[Offline Pages] Fix null deref in MHTMLParser.

This was found by ClusterFuzz, see test case in bug. Bug: 828810 Change-Id: I68e3050023d2475917334c54b5d85b7d20565775 Reviewed-on: https://chromium-review.googlesource.com/995962Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Justin DeWitt <dewittj@chromium.org> Cr-Commit-Position: refs/heads/master@{#548530}

[Offline Pages] Fix null deref in MHTMLParser.
This was found by ClusterFuzz, see test case in bug. Bug: 828810 Change-Id: I68e3050023d2475917334c54b5d85b7d20565775 Reviewed-on: https://chromium-review.googlesource.com/995962Reviewed-by: Dmitry Gozman <dgozman@chromium.org> Commit-Queue: Justin DeWitt <dewittj@chromium.org> Cr-Commit-Position: refs/heads/master@{#548530}
650e9e8c · Justin DeWitt · Commit Bot · b9d7693b · 650e9e8c · 650e9e8c
Commit 650e9e8c authored Apr 05, 2018 by Justin DeWitt Committed by Commit Bot Apr 05, 2018
2 changed files
--- a/third_party/WebKit/Source/platform/mhtml/MHTMLParser.cpp
+++ b/third_party/WebKit/Source/platform/mhtml/MHTMLParser.cpp
@@ -221,9 +221,11 @@ MHTMLParser::MHTMLParser(scoped_refptr<const SharedBuffer> data)
 HeapVector<Member<ArchiveResource>> MHTMLParser::ParseArchive() {
  MIMEHeader* header = MIMEHeader::ParseHeader(&line_reader_);
  HeapVector<Member<ArchiveResource>> resources;
-  if (!ParseArchiveWithHeader(header, resources))
-    resources.clear();
+  if (ParseArchiveWithHeader(header, resources)) {
    creation_date_ = header->Date();
+  } else {
+    resources.clear();
+  }
  return resources;
 }


--- a/third_party/WebKit/Source/platform/mhtml/MHTMLParserTest.cpp
+++ b/third_party/WebKit/Source/platform/mhtml/MHTMLParserTest.cpp
@@ -390,7 +390,7 @@ TEST_F(MHTMLParserTest, DateParsing_InvalidDate) {
 }

 TEST_F(MHTMLParserTest, DateParsing_ValidDate) {
-  // Missing encoding is treated as binary.
+  // Valid date is used.
  const char mhtml_data[] =
      "From: <Saved by Blink>\r\n"
      "Subject: Test Subject\r\n"
@@ -415,4 +415,14 @@ TEST_F(MHTMLParserTest, DateParsing_ValidDate) {
  EXPECT_EQ(expected_time, creation_time);
 }

+TEST_F(MHTMLParserTest, MissingBoundary) {
+  // No "boundary" parameter in the content type header means that parsing will
+  // be a failure and the header will be |nullptr|.
+  const char mhtml_data[] = "Content-Type: multipart/false\r\n";
+
+  HeapVector<Member<ArchiveResource>> resources =
+      ParseArchive(mhtml_data, sizeof(mhtml_data));
+  EXPECT_EQ(0U, resources.size());
+}
+
 }  // namespace blink