Title: [214793] releases/WebKitGTK/webkit-2.16/Source/WebKit2
- Revision
- 214793
- Author
- carlo...@webkit.org
- Date
- 2017-04-03 06:57:23 -0700 (Mon, 03 Apr 2017)
Log Message
Merge r214786 - Mutex may be freed too late in NetworkCache::Storage::traverse
https://bugs.webkit.org/show_bug.cgi?id=170400
<rdar://problem/30515865>
Reviewed by Carlos Garcia Campos and Andreas Kling.
Fix a race.
* NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::traverse):
Ensure the mutex is not accessed after we dispatch to the main thread.
The main thread call deletes the owning TraverseOperation.
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog (214792 => 214793)
--- releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog 2017-04-03 13:56:37 UTC (rev 214792)
+++ releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog 2017-04-03 13:57:23 UTC (rev 214793)
@@ -1,3 +1,19 @@
+2017-04-03 Antti Koivisto <an...@apple.com>
+
+ Mutex may be freed too late in NetworkCache::Storage::traverse
+ https://bugs.webkit.org/show_bug.cgi?id=170400
+ <rdar://problem/30515865>
+
+ Reviewed by Carlos Garcia Campos and Andreas Kling.
+
+ Fix a race.
+
+ * NetworkProcess/cache/NetworkCacheStorage.cpp:
+ (WebKit::NetworkCache::Storage::traverse):
+
+ Ensure the mutex is not accessed after we dispatch to the main thread.
+ The main thread call deletes the owning TraverseOperation.
+
2017-03-21 Sergio Villar Senin <svil...@igalia.com>
[Soup] "Only from websites I visit" cookie policy is broken
Modified: releases/WebKitGTK/webkit-2.16/Source/WebKit2/NetworkProcess/cache/NetworkCacheStorage.cpp (214792 => 214793)
--- releases/WebKitGTK/webkit-2.16/Source/WebKit2/NetworkProcess/cache/NetworkCacheStorage.cpp 2017-04-03 13:56:37 UTC (rev 214792)
+++ releases/WebKitGTK/webkit-2.16/Source/WebKit2/NetworkProcess/cache/NetworkCacheStorage.cpp 2017-04-03 13:57:23 UTC (rev 214793)
@@ -859,11 +859,13 @@
return traverseOperation.activeCount <= maximumParallelReadCount;
});
});
- // Wait for all reads to finish.
- std::unique_lock<Lock> lock(traverseOperation.activeMutex);
- traverseOperation.activeCondition.wait(lock, [&traverseOperation] {
- return !traverseOperation.activeCount;
- });
+ {
+ // Wait for all reads to finish.
+ std::unique_lock<Lock> lock(traverseOperation.activeMutex);
+ traverseOperation.activeCondition.wait(lock, [&traverseOperation] {
+ return !traverseOperation.activeCount;
+ });
+ }
RunLoop::main().dispatch([this, &traverseOperation] {
traverseOperation.handler(nullptr, { });
m_activeTraverseOperations.remove(&traverseOperation);
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes