[iOS] convert NSNull to nil before checking type in readAsDataURL
#46635
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
facebook-github-bot
added
CLA Signed
|
@cipolleschi has imported this pull request. If you are a Meta employee, you can view this diff on Phabricator. |
|
@cipolleschi merged this pull request in 99ab845. |
|
This pull request was successfully merged by @haileyok in 99ab845 When will my fix make it into a release? | How to file a pick request? |
blakef
pushed a commit
that referenced
this pull request
Sep 30, 2024
…46635) Summary: This issue original arose out of bluesky-social/social-app#5100. Copying the description (with my general understanding of the problem) from the patch PR to here as well. There's a crash that comes up in the following, pretty specific scenario: - Have a response that has an empty body - Do not include a `content-type` header in the response - Set the `x-content-type-options` header to `nosniff` RN handles the response for a request in this block of code: https://github.com/facebook/react-native/blob/303e0ed7641409acf2d852c077f6be426afd7a0c/packages/react-native/Libraries/Blob/RCTBlobManager.mm#L314-L326 Here, we see that values of `nil` - which `[response MIMEType]` will return when no `content-type` is provided in the response and the actual type cannot be determined (https://developer.apple.com/documentation/foundation/nsurlresponse/1411613-mimetype) - gets converted to `NSNull` by `RCTNullIfNil`. When we get back over to `readAsDataURL`, we see that we grab the type from the dictionary and check if its `nil` before calling `length` on the string. https://github.com/facebook/react-native/blob/303e0ed7641409acf2d852c077f6be426afd7a0c/packages/react-native/Libraries/Blob/RCTFileReaderModule.mm#L74-L77 However, this check is dubious, because the value will never actually be `nil`. It will always either be `NSString` or `NSNull` because of the `RCTNullIfNil` call made above and `[RCTConvert NSString]` seems to just return the input if it is `NSNull`. ## Changelog: [IOS] [FIXED] - Convert `NSNull` to `nil` before checking `type` in `readAsDataURL` Pull Request resolved: #46635 Test Plan: This is a little awkward to test, but essentially this comes up in the following scenario that is described (and "tested" as being fixed by tweaking) in bluesky-social/social-app#5100. I have personally tested by using Cloudflare rules to add/remove that particular header from an empty body response. You could also test this with a little local web server if you want. ### Before https://github.com/user-attachments/assets/deb86c68-2251-4fef-9705-a1c93584e83e ### After https://github.com/user-attachments/assets/9ffab11b-b2c8-4a83-afd6-0a55fed3ae9b Reviewed By: dmytrorykun Differential Revision: D63381947 Pulled By: cipolleschi fbshipit-source-id: b2b4944d998133611592eed8d112faa6195587bd
blakef
pushed a commit
that referenced
this pull request
Sep 30, 2024
…46635) Summary: This issue original arose out of bluesky-social/social-app#5100. Copying the description (with my general understanding of the problem) from the patch PR to here as well. There's a crash that comes up in the following, pretty specific scenario: - Have a response that has an empty body - Do not include a `content-type` header in the response - Set the `x-content-type-options` header to `nosniff` RN handles the response for a request in this block of code: https://github.com/facebook/react-native/blob/303e0ed7641409acf2d852c077f6be426afd7a0c/packages/react-native/Libraries/Blob/RCTBlobManager.mm#L314-L326 Here, we see that values of `nil` - which `[response MIMEType]` will return when no `content-type` is provided in the response and the actual type cannot be determined (https://developer.apple.com/documentation/foundation/nsurlresponse/1411613-mimetype) - gets converted to `NSNull` by `RCTNullIfNil`. When we get back over to `readAsDataURL`, we see that we grab the type from the dictionary and check if its `nil` before calling `length` on the string. https://github.com/facebook/react-native/blob/303e0ed7641409acf2d852c077f6be426afd7a0c/packages/react-native/Libraries/Blob/RCTFileReaderModule.mm#L74-L77 However, this check is dubious, because the value will never actually be `nil`. It will always either be `NSString` or `NSNull` because of the `RCTNullIfNil` call made above and `[RCTConvert NSString]` seems to just return the input if it is `NSNull`. ## Changelog: [IOS] [FIXED] - Convert `NSNull` to `nil` before checking `type` in `readAsDataURL` Pull Request resolved: #46635 Test Plan: This is a little awkward to test, but essentially this comes up in the following scenario that is described (and "tested" as being fixed by tweaking) in bluesky-social/social-app#5100. I have personally tested by using Cloudflare rules to add/remove that particular header from an empty body response. You could also test this with a little local web server if you want. ### Before https://github.com/user-attachments/assets/deb86c68-2251-4fef-9705-a1c93584e83e ### After https://github.com/user-attachments/assets/9ffab11b-b2c8-4a83-afd6-0a55fed3ae9b Reviewed By: dmytrorykun Differential Revision: D63381947 Pulled By: cipolleschi fbshipit-source-id: b2b4944d998133611592eed8d112faa6195587bd
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
This issue original arose out of bluesky-social/social-app#5100. Copying the description (with my general understanding of the problem) from the patch PR to here as well.
There's a crash that comes up in the following, pretty specific scenario:
content-typeheader in the responsex-content-type-optionsheader tonosniffRN handles the response for a request in this block of code:
react-native/packages/react-native/Libraries/Blob/RCTBlobManager.mm
Lines 314 to 326 in 303e0ed
Here, we see that values of
nil- which[response MIMEType]will return when nocontent-typeis provided in the response and the actual type cannot be determined (https://developer.apple.com/documentation/foundation/nsurlresponse/1411613-mimetype) - gets converted toNSNullbyRCTNullIfNil.When we get back over to
readAsDataURL, we see that we grab the type from the dictionary and check if itsnilbefore callinglengthon the string.react-native/packages/react-native/Libraries/Blob/RCTFileReaderModule.mm
Lines 74 to 77 in 303e0ed
However, this check is dubious, because the value will never actually be
nil. It will always either beNSStringorNSNullbecause of theRCTNullIfNilcall made above and[RCTConvert NSString]seems to just return the input if it isNSNull.Changelog:
[IOS] [FIXED] - Convert
NSNulltonilbefore checkingtypeinreadAsDataURLTest Plan:
This is a little awkward to test, but essentially this comes up in the following scenario that is described (and "tested" as being fixed by tweaking) in bluesky-social/social-app#5100. I have personally tested by using Cloudflare rules to add/remove that particular header from an empty body response. You could also test this with a little local web server if you want.
Before
Screen.Recording.2024-09-24.at.2.20.07.PM.mov
After
Screen.Recording.2024-09-24.at.2.23.09.PM.mov