[webkit-changes] [200511] trunk/Source/WebCore

Fri, 06 May 2016 08:53:36 -0700

Title: [200511] trunk/Source/WebCore
Revision
200511
Author
[email protected]
Date
2016-05-06 08:53:10 -0700 (Fri, 06 May 2016)

Log Message

Don't use invalidated ResourceLoadStatistics iterators
https://bugs.webkit.org/show_bug.cgi?id=157412
<rdar://problem/26133153>

Reviewed by Chris Dumez.

ResourceLoadObserver::logFrameNavigation was using references bound to the 'value'
member of iterators from the ResourceLoadStatistics HashMap. When new entries were
added, these iterators were invalidated causing the references to refer to invalid
memory.

Renamed 'resourceStatisticsForPrimaryDomain' to 'ensureResourceStatisticsForPrimaryDomain'
to clarify that it may mutate the underlying HashMap, thereby invalidating any
existing iterators.

* loader/ResourceLoadObserver.cpp:
(WebCore::ResourceLoadObserver::logFrameNavigation): Protect against HashMap
elements being copied/moved when new intries are added.
* loader/ResourceLoadStatisticsStore.cpp:
(WebCore::ResourceLoadStatisticsStore::setResourceStatisticsForPrimaryDomain): Added.
* loader/ResourceLoadStatisticsStore.h:

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (200510 => 200511)


--- trunk/Source/WebCore/ChangeLog	2016-05-06 08:17:12 UTC (rev 200510)
+++ trunk/Source/WebCore/ChangeLog	2016-05-06 15:53:10 UTC (rev 200511)
@@ -1,3 +1,27 @@
+2016-05-06  Brent Fulgham  <[email protected]>
+
+        Don't use invalidated ResourceLoadStatistics iterators
+        https://bugs.webkit.org/show_bug.cgi?id=157412
+        <rdar://problem/26133153>
+
+        Reviewed by Chris Dumez.
+
+        ResourceLoadObserver::logFrameNavigation was using references bound to the 'value'
+        member of iterators from the ResourceLoadStatistics HashMap. When new entries were
+        added, these iterators were invalidated causing the references to refer to invalid
+        memory.
+
+        Renamed 'resourceStatisticsForPrimaryDomain' to 'ensureResourceStatisticsForPrimaryDomain'
+        to clarify that it may mutate the underlying HashMap, thereby invalidating any
+        existing iterators.
+
+        * loader/ResourceLoadObserver.cpp:
+        (WebCore::ResourceLoadObserver::logFrameNavigation): Protect against HashMap
+        elements being copied/moved when new intries are added.
+        * loader/ResourceLoadStatisticsStore.cpp:
+        (WebCore::ResourceLoadStatisticsStore::setResourceStatisticsForPrimaryDomain): Added.
+        * loader/ResourceLoadStatisticsStore.h:
+
 2016-05-06  Manuel Rego Casasnovas  <[email protected]>
 
         [css-grid] Unprefix CSS Grid Layout properties

Modified: trunk/Source/WebCore/loader/ResourceLoadObserver.cpp (200510 => 200511)


--- trunk/Source/WebCore/loader/ResourceLoadObserver.cpp	2016-05-06 08:17:12 UTC (rev 200510)
+++ trunk/Source/WebCore/loader/ResourceLoadObserver.cpp	2016-05-06 15:53:10 UTC (rev 200511)
@@ -96,7 +96,7 @@
         return;
     
     auto targetOrigin = SecurityOrigin::create(targetURL);
-    auto& targetStatistics = m_store->resourceStatisticsForPrimaryDomain(targetPrimaryDomain);
+    auto targetStatistics = m_store->ensureResourceStatisticsForPrimaryDomain(targetPrimaryDomain);
     
     if (isMainFrame)
         targetStatistics.topFrameHasBeenNavigatedToBefore = true;
@@ -108,7 +108,7 @@
     }
     
     if (isRedirect) {
-        auto& redirectingOriginResourceStatistics = m_store->resourceStatisticsForPrimaryDomain(sourcePrimaryDomain);
+        auto& redirectingOriginResourceStatistics = m_store->ensureResourceStatisticsForPrimaryDomain(sourcePrimaryDomain);
         
         if (m_store->isPrevalentResource(targetPrimaryDomain))
             redirectingOriginResourceStatistics.redirectedToOtherPrevalentResourceOrigins.add(targetPrimaryDomain);
@@ -130,7 +130,7 @@
             else
                 ++targetStatistics.subframeSubResourceCount;
         } else {
-            auto& sourceOriginResourceStatistics = m_store->resourceStatisticsForPrimaryDomain(sourcePrimaryDomain);
+            auto& sourceOriginResourceStatistics = m_store->ensureResourceStatisticsForPrimaryDomain(sourcePrimaryDomain);
 
             if (isMainFrame) {
                 ++sourceOriginResourceStatistics.topFrameHasBeenNavigatedFrom;
@@ -142,6 +142,7 @@
         }
     }
 
+    m_store->setResourceStatisticsForPrimaryDomain(targetPrimaryDomain, WTFMove(targetStatistics));
     m_store->fireDataModificationHandler();
 }
     
@@ -175,13 +176,13 @@
     if (targetPrimaryDomain == mainFramePrimaryDomain || targetPrimaryDomain == sourcePrimaryDomain)
         return;
 
-    auto& targetStatistics = m_store->resourceStatisticsForPrimaryDomain(targetPrimaryDomain);
+    auto& targetStatistics = m_store->ensureResourceStatisticsForPrimaryDomain(targetPrimaryDomain);
 
     auto mainFrameOrigin = SecurityOrigin::create(mainFrameURL);
     targetStatistics.subresourceUnderTopFrameOrigins.add(mainFramePrimaryDomain);
 
     if (isRedirect) {
-        auto& redirectingOriginStatistics = m_store->resourceStatisticsForPrimaryDomain(sourcePrimaryDomain);
+        auto& redirectingOriginStatistics = m_store->ensureResourceStatisticsForPrimaryDomain(sourcePrimaryDomain);
         
         if (m_store->isPrevalentResource(targetPrimaryDomain))
             redirectingOriginStatistics.redirectedToOtherPrevalentResourceOrigins.add(targetPrimaryDomain);
@@ -219,7 +220,7 @@
     if (needPrivacy)
         return;
 
-    auto& statistics = m_store->resourceStatisticsForPrimaryDomain(primaryDomain(document.url()));
+    auto& statistics = m_store->ensureResourceStatisticsForPrimaryDomain(primaryDomain(document.url()));
     statistics.hadUserInteraction = true;
     m_store->fireDataModificationHandler();
 }

Modified: trunk/Source/WebCore/loader/ResourceLoadStatisticsStore.cpp (200510 => 200511)


--- trunk/Source/WebCore/loader/ResourceLoadStatisticsStore.cpp	2016-05-06 08:17:12 UTC (rev 200510)
+++ trunk/Source/WebCore/loader/ResourceLoadStatisticsStore.cpp	2016-05-06 15:53:10 UTC (rev 200511)
@@ -57,7 +57,7 @@
     return mapEntry->value.isPrevalentResource;
 }
     
-ResourceLoadStatistics& ResourceLoadStatisticsStore::resourceStatisticsForPrimaryDomain(const String& primaryDomain)
+ResourceLoadStatistics& ResourceLoadStatisticsStore::ensureResourceStatisticsForPrimaryDomain(const String& primaryDomain)
 {
     auto addResult = m_resourceStatisticsMap.ensure(primaryDomain, [&primaryDomain] {
         return ResourceLoadStatistics(primaryDomain);
@@ -66,6 +66,11 @@
     return addResult.iterator->value;
 }
 
+void ResourceLoadStatisticsStore::setResourceStatisticsForPrimaryDomain(const String& primaryDomain, ResourceLoadStatistics&& statistics)
+{
+    m_resourceStatisticsMap.set(primaryDomain, WTFMove(statistics));
+}
+
 typedef HashMap<String, ResourceLoadStatistics>::KeyValuePairType StatisticsValue;
 
 std::unique_ptr<KeyedEncoder> ResourceLoadStatisticsStore::createEncoderFromData()

Modified: trunk/Source/WebCore/loader/ResourceLoadStatisticsStore.h (200510 => 200511)


--- trunk/Source/WebCore/loader/ResourceLoadStatisticsStore.h	2016-05-06 08:17:12 UTC (rev 200510)
+++ trunk/Source/WebCore/loader/ResourceLoadStatisticsStore.h	2016-05-06 15:53:10 UTC (rev 200511)
@@ -49,7 +49,8 @@
     size_t size() const { return m_resourceStatisticsMap.size(); }
     void clear() { m_resourceStatisticsMap.clear(); }
 
-    ResourceLoadStatistics& resourceStatisticsForPrimaryDomain(const String&);
+    ResourceLoadStatistics& ensureResourceStatisticsForPrimaryDomain(const String&);
+    void setResourceStatisticsForPrimaryDomain(const String&, ResourceLoadStatistics&&);
 
     bool isPrevalentResource(const String&) const;
     

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to