[webkit-changes] [227852] branches/safari-605-branch/Source

Tue, 30 Jan 2018 14:14:32 -0800

Title: [227852] branches/safari-605-branch/Source

Diff

Modified: branches/safari-605-branch/Source/WebCore/ChangeLog (227851 => 227852)


--- branches/safari-605-branch/Source/WebCore/ChangeLog	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebCore/ChangeLog	2018-01-30 22:14:10 UTC (rev 227852)
@@ -1,5 +1,33 @@
 2018-01-30  Jason Marcell  <[email protected]>
 
+        Cherry-pick r227789. rdar://problem/37035797
+
+    2018-01-30  Chris Dumez  <[email protected]>
+
+            Make sure we never create a WebSWClientConnection with an invalid sessionID
+            https://bugs.webkit.org/show_bug.cgi?id=182276
+            <rdar://problem/36582633>
+
+            Reviewed by Alex Christensen.
+
+            Make sure we never create a WebSWClientConnection with an invalid sessionID as this
+            could corrupt our hash tables.
+
+            * dom/Document.cpp:
+            (WebCore::Document::privateBrowsingStateDidChange):
+            * workers/service/ServiceWorker.cpp:
+            (WebCore::ServiceWorker::postMessage):
+            * workers/service/ServiceWorkerContainer.cpp:
+            (WebCore::ServiceWorkerContainer::ready):
+            (WebCore::ServiceWorkerContainer::getRegistration):
+            (WebCore::ServiceWorkerContainer::didFinishGetRegistrationRequest):
+            (WebCore::ServiceWorkerContainer::getRegistrations):
+            (WebCore::ServiceWorkerContainer::didFinishGetRegistrationsRequest):
+            (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
+            (WebCore::ServiceWorkerContainer::ensureSWClientConnection):
+
+2018-01-30  Jason Marcell  <[email protected]>
+
         Cherry-pick r227768. rdar://problem/37019510
 
     2018-01-29  Youenn Fablet  <[email protected]>

Modified: branches/safari-605-branch/Source/WebCore/dom/Document.cpp (227851 => 227852)


--- branches/safari-605-branch/Source/WebCore/dom/Document.cpp	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebCore/dom/Document.cpp	2018-01-30 22:14:10 UTC (rev 227852)
@@ -4994,7 +4994,8 @@
         element->privateBrowsingStateDidChange();
 
 #if ENABLE(SERVICE_WORKER)
-    if (RuntimeEnabledFeatures::sharedFeatures().serviceWorkerEnabled() && m_serviceWorkerConnection)
+    ASSERT(sessionID().isValid());
+    if (RuntimeEnabledFeatures::sharedFeatures().serviceWorkerEnabled() && m_serviceWorkerConnection && sessionID().isValid())
         setServiceWorkerConnection(&ServiceWorkerProvider::singleton().serviceWorkerConnectionForSession(sessionID()));
 #endif
 }

Modified: branches/safari-605-branch/Source/WebCore/workers/service/ServiceWorker.cpp (227851 => 227852)


--- branches/safari-605-branch/Source/WebCore/workers/service/ServiceWorker.cpp	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebCore/workers/service/ServiceWorker.cpp	2018-01-30 22:14:10 UTC (rev 227852)
@@ -88,7 +88,7 @@
 
 ExceptionOr<void> ServiceWorker::postMessage(ScriptExecutionContext& context, JSC::JSValue messageValue, Vector<JSC::Strong<JSC::JSObject>>&& transfer)
 {
-    if (m_isStopped)
+    if (m_isStopped || !context.sessionID().isValid())
         return Exception { InvalidStateError };
 
     if (state() == State::Redundant)

Modified: branches/safari-605-branch/Source/WebCore/workers/service/ServiceWorkerContainer.cpp (227851 => 227852)


--- branches/safari-605-branch/Source/WebCore/workers/service/ServiceWorkerContainer.cpp	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebCore/workers/service/ServiceWorkerContainer.cpp	2018-01-30 22:14:10 UTC (rev 227852)
@@ -83,15 +83,15 @@
     if (!m_readyPromise) {
         m_readyPromise = std::make_unique<ReadyPromise>();
 
-        auto* context = scriptExecutionContext();
-        if (!context)
+        if (m_isStopped || !scriptExecutionContext()->sessionID().isValid())
             return *m_readyPromise;
 
+        auto& context = *scriptExecutionContext();
         auto contextIdentifier = this->contextIdentifier();
-        callOnMainThread([this, connection = makeRef(ensureSWClientConnection()), topOrigin = context->topOrigin().isolatedCopy(), clientURL = context->url().isolatedCopy(), contextIdentifier]() mutable {
+        callOnMainThread([this, connection = makeRef(ensureSWClientConnection()), topOrigin = context.topOrigin().isolatedCopy(), clientURL = context.url().isolatedCopy(), contextIdentifier]() mutable {
             connection->whenRegistrationReady(topOrigin, clientURL, [this, contextIdentifier](auto&& registrationData) {
                 ScriptExecutionContext::postTaskTo(contextIdentifier, [this, registrationData = crossThreadCopy(registrationData)](auto&) mutable {
-                    if (m_isStopped)
+                    if (m_isStopped || !scriptExecutionContext()->sessionID().isValid())
                         return;
 
                     auto registration = ServiceWorkerRegistration::getOrCreate(*scriptExecutionContext(), *this, WTFMove(registrationData));
@@ -235,16 +235,14 @@
 
 void ServiceWorkerContainer::getRegistration(const String& clientURL, Ref<DeferredPromise>&& promise)
 {
-    if (m_isStopped) {
+    auto* context = scriptExecutionContext();
+    if (m_isStopped || !context->sessionID().isValid()) {
         promise->reject(Exception { InvalidStateError });
         return;
     }
 
-    ASSERT(scriptExecutionContext());
-    auto& context = *scriptExecutionContext();
-
-    URL parsedURL = context.completeURL(clientURL);
-    if (!protocolHostAndPortAreEqual(parsedURL, context.url())) {
+    URL parsedURL = context->completeURL(clientURL);
+    if (!protocolHostAndPortAreEqual(parsedURL, context->url())) {
         promise->reject(Exception { SecurityError, ASCIILiteral("Origin of clientURL is not client's origin") });
         return;
     }
@@ -254,7 +252,7 @@
     m_pendingPromises.add(pendingPromiseIdentifier, WTFMove(pendingPromise));
 
     auto contextIdentifier = this->contextIdentifier();
-    callOnMainThread([connection = makeRef(ensureSWClientConnection()), this, topOrigin = context.topOrigin().isolatedCopy(), parsedURL = parsedURL.isolatedCopy(), contextIdentifier, pendingPromiseIdentifier]() mutable {
+    callOnMainThread([connection = makeRef(ensureSWClientConnection()), this, topOrigin = context->topOrigin().isolatedCopy(), parsedURL = parsedURL.isolatedCopy(), contextIdentifier, pendingPromiseIdentifier]() mutable {
         connection->matchRegistration(topOrigin, parsedURL, [this, contextIdentifier, pendingPromiseIdentifier] (auto&& result) mutable {
             ScriptExecutionContext::postTaskTo(contextIdentifier, [this, pendingPromiseIdentifier, result = crossThreadCopy(result)](ScriptExecutionContext&) mutable {
                 didFinishGetRegistrationRequest(pendingPromiseIdentifier, WTFMove(result));
@@ -273,7 +271,10 @@
     if (!pendingPromise)
         return;
 
-    ASSERT(!m_isStopped);
+    if (m_isStopped || !scriptExecutionContext()->sessionID().isValid()) {
+        pendingPromise->promise->reject(Exception { InvalidStateError });
+        return;
+    }
 
     if (!result) {
         pendingPromise->promise->resolve();
@@ -302,21 +303,19 @@
 
 void ServiceWorkerContainer::getRegistrations(Ref<DeferredPromise>&& promise)
 {
-    if (m_isStopped) {
+    auto* context = scriptExecutionContext();
+    if (m_isStopped || !context->sessionID().isValid()) {
         promise->reject(Exception { InvalidStateError });
         return;
     }
 
-    ASSERT(scriptExecutionContext());
-    auto& context = *scriptExecutionContext();
-
     uint64_t pendingPromiseIdentifier = ++m_lastPendingPromiseIdentifier;
     auto pendingPromise = std::make_unique<PendingPromise>(WTFMove(promise), makePendingActivity(*this));
     m_pendingPromises.add(pendingPromiseIdentifier, WTFMove(pendingPromise));
 
     auto contextIdentifier = this->contextIdentifier();
-    auto contextURL = context.url();
-    callOnMainThread([connection = makeRef(ensureSWClientConnection()), this, topOrigin = context.topOrigin().isolatedCopy(), contextURL = contextURL.isolatedCopy(), contextIdentifier, pendingPromiseIdentifier]() mutable {
+    auto contextURL = context->url();
+    callOnMainThread([connection = makeRef(ensureSWClientConnection()), this, topOrigin = context->topOrigin().isolatedCopy(), contextURL = contextURL.isolatedCopy(), contextIdentifier, pendingPromiseIdentifier]() mutable {
         connection->getRegistrations(topOrigin, contextURL, [this, contextIdentifier, pendingPromiseIdentifier] (auto&& registrationDatas) mutable {
             ScriptExecutionContext::postTaskTo(contextIdentifier, [this, pendingPromiseIdentifier, registrationDatas = crossThreadCopy(registrationDatas)](ScriptExecutionContext&) mutable {
                 didFinishGetRegistrationsRequest(pendingPromiseIdentifier, WTFMove(registrationDatas));
@@ -335,7 +334,10 @@
     if (!pendingPromise)
         return;
 
-    ASSERT(!m_isStopped);
+    if (m_isStopped || !scriptExecutionContext()->sessionID().isValid()) {
+        pendingPromise->promise->reject(Exception { InvalidStateError });
+        return;
+    }
 
     auto registrations = WTF::map(WTFMove(registrationDatas), [&] (auto&& registrationData) {
         return ServiceWorkerRegistration::getOrCreate(*scriptExecutionContext(), *this, WTFMove(registrationData));
@@ -411,7 +413,7 @@
     }
 
     scriptExecutionContext()->postTask([this, protectedThis = makeRef(*this), job = makeRef(job), data = "" notifyWhenResolvedIfNeeded = WTFMove(notifyWhenResolvedIfNeeded)](ScriptExecutionContext& context) mutable {
-        if (isStopped()) {
+        if (isStopped() || !context.sessionID().isValid()) {
             notifyWhenResolvedIfNeeded();
             return;
         }
@@ -530,6 +532,8 @@
 
 SWClientConnection& ServiceWorkerContainer::ensureSWClientConnection()
 {
+    ASSERT(scriptExecutionContext());
+    ASSERT(scriptExecutionContext()->sessionID().isValid());
     if (!m_swConnection) {
         ASSERT(scriptExecutionContext());
         callOnMainThreadAndWait([this, sessionID = scriptExecutionContext()->sessionID()]() {

Modified: branches/safari-605-branch/Source/WebKit/ChangeLog (227851 => 227852)


--- branches/safari-605-branch/Source/WebKit/ChangeLog	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebKit/ChangeLog	2018-01-30 22:14:10 UTC (rev 227852)
@@ -1,5 +1,32 @@
 2018-01-30  Jason Marcell  <[email protected]>
 
+        Cherry-pick r227789. rdar://problem/37035797
+
+    2018-01-30  Chris Dumez  <[email protected]>
+
+            Make sure we never create a WebSWClientConnection with an invalid sessionID
+            https://bugs.webkit.org/show_bug.cgi?id=182276
+            <rdar://problem/36582633>
+
+            Reviewed by Alex Christensen.
+
+            Make sure we never create a WebSWClientConnection with an invalid sessionID as this
+            could corrupt our hash tables.
+
+            * StorageProcess/StorageProcess.cpp:
+            (WebKit::StorageProcess::swServerForSession):
+            * UIProcess/WebProcessPool.cpp:
+            (WebKit::WebProcessPool::establishWorkerContextConnectionToStorageProcess):
+            * WebProcess/Storage/WebSWClientConnection.cpp:
+            (WebKit::WebSWClientConnection::WebSWClientConnection):
+            * WebProcess/Storage/WebServiceWorkerProvider.cpp:
+            (WebKit::WebServiceWorkerProvider::serviceWorkerConnectionForSession):
+            (WebKit::WebServiceWorkerProvider::existingServiceWorkerConnectionForSession):
+            * WebProcess/Storage/WebToStorageProcessConnection.cpp:
+            (WebKit::WebToStorageProcessConnection::serviceWorkerConnectionForSession):
+
+2018-01-30  Jason Marcell  <[email protected]>
+
         Cherry-pick r227772. rdar://problem/37019441
 
     2018-01-29  Ryosuke Niwa  <[email protected]>

Modified: branches/safari-605-branch/Source/WebKit/StorageProcess/StorageProcess.cpp (227851 => 227852)


--- branches/safari-605-branch/Source/WebKit/StorageProcess/StorageProcess.cpp	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebKit/StorageProcess/StorageProcess.cpp	2018-01-30 22:14:10 UTC (rev 227852)
@@ -404,6 +404,7 @@
 #if ENABLE(SERVICE_WORKER)
 SWServer& StorageProcess::swServerForSession(PAL::SessionID sessionID)
 {
+    ASSERT(sessionID.isValid());
     auto result = m_swServers.add(sessionID, nullptr);
     if (!result.isNewEntry) {
         ASSERT(result.iterator->value);

Modified: branches/safari-605-branch/Source/WebKit/UIProcess/WebProcessPool.cpp (227851 => 227852)


--- branches/safari-605-branch/Source/WebKit/UIProcess/WebProcessPool.cpp	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebKit/UIProcess/WebProcessPool.cpp	2018-01-30 22:14:10 UTC (rev 227852)
@@ -612,7 +612,9 @@
 
     auto serviceWorkerProcessProxy = ServiceWorkerProcessProxy::create(*this, *websiteDataStore);
     m_serviceWorkerProcess = serviceWorkerProcessProxy.ptr();
-    sendToAllProcesses(Messages::WebProcess::RegisterServiceWorkerClients { websiteDataStore->sessionID() });
+    ASSERT(websiteDataStore->sessionID().isValid());
+    if (websiteDataStore->sessionID().isValid())
+        sendToAllProcesses(Messages::WebProcess::RegisterServiceWorkerClients { websiteDataStore->sessionID() });
 
     updateProcessAssertions();
     initializeNewWebProcess(serviceWorkerProcessProxy.get(), *websiteDataStore);

Modified: branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp (227851 => 227852)


--- branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp	2018-01-30 22:14:10 UTC (rev 227852)
@@ -53,6 +53,7 @@
     , m_connection(connection)
     , m_swOriginTable(makeUniqueRef<WebSWOriginTable>())
 {
+    ASSERT(sessionID.isValid());
     bool result = sendSync(Messages::StorageToWebProcessConnection::EstablishSWServerConnection(sessionID), Messages::StorageToWebProcessConnection::EstablishSWServerConnection::Reply(m_identifier), Seconds::infinity(), IPC::SendSyncOption::DoNotProcessIncomingMessagesWhenWaitingForSyncReply);
 
     ASSERT_UNUSED(result, result);

Modified: branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebServiceWorkerProvider.cpp (227851 => 227852)


--- branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebServiceWorkerProvider.cpp	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebServiceWorkerProvider.cpp	2018-01-30 22:14:10 UTC (rev 227852)
@@ -56,11 +56,13 @@
 
 WebCore::SWClientConnection& WebServiceWorkerProvider::serviceWorkerConnectionForSession(SessionID sessionID)
 {
+    ASSERT(sessionID.isValid());
     return WebProcess::singleton().ensureWebToStorageProcessConnection(sessionID).serviceWorkerConnectionForSession(sessionID);
 }
 
 WebCore::SWClientConnection* WebServiceWorkerProvider::existingServiceWorkerConnectionForSession(SessionID sessionID)
 {
+    ASSERT(sessionID.isValid());
     auto* webToStorageProcessConnection = WebProcess::singleton().existingWebToStorageProcessConnection();
     if (!webToStorageProcessConnection)
         return nullptr;

Modified: branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebToStorageProcessConnection.cpp (227851 => 227852)


--- branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebToStorageProcessConnection.cpp	2018-01-30 22:14:06 UTC (rev 227851)
+++ branches/safari-605-branch/Source/WebKit/WebProcess/Storage/WebToStorageProcessConnection.cpp	2018-01-30 22:14:10 UTC (rev 227852)
@@ -140,6 +140,7 @@
 #if ENABLE(SERVICE_WORKER)
 WebSWClientConnection& WebToStorageProcessConnection::serviceWorkerConnectionForSession(SessionID sessionID)
 {
+    ASSERT(sessionID.isValid());
     return *m_swConnectionsBySession.ensure(sessionID, [&] {
         auto connection = WebSWClientConnection::create(m_connection, sessionID);
 

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to