From 0af182baa2f35d91b8dfaf0b5a8fef06b77dd03a Mon Sep 17 00:00:00 2001 From: Morph <39850852+Morph1984@users.noreply.github.com> Date: Wed, 28 Apr 2021 11:32:44 -0400 Subject: [PATCH] applets/web: Fix a use-after-free when passing in the URL string The URL string was being deleted before being used, leading to a use-after-free occurring when it is used afterwards. Fix this by taking the string by const ref to extend its lifetime, ensuring it doesn't get deleted before use. --- src/core/frontend/applets/web_browser.cpp | 4 ++-- src/core/frontend/applets/web_browser.h | 9 +++++---- src/yuzu/applets/web_browser.cpp | 19 +++++++++---------- src/yuzu/applets/web_browser.h | 11 ++++++----- src/yuzu/main.cpp | 8 +++++--- src/yuzu/main.h | 2 +- 6 files changed, 28 insertions(+), 25 deletions(-) diff --git a/src/core/frontend/applets/web_browser.cpp b/src/core/frontend/applets/web_browser.cpp index 50db6a654..be4736f47 100644 --- a/src/core/frontend/applets/web_browser.cpp +++ b/src/core/frontend/applets/web_browser.cpp @@ -12,7 +12,7 @@ WebBrowserApplet::~WebBrowserApplet() = default; DefaultWebBrowserApplet::~DefaultWebBrowserApplet() = default; void DefaultWebBrowserApplet::OpenLocalWebPage( - std::string_view local_url, std::function extract_romfs_callback, + const std::string& local_url, std::function extract_romfs_callback, std::function callback) const { LOG_WARNING(Service_AM, "(STUBBED) called, backend requested to open local web page at {}", local_url); @@ -21,7 +21,7 @@ void DefaultWebBrowserApplet::OpenLocalWebPage( } void DefaultWebBrowserApplet::OpenExternalWebPage( - std::string_view external_url, + const std::string& external_url, std::function callback) const { LOG_WARNING(Service_AM, "(STUBBED) called, backend requested to open external web page at {}", external_url); diff --git a/src/core/frontend/applets/web_browser.h b/src/core/frontend/applets/web_browser.h index 1c5ef19a9..d7bd44c27 100644 --- a/src/core/frontend/applets/web_browser.h +++ b/src/core/frontend/applets/web_browser.h @@ -16,11 +16,11 @@ public: virtual ~WebBrowserApplet(); virtual void OpenLocalWebPage( - std::string_view local_url, std::function extract_romfs_callback, + const std::string& local_url, std::function extract_romfs_callback, std::function callback) const = 0; virtual void OpenExternalWebPage( - std::string_view external_url, + const std::string& external_url, std::function callback) const = 0; }; @@ -28,11 +28,12 @@ class DefaultWebBrowserApplet final : public WebBrowserApplet { public: ~DefaultWebBrowserApplet() override; - void OpenLocalWebPage(std::string_view local_url, std::function extract_romfs_callback, + void OpenLocalWebPage(const std::string& local_url, + std::function extract_romfs_callback, std::function callback) const override; - void OpenExternalWebPage(std::string_view external_url, + void OpenExternalWebPage(const std::string& external_url, std::function callback) const override; }; diff --git a/src/yuzu/applets/web_browser.cpp b/src/yuzu/applets/web_browser.cpp index e482ba029..93e3a4f6f 100644 --- a/src/yuzu/applets/web_browser.cpp +++ b/src/yuzu/applets/web_browser.cpp @@ -102,8 +102,8 @@ QtNXWebEngineView::~QtNXWebEngineView() { StopInputThread(); } -void QtNXWebEngineView::LoadLocalWebPage(std::string_view main_url, - std::string_view additional_args) { +void QtNXWebEngineView::LoadLocalWebPage(const std::string& main_url, + const std::string& additional_args) { is_local = true; LoadExtractedFonts(); @@ -113,12 +113,12 @@ void QtNXWebEngineView::LoadLocalWebPage(std::string_view main_url, SetLastURL("http://localhost/"); StartInputThread(); - load(QUrl(QUrl::fromLocalFile(QString::fromStdString(std::string(main_url))).toString() + - QString::fromStdString(std::string(additional_args)))); + load(QUrl(QUrl::fromLocalFile(QString::fromStdString(main_url)).toString() + + QString::fromStdString(additional_args))); } -void QtNXWebEngineView::LoadExternalWebPage(std::string_view main_url, - std::string_view additional_args) { +void QtNXWebEngineView::LoadExternalWebPage(const std::string& main_url, + const std::string& additional_args) { is_local = false; SetUserAgent(UserAgent::WebApplet); @@ -127,8 +127,7 @@ void QtNXWebEngineView::LoadExternalWebPage(std::string_view main_url, SetLastURL("http://localhost/"); StartInputThread(); - load(QUrl(QString::fromStdString(std::string(main_url)) + - QString::fromStdString(std::string(additional_args)))); + load(QUrl(QString::fromStdString(main_url) + QString::fromStdString(additional_args))); } void QtNXWebEngineView::SetUserAgent(UserAgent user_agent) { @@ -375,7 +374,7 @@ QtWebBrowser::QtWebBrowser(GMainWindow& main_window) { QtWebBrowser::~QtWebBrowser() = default; void QtWebBrowser::OpenLocalWebPage( - std::string_view local_url, std::function extract_romfs_callback_, + const std::string& local_url, std::function extract_romfs_callback_, std::function callback_) const { extract_romfs_callback = std::move(extract_romfs_callback_); callback = std::move(callback_); @@ -390,7 +389,7 @@ void QtWebBrowser::OpenLocalWebPage( } void QtWebBrowser::OpenExternalWebPage( - std::string_view external_url, + const std::string& external_url, std::function callback_) const { callback = std::move(callback_); diff --git a/src/yuzu/applets/web_browser.h b/src/yuzu/applets/web_browser.h index 47f960d69..7ad07409f 100644 --- a/src/yuzu/applets/web_browser.h +++ b/src/yuzu/applets/web_browser.h @@ -58,7 +58,7 @@ public: * @param main_url The url to the file. * @param additional_args Additional arguments appended to the main url. */ - void LoadLocalWebPage(std::string_view main_url, std::string_view additional_args); + void LoadLocalWebPage(const std::string& main_url, const std::string& additional_args); /** * Loads an external website. Cannot be used to load local urls. @@ -66,7 +66,7 @@ public: * @param main_url The url to the website. * @param additional_args Additional arguments appended to the main url. */ - void LoadExternalWebPage(std::string_view main_url, std::string_view additional_args); + void LoadExternalWebPage(const std::string& main_url, const std::string& additional_args); /** * Sets the background color of the web page. @@ -193,16 +193,17 @@ public: explicit QtWebBrowser(GMainWindow& parent); ~QtWebBrowser() override; - void OpenLocalWebPage(std::string_view local_url, std::function extract_romfs_callback_, + void OpenLocalWebPage(const std::string& local_url, + std::function extract_romfs_callback_, std::function callback_) const override; - void OpenExternalWebPage(std::string_view external_url, + void OpenExternalWebPage(const std::string& external_url, std::function callback_) const override; signals: - void MainWindowOpenWebPage(std::string_view main_url, std::string_view additional_args, + void MainWindowOpenWebPage(const std::string& main_url, const std::string& additional_args, bool is_local) const; private: diff --git a/src/yuzu/main.cpp b/src/yuzu/main.cpp index 5f6cdc0c6..2fd38a851 100644 --- a/src/yuzu/main.cpp +++ b/src/yuzu/main.cpp @@ -574,8 +574,8 @@ void GMainWindow::SoftwareKeyboardExit() { software_keyboard = nullptr; } -void GMainWindow::WebBrowserOpenWebPage(std::string_view main_url, std::string_view additional_args, - bool is_local) { +void GMainWindow::WebBrowserOpenWebPage(const std::string& main_url, + const std::string& additional_args, bool is_local) { #ifdef YUZU_USE_QT_WEB_ENGINE if (disable_web_applet) { @@ -596,13 +596,15 @@ void GMainWindow::WebBrowserOpenWebPage(std::string_view main_url, std::string_v loading_progress.setRange(0, 3); loading_progress.setValue(0); - if (is_local && !Common::FS::Exists(std::string(main_url))) { + if (is_local && !Common::FS::Exists(main_url)) { loading_progress.show(); auto future = QtConcurrent::run([this] { emit WebBrowserExtractOfflineRomFS(); }); while (!future.isFinished()) { QCoreApplication::processEvents(); + + std::this_thread::sleep_for(std::chrono::milliseconds(1)); } } diff --git a/src/yuzu/main.h b/src/yuzu/main.h index 7f1e50a5b..98a608fce 100644 --- a/src/yuzu/main.h +++ b/src/yuzu/main.h @@ -159,7 +159,7 @@ public slots: void SoftwareKeyboardExit(); void ErrorDisplayDisplayError(QString error_code, QString error_text); void ProfileSelectorSelectProfile(); - void WebBrowserOpenWebPage(std::string_view main_url, std::string_view additional_args, + void WebBrowserOpenWebPage(const std::string& main_url, const std::string& additional_args, bool is_local); void OnAppFocusStateChanged(Qt::ApplicationState state);