Modified: trunk/Source/WebCore/ChangeLog (228930 => 228931)
--- trunk/Source/WebCore/ChangeLog 2018-02-22 20:42:54 UTC (rev 228930)
+++ trunk/Source/WebCore/ChangeLog 2018-02-22 21:40:38 UTC (rev 228931)
@@ -1,5 +1,21 @@
2018-02-22 Chris Dumez <[email protected]>
+ ServiceWorkerContainer::startScriptFetchForJob() fails to isolate copy the registrationKey before passing it to the main thread
+ https://bugs.webkit.org/show_bug.cgi?id=183050
+ <rdar://problem/37796881>
+
+ Reviewed by Youenn Fablet.
+
+ Create an isolated copy of the registrationKey before passing it to the main thread in ServiceWorkerContainer's
+ startScriptFetchForJob() / jobFinishedLoadingScript() / jobFailedLoadingScript().
+
+ * workers/service/ServiceWorkerContainer.cpp:
+ (WebCore::ServiceWorkerContainer::startScriptFetchForJob):
+ (WebCore::ServiceWorkerContainer::jobFinishedLoadingScript):
+ (WebCore::ServiceWorkerContainer::jobFailedLoadingScript):
+
+2018-02-22 Chris Dumez <[email protected]>
+
ServiceWorkerContainer::scheduleJob() fails to isolate copy the jobData before passing it to the main thread
https://bugs.webkit.org/show_bug.cgi?id=183046
<rdar://problem/37793395>
Modified: trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp (228930 => 228931)
--- trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp 2018-02-22 20:42:54 UTC (rev 228930)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp 2018-02-22 21:40:38 UTC (rev 228931)
@@ -487,7 +487,7 @@
auto* context = scriptExecutionContext();
if (!context) {
LOG_ERROR("ServiceWorkerContainer::jobResolvedWithRegistration called but the container's ScriptExecutionContext is gone");
- callOnMainThread([connection = m_swConnection, jobIdentifier = job.identifier(), registrationKey = job.data().registrationKey(), scriptURL = job.data().scriptURL.isolatedCopy()] {
+ callOnMainThread([connection = m_swConnection, jobIdentifier = job.identifier(), registrationKey = job.data().registrationKey().isolatedCopy(), scriptURL = job.data().scriptURL.isolatedCopy()] {
connection->failedFetchingScript(jobIdentifier, registrationKey, { errorDomainWebKitInternal, 0, scriptURL, ASCIILiteral("Attempt to fetch service worker script with no ScriptExecutionContext") });
});
jobDidFinish(job);
@@ -505,7 +505,7 @@
CONTAINER_RELEASE_LOG_IF_ALLOWED("jobFinishedLoadingScript: Successfuly finished fetching script for job %llu", job.identifier().toUInt64());
- callOnMainThread([connection = m_swConnection, jobDataIdentifier = job.data().identifier(), registrationKey = job.data().registrationKey(), script = script.isolatedCopy(), contentSecurityPolicy = contentSecurityPolicy.isolatedCopy()] {
+ callOnMainThread([connection = m_swConnection, jobDataIdentifier = job.data().identifier(), registrationKey = job.data().registrationKey().isolatedCopy(), script = script.isolatedCopy(), contentSecurityPolicy = contentSecurityPolicy.isolatedCopy()] {
connection->finishFetchingScriptInServer({ jobDataIdentifier, registrationKey, script, contentSecurityPolicy, { } });
});
}
@@ -522,7 +522,7 @@
if (exception && job.promise())
job.promise()->reject(*exception);
- callOnMainThread([connection = m_swConnection, jobIdentifier = job.identifier(), registrationKey = job.data().registrationKey(), error = error.isolatedCopy()] {
+ callOnMainThread([connection = m_swConnection, jobIdentifier = job.identifier(), registrationKey = job.data().registrationKey().isolatedCopy(), error = error.isolatedCopy()] {
connection->failedFetchingScript(jobIdentifier, registrationKey, error);
});
}
