[webkit-changes] [214793] releases/WebKitGTK/webkit-2.16/Source/WebKit2

Mon, 03 Apr 2017 06:58:21 -0700

Title: [214793] releases/WebKitGTK/webkit-2.16/Source/WebKit2
Revision
214793
Author
carlo...@webkit.org
Date
2017-04-03 06:57:23 -0700 (Mon, 03 Apr 2017)

Log Message

Merge r214786 - Mutex may be freed too late in NetworkCache::Storage::traverse
https://bugs.webkit.org/show_bug.cgi?id=170400
<rdar://problem/30515865>

Reviewed by Carlos Garcia Campos and Andreas Kling.

Fix a race.

* NetworkProcess/cache/NetworkCacheStorage.cpp:
(WebKit::NetworkCache::Storage::traverse):

    Ensure the mutex is not accessed after we dispatch to the main thread.
    The main thread call deletes the owning TraverseOperation.

Modified Paths

Diff

Modified: releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog (214792 => 214793)


--- releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog	2017-04-03 13:56:37 UTC (rev 214792)
+++ releases/WebKitGTK/webkit-2.16/Source/WebKit2/ChangeLog	2017-04-03 13:57:23 UTC (rev 214793)
@@ -1,3 +1,19 @@
+2017-04-03  Antti Koivisto  <an...@apple.com>
+
+        Mutex may be freed too late in NetworkCache::Storage::traverse
+        https://bugs.webkit.org/show_bug.cgi?id=170400
+        <rdar://problem/30515865>
+
+        Reviewed by Carlos Garcia Campos and Andreas Kling.
+
+        Fix a race.
+
+        * NetworkProcess/cache/NetworkCacheStorage.cpp:
+        (WebKit::NetworkCache::Storage::traverse):
+
+            Ensure the mutex is not accessed after we dispatch to the main thread.
+            The main thread call deletes the owning TraverseOperation.
+
 2017-03-21  Sergio Villar Senin  <svil...@igalia.com>
 
         [Soup] "Only from websites I visit" cookie policy is broken

Modified: releases/WebKitGTK/webkit-2.16/Source/WebKit2/NetworkProcess/cache/NetworkCacheStorage.cpp (214792 => 214793)


--- releases/WebKitGTK/webkit-2.16/Source/WebKit2/NetworkProcess/cache/NetworkCacheStorage.cpp	2017-04-03 13:56:37 UTC (rev 214792)
+++ releases/WebKitGTK/webkit-2.16/Source/WebKit2/NetworkProcess/cache/NetworkCacheStorage.cpp	2017-04-03 13:57:23 UTC (rev 214793)
@@ -859,11 +859,13 @@
                 return traverseOperation.activeCount <= maximumParallelReadCount;
             });
         });
-        // Wait for all reads to finish.
-        std::unique_lock<Lock> lock(traverseOperation.activeMutex);
-        traverseOperation.activeCondition.wait(lock, [&traverseOperation] {
-            return !traverseOperation.activeCount;
-        });
+        {
+            // Wait for all reads to finish.
+            std::unique_lock<Lock> lock(traverseOperation.activeMutex);
+            traverseOperation.activeCondition.wait(lock, [&traverseOperation] {
+                return !traverseOperation.activeCount;
+            });
+        }
         RunLoop::main().dispatch([this, &traverseOperation] {
             traverseOperation.handler(nullptr, { });
             m_activeTraverseOperations.remove(&traverseOperation);

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to