Modified: trunk/Source/WebCore/ChangeLog (227072 => 227073)
--- trunk/Source/WebCore/ChangeLog 2018-01-17 18:41:56 UTC (rev 227072)
+++ trunk/Source/WebCore/ChangeLog 2018-01-17 18:57:11 UTC (rev 227073)
@@ -1,3 +1,29 @@
+2018-01-17 Daniel Bates <[email protected]>
+
+ WebCoreResourceHandleAsOperationQueueDelegate/ResourceHandleCFURLConnectionDelegateWithOperationQueue may
+ be deleted in main thread callback
+ https://bugs.webkit.org/show_bug.cgi?id=181747
+ <rdar://problem/36588120>
+
+ Reviewed by Alex Christensen.
+
+ Retain the delegate (e.g. WebCoreResourceHandleAsOperationQueueDelegate) before scheduling
+ a main thread callback and blocking on a semaphore for its reply because the main thread
+ callback can do anything, including deleting the delegate, before the non-main thread
+ has a chance to execute. For instance, a PingHandle will delete itself (and hence delete
+ its resource handle delegate) in most of the code paths invoked by the delegate.
+
+ * platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp:
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willSendRequest):
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse):
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::willCacheResponse):
+ (WebCore::ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace):
+ * platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm:
+ (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willSendRequest:redirectResponse:]):
+ (-[WebCoreResourceHandleAsOperationQueueDelegate connection:canAuthenticateAgainstProtectionSpace:]):
+ (-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]):
+ (-[WebCoreResourceHandleAsOperationQueueDelegate connection:willCacheResponse:]):
+
2018-01-17 Chris Dumez <[email protected]>
'fetch' event may be sent to a service worker before its state is set to 'activated'
Modified: trunk/Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp (227072 => 227073)
--- trunk/Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp 2018-01-17 18:41:56 UTC (rev 227072)
+++ trunk/Source/WebCore/platform/network/cf/ResourceHandleCFURLConnectionDelegateWithOperationQueue.cpp 2018-01-17 18:57:11 UTC (rev 227073)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013 Apple Inc. All rights reserved.
+ * Copyright (C) 2013-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -145,7 +145,8 @@
}
ASSERT(!isMainThread());
-
+
+ auto protectedThis = makeRef(*this);
auto work = [this, protectedThis = makeRef(*this), cfRequest = RetainPtr<CFURLRequestRef>(cfRequest), originalRedirectResponse = RetainPtr<CFURLResponseRef>(originalRedirectResponse)] () mutable {
auto& handle = protectedThis->m_handle;
auto completionHandler = [this, protectedThis = WTFMove(protectedThis)] (ResourceRequest&& request) {
@@ -178,6 +179,7 @@
void ResourceHandleCFURLConnectionDelegateWithOperationQueue::didReceiveResponse(CFURLConnectionRef connection, CFURLResponseRef cfResponse)
{
+ auto protectedThis = makeRef(*this);
auto work = [protectedThis = makeRef(*this), cfResponse = RetainPtr<CFURLResponseRef>(cfResponse), connection = RetainPtr<CFURLConnectionRef>(connection)] () {
auto& handle = protectedThis->m_handle;
@@ -291,6 +293,7 @@
return nullptr;
}
+ auto protectedThis = makeRef(*this);
auto work = [protectedThis = makeRef(*this), cachedResponse = RetainPtr<CFCachedURLResponseRef>(cachedResponse)] () {
auto& handle = protectedThis->m_handle;
@@ -356,6 +359,7 @@
#if USE(PROTECTION_SPACE_AUTH_CALLBACK)
Boolean ResourceHandleCFURLConnectionDelegateWithOperationQueue::canRespondToProtectionSpace(CFURLProtectionSpaceRef protectionSpace)
{
+ auto protectedThis = makeRef(*this);
auto work = [protectedThis = makeRef(*this), protectionSpace = RetainPtr<CFURLProtectionSpaceRef>(protectionSpace)] () mutable {
auto& handle = protectedThis->m_handle;
Modified: trunk/Source/WebCore/platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm (227072 => 227073)
--- trunk/Source/WebCore/platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm 2018-01-17 18:41:56 UTC (rev 227072)
+++ trunk/Source/WebCore/platform/network/mac/WebCoreResourceHandleAsOperationQueueDelegate.mm 2018-01-17 18:57:11 UTC (rev 227073)
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2004-2018 Apple Inc. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -143,6 +143,7 @@
LOG(Network, "Handle %p delegate connection:%p willSendRequest:%@ redirectResponse:non-HTTP", m_handle, connection, [newRequest description]);
#endif
+ auto protectedSelf = retainPtr(self);
auto work = [self = self, protectedSelf = retainPtr(self), newRequest = retainPtr(newRequest), redirectResponse = retainPtr(redirectResponse)] () mutable {
if (!m_handle) {
m_requestResult = nullptr;
@@ -186,6 +187,7 @@
LOG(Network, "Handle %p delegate connection:%p canAuthenticateAgainstProtectionSpace:%@://%@:%u realm:%@ method:%@ %@%@", m_handle, connection, [protectionSpace protocol], [protectionSpace host], [protectionSpace port], [protectionSpace realm], [protectionSpace authenticationMethod], [protectionSpace isProxy] ? @"proxy:" : @"", [protectionSpace isProxy] ? [protectionSpace proxyType] : @"");
+ auto protectedSelf = retainPtr(self);
auto work = [self = self, protectedSelf = retainPtr(self), protectionSpace = retainPtr(protectionSpace)] () mutable {
if (!m_handle) {
m_boolResult = NO;
@@ -206,6 +208,7 @@
LOG(Network, "Handle %p delegate connection:%p didReceiveResponse:%p (HTTP status %d, reported MIMEType '%s')", m_handle, connection, r, [r respondsToSelector:@selector(statusCode)] ? [(id)r statusCode] : 0, [[r MIMEType] UTF8String]);
+ auto protectedSelf = retainPtr(self);
auto work = [self = self, protectedSelf = retainPtr(self), r = retainPtr(r), connection = retainPtr(connection)] () mutable {
RefPtr<ResourceHandle> protectedHandle(m_handle);
if (!m_handle || !m_handle->client()) {
@@ -325,6 +328,7 @@
LOG(Network, "Handle %p delegate connection:%p willCacheResponse:%p", m_handle, connection, cachedResponse);
+ auto protectedSelf = retainPtr(self);
auto work = [self = self, protectedSelf = retainPtr(self), cachedResponse = retainPtr(cachedResponse)] () mutable {
if (!m_handle || !m_handle->client()) {
m_cachedResponseResult = nullptr;
