Diff
Modified: trunk/Source/WebKit2/ChangeLog (203132 => 203133)
--- trunk/Source/WebKit2/ChangeLog 2016-07-12 22:21:33 UTC (rev 203132)
+++ trunk/Source/WebKit2/ChangeLog 2016-07-12 22:43:20 UTC (rev 203133)
@@ -1,5 +1,32 @@
2016-07-12 Chris Dumez <[email protected]>
+ [WK2][NetworkSession] Fix unsafe RunLoop::dispatch() in NetworkLoad constructor
+ https://bugs.webkit.org/show_bug.cgi?id=159691
+
+ Reviewed by Brady Eidson.
+
+ Remove unsafe RunLoop::dispatch() in NetworkLoad constructor. It captured |this| but there
+ was no guarantee the NetworkLoad would still be alive by the time the lambda gets executed.
+
+ Instead, the constructor now takes a NetworkSession& parameter so that the call sites
+ have to retrieve the NetworkSession for a given SessionID and deal with the fact that
+ there may be no such NetworkSession before constructing the NetworkLoad.
+
+ * NetworkProcess/Downloads/DownloadManager.cpp:
+ (WebKit::DownloadManager::startDownload):
+ * NetworkProcess/Downloads/PendingDownload.cpp:
+ (WebKit::PendingDownload::PendingDownload):
+ * NetworkProcess/Downloads/PendingDownload.h:
+ * NetworkProcess/NetworkLoad.cpp:
+ (WebKit::NetworkLoad::NetworkLoad):
+ * NetworkProcess/NetworkLoad.h:
+ * NetworkProcess/NetworkResourceLoader.cpp:
+ (WebKit::NetworkResourceLoader::startNetworkLoad):
+ * NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp:
+ (WebKit::NetworkCache::SpeculativeLoad::SpeculativeLoad):
+
+2016-07-12 Chris Dumez <[email protected]>
+
[WK2] Protect against bad database data in LocalStorageDatabase::importItems()
https://bugs.webkit.org/show_bug.cgi?id=159663
<rdar://problem/18995873>
Modified: trunk/Source/WebKit2/NetworkProcess/Downloads/DownloadManager.cpp (203132 => 203133)
--- trunk/Source/WebKit2/NetworkProcess/Downloads/DownloadManager.cpp 2016-07-12 22:21:33 UTC (rev 203132)
+++ trunk/Source/WebKit2/NetworkProcess/Downloads/DownloadManager.cpp 2016-07-12 22:43:20 UTC (rev 203133)
@@ -54,7 +54,7 @@
parameters.sessionID = sessionID;
parameters.request = request;
parameters.clientCredentialPolicy = AskClientForAllCredentials;
- m_pendingDownloads.add(downloadID, std::make_unique<PendingDownload>(WTFMove(parameters), downloadID));
+ m_pendingDownloads.add(downloadID, std::make_unique<PendingDownload>(WTFMove(parameters), downloadID, *networkSession));
#else
auto download = std::make_unique<Download>(*this, downloadID, request, suggestedName);
download->start();
Modified: trunk/Source/WebKit2/NetworkProcess/Downloads/PendingDownload.cpp (203132 => 203133)
--- trunk/Source/WebKit2/NetworkProcess/Downloads/PendingDownload.cpp 2016-07-12 22:21:33 UTC (rev 203132)
+++ trunk/Source/WebKit2/NetworkProcess/Downloads/PendingDownload.cpp 2016-07-12 22:43:20 UTC (rev 203133)
@@ -38,8 +38,8 @@
namespace WebKit {
-PendingDownload::PendingDownload(NetworkLoadParameters&& parameters, DownloadID downloadID)
- : m_networkLoad(std::make_unique<NetworkLoad>(*this, WTFMove(parameters)))
+PendingDownload::PendingDownload(NetworkLoadParameters&& parameters, DownloadID downloadID, NetworkSession& networkSession)
+ : m_networkLoad(std::make_unique<NetworkLoad>(*this, WTFMove(parameters), networkSession))
{
m_networkLoad->setPendingDownloadID(downloadID);
m_networkLoad->setPendingDownload(*this);
Modified: trunk/Source/WebKit2/NetworkProcess/Downloads/PendingDownload.h (203132 => 203133)
--- trunk/Source/WebKit2/NetworkProcess/Downloads/PendingDownload.h 2016-07-12 22:21:33 UTC (rev 203132)
+++ trunk/Source/WebKit2/NetworkProcess/Downloads/PendingDownload.h 2016-07-12 22:43:20 UTC (rev 203133)
@@ -40,11 +40,12 @@
class DownloadID;
class NetworkLoad;
class NetworkLoadParameters;
+class NetworkSession;
class PendingDownload : public NetworkLoadClient, public IPC::MessageSender {
WTF_MAKE_FAST_ALLOCATED;
public:
- PendingDownload(NetworkLoadParameters&&, DownloadID);
+ PendingDownload(NetworkLoadParameters&&, DownloadID, NetworkSession&);
void continueWillSendRequest(WebCore::ResourceRequest&&);
void continueCanAuthenticateAgainstProtectionSpace(bool canAuthenticate);
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp (203132 => 203133)
--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-07-12 22:21:33 UTC (rev 203132)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.cpp 2016-07-12 22:43:20 UTC (rev 203133)
@@ -41,34 +41,35 @@
using namespace WebCore;
-NetworkLoad::NetworkLoad(NetworkLoadClient& client, NetworkLoadParameters&& parameters)
+#if USE(NETWORK_SESSION)
+
+NetworkLoad::NetworkLoad(NetworkLoadClient& client, NetworkLoadParameters&& parameters, NetworkSession& networkSession)
: m_client(client)
, m_parameters(WTFMove(parameters))
-#if !USE(NETWORK_SESSION)
- , m_networkingContext(RemoteNetworkingContext::create(m_parameters.sessionID, m_parameters.shouldClearReferrerOnHTTPSToHTTPRedirect))
-#endif
, m_currentRequest(m_parameters.request)
{
-#if USE(NETWORK_SESSION)
if (m_parameters.request.url().protocolIsBlob()) {
m_handle = ResourceHandle::create(nullptr, m_parameters.request, this, m_parameters.defersLoading, m_parameters.contentSniffingPolicy == SniffContent);
return;
}
- if (auto* networkSession = SessionTracker::networkSession(m_parameters.sessionID)) {
- m_task = NetworkDataTask::create(*networkSession, *this, m_parameters.request, m_parameters.allowStoredCredentials, m_parameters.contentSniffingPolicy, m_parameters.shouldClearReferrerOnHTTPSToHTTPRedirect);
- if (!m_parameters.defersLoading)
- m_task->resume();
- } else {
- WTFLogAlways("Attempted to create a NetworkLoad with a session (id=%" PRIu64 ") that does not exist.", m_parameters.sessionID.sessionID());
- RunLoop::current().dispatch([this, url = "" {
- didCompleteWithError(internalError(url));
- });
- }
+ m_task = NetworkDataTask::create(networkSession, *this, m_parameters.request, m_parameters.allowStoredCredentials, m_parameters.contentSniffingPolicy, m_parameters.shouldClearReferrerOnHTTPSToHTTPRedirect);
+ if (!m_parameters.defersLoading)
+ m_task->resume();
+}
+
#else
+
+NetworkLoad::NetworkLoad(NetworkLoadClient& client, NetworkLoadParameters&& parameters)
+ : m_client(client)
+ , m_parameters(WTFMove(parameters))
+ , m_networkingContext(RemoteNetworkingContext::create(m_parameters.sessionID, m_parameters.shouldClearReferrerOnHTTPSToHTTPRedirect))
+ , m_currentRequest(m_parameters.request)
+{
m_handle = ResourceHandle::create(m_networkingContext.get(), m_parameters.request, this, m_parameters.defersLoading, m_parameters.contentSniffingPolicy == SniffContent);
-#endif
}
+#endif
+
NetworkLoad::~NetworkLoad()
{
ASSERT(RunLoop::isMain());
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h (203132 => 203133)
--- trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h 2016-07-12 22:21:33 UTC (rev 203132)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkLoad.h 2016-07-12 22:43:20 UTC (rev 203133)
@@ -47,7 +47,11 @@
{
WTF_MAKE_FAST_ALLOCATED;
public:
+#if USE(NETWORK_SESSION)
+ NetworkLoad(NetworkLoadClient&, NetworkLoadParameters&&, NetworkSession&);
+#else
NetworkLoad(NetworkLoadClient&, NetworkLoadParameters&&);
+#endif
~NetworkLoad();
void setDefersLoading(bool);
Modified: trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp (203132 => 203133)
--- trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp 2016-07-12 22:21:33 UTC (rev 203132)
+++ trunk/Source/WebKit2/NetworkProcess/NetworkResourceLoader.cpp 2016-07-12 22:43:20 UTC (rev 203133)
@@ -34,7 +34,9 @@
#include "NetworkLoad.h"
#include "NetworkProcess.h"
#include "NetworkProcessConnectionMessages.h"
+#include "SessionTracker.h"
#include "WebCoreArgumentCoders.h"
+#include "WebErrors.h"
#include "WebResourceLoaderMessages.h"
#include <WebCore/BlobDataFileReference.h>
#include <WebCore/CertificateInfo.h>
@@ -209,7 +211,18 @@
NetworkLoadParameters parameters = m_parameters;
parameters.defersLoading = m_defersLoading;
parameters.request = request;
+
+#if USE(NETWORK_SESSION)
+ auto* networkSession = SessionTracker::networkSession(parameters.sessionID);
+ if (!networkSession) {
+ WTFLogAlways("Attempted to create a NetworkLoad with a session (id=%" PRIu64 ") that does not exist.", parameters.sessionID.sessionID());
+ didFailLoading(internalError(request.url()));
+ return;
+ }
+ m_networkLoad = std::make_unique<NetworkLoad>(*this, WTFMove(parameters), *networkSession);
+#else
m_networkLoad = std::make_unique<NetworkLoad>(*this, WTFMove(parameters));
+#endif
}
void NetworkResourceLoader::setDefersLoading(bool defers)
Modified: trunk/Source/WebKit2/NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp (203132 => 203133)
--- trunk/Source/WebKit2/NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp 2016-07-12 22:21:33 UTC (rev 203132)
+++ trunk/Source/WebKit2/NetworkProcess/cache/NetworkCacheSpeculativeLoad.cpp 2016-07-12 22:43:20 UTC (rev 203133)
@@ -55,7 +55,11 @@
parameters.allowStoredCredentials = AllowStoredCredentials;
parameters.contentSniffingPolicy = DoNotSniffContent;
parameters.request = m_originalRequest;
+#if USE(NETWORK_SESSION)
+ m_networkLoad = std::make_unique<NetworkLoad>(*this, WTFMove(parameters), NetworkSession::defaultSession());
+#else
m_networkLoad = std::make_unique<NetworkLoad>(*this, WTFMove(parameters));
+#endif
}
SpeculativeLoad::~SpeculativeLoad()
