *bitmap = (OLE_HANDLE)(ULONG64)getOrCreateSharedBitmap(intSize);
    182         if (!icon->getHBITMAPOfSize((HBITMAP)(ULONG64)*bitmap, &intSize)) {
     177        *bitmap = getOrCreateSharedBitmap(intSize);
     178        if (!icon->getHBITMAPOfSize(*bitmap, &intSize)) {
    183179            LOG_ERROR("Failed to draw Image to HBITMAP");
    184180            *bitmap = 0;
     
    191187}
    192188
    193 HRESULT STDMETHODCALLTYPE WebIconDatabase::defaultIconWithSize(
    194         /* [in] */ LPSIZE size,
    195         /* [retval][out] */ OLE_HANDLE* result)
     189HRESULT WebIconDatabase::defaultIconWithSize(LPSIZE size, HBITMAP* result)
    196190{
    197191    if (!size)
     
    200194    IntSize intSize(*size);
    201195
    202     *result = (OLE_HANDLE)(ULONG64)getOrCreateDefaultIconBitmap(intSize);
     196    *result = getOrCreateDefaultIconBitmap(intSize);
    203197    return S_OK;
    204198}
Note: See TracChangeset for help on using the changeset viewer.