- Revision
- 219525
- Author
- cdu...@apple.com
- Date
- 2017-07-14 14:45:40 -0700 (Fri, 14 Jul 2017)
Log Message
Possible crash under NetworkSocketStream::didFailSocketStream()
https://bugs.webkit.org/show_bug.cgi?id=174526
<rdar://problem/32831441>
Reviewed by Brent Fulgham.
Source/WebCore:
Call m_client.didFailSocketStream() asynchronously in the constructor as our
caller (the client) is also being initialized at this point.
* platform/network/cf/SocketStreamHandleImplCFNet.cpp:
(WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl):
Source/WebKit:
For robustness, initialize the SocketStreamHandleImpl after the other
data members. We are passing |this| to the SocketStreamHandleImpl when
constructing it so it is unsafe to have uninitialized data members
at this point.
* NetworkProcess/NetworkSocketStream.cpp:
(WebKit::NetworkSocketStream::NetworkSocketStream):
* NetworkProcess/NetworkSocketStream.h:
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (219524 => 219525)
--- trunk/Source/WebCore/ChangeLog 2017-07-14 21:43:35 UTC (rev 219524)
+++ trunk/Source/WebCore/ChangeLog 2017-07-14 21:45:40 UTC (rev 219525)
@@ -1,3 +1,17 @@
+2017-07-14 Chris Dumez <cdu...@apple.com>
+
+ Possible crash under NetworkSocketStream::didFailSocketStream()
+ https://bugs.webkit.org/show_bug.cgi?id=174526
+ <rdar://problem/32831441>
+
+ Reviewed by Brent Fulgham.
+
+ Call m_client.didFailSocketStream() asynchronously in the constructor as our
+ caller (the client) is also being initialized at this point.
+
+ * platform/network/cf/SocketStreamHandleImplCFNet.cpp:
+ (WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl):
+
2017-07-14 Youenn Fablet <you...@apple.com>
WebRTC: silence data not sent for disabled audio track
Modified: trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp (219524 => 219525)
--- trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp 2017-07-14 21:43:35 UTC (rev 219524)
+++ trunk/Source/WebCore/platform/network/cf/SocketStreamHandleImplCFNet.cpp 2017-07-14 21:45:40 UTC (rev 219525)
@@ -86,7 +86,10 @@
if (url.protocolIs("ws")
&& !sessionID.isEphemeral()
&& _CFNetworkIsKnownHSTSHostWithSession(m_httpsURL.get(), nullptr)) {
- m_client.didFailSocketStream(*this, SocketStreamError(0, m_url.string(), "WebSocket connection failed because it violates HTTP Strict Transport Security."));
+ // Call this asynchronously because the socket stream is not fully constructed at this point.
+ callOnMainThread([this, protectedThis = makeRef(*this)] {
+ m_client.didFailSocketStream(*this, SocketStreamError(0, m_url.string(), "WebSocket connection failed because it violates HTTP Strict Transport Security."));
+ });
return;
}
#endif
Modified: trunk/Source/WebKit/ChangeLog (219524 => 219525)
--- trunk/Source/WebKit/ChangeLog 2017-07-14 21:43:35 UTC (rev 219524)
+++ trunk/Source/WebKit/ChangeLog 2017-07-14 21:45:40 UTC (rev 219525)
@@ -1,3 +1,20 @@
+2017-07-14 Chris Dumez <cdu...@apple.com>
+
+ Possible crash under NetworkSocketStream::didFailSocketStream()
+ https://bugs.webkit.org/show_bug.cgi?id=174526
+ <rdar://problem/32831441>
+
+ Reviewed by Brent Fulgham.
+
+ For robustness, initialize the SocketStreamHandleImpl after the other
+ data members. We are passing |this| to the SocketStreamHandleImpl when
+ constructing it so it is unsafe to have uninitialized data members
+ at this point.
+
+ * NetworkProcess/NetworkSocketStream.cpp:
+ (WebKit::NetworkSocketStream::NetworkSocketStream):
+ * NetworkProcess/NetworkSocketStream.h:
+
2017-07-14 Michael Catanzaro <mcatanz...@igalia.com>
[CMake] Unclear distinction between WebKitHelpers and WebKitMacros
Modified: trunk/Source/WebKit/NetworkProcess/NetworkSocketStream.cpp (219524 => 219525)
--- trunk/Source/WebKit/NetworkProcess/NetworkSocketStream.cpp 2017-07-14 21:43:35 UTC (rev 219524)
+++ trunk/Source/WebKit/NetworkProcess/NetworkSocketStream.cpp 2017-07-14 21:45:40 UTC (rev 219525)
@@ -41,9 +41,9 @@
}
NetworkSocketStream::NetworkSocketStream(URL&& url, SessionID sessionID, const String& credentialPartition, uint64_t identifier, IPC::Connection& connection, SourceApplicationAuditToken&& auditData)
- : m_impl(SocketStreamHandleImpl::create(url, *this, sessionID, credentialPartition, WTFMove(auditData)))
- , m_identifier(identifier)
+ : m_identifier(identifier)
, m_connection(connection)
+ , m_impl(SocketStreamHandleImpl::create(url, *this, sessionID, credentialPartition, WTFMove(auditData)))
{
}
Modified: trunk/Source/WebKit/NetworkProcess/NetworkSocketStream.h (219524 => 219525)
--- trunk/Source/WebKit/NetworkProcess/NetworkSocketStream.h 2017-07-14 21:43:35 UTC (rev 219524)
+++ trunk/Source/WebKit/NetworkProcess/NetworkSocketStream.h 2017-07-14 21:45:40 UTC (rev 219525)
@@ -67,9 +67,10 @@
uint64_t messageSenderDestinationID() final;
NetworkSocketStream(WebCore::URL&&, WebCore::SessionID, const String& credentialPartition, uint64_t, IPC::Connection&, WebCore::SourceApplicationAuditToken&&);
- Ref<WebCore::SocketStreamHandleImpl> m_impl;
+
uint64_t m_identifier;
IPC::Connection& m_connection;
+ Ref<WebCore::SocketStreamHandleImpl> m_impl;
};
} // namespace WebKit
