Title: [229267] releases/WebKitGTK/webkit-2.20/Source/WebKit
- Revision
- 229267
- Author
- [email protected]
- Date
- 2018-03-05 05:16:29 -0800 (Mon, 05 Mar 2018)
Log Message
Merge r229134 - Crash when updating cache entry after validation in apps that uses class A file protection
https://bugs.webkit.org/show_bug.cgi?id=183242
<rdar://problem/33289058>
Reviewed by Chris Dumez.
When validating a cache entry, we keep it alive until we get a network response. With 304 response
we then update the headers of this existing entry. This accesses the body data of the entry which
may be backed by a mapped file. If the app uses class A protection, user might have locked
the device and the entry might have become inaccessible, leading to a crash.
* NetworkProcess/cache/NetworkCacheEntry.cpp:
(WebKit::NetworkCache::Entry::setNeedsValidation):
In case of class A protection, pull the data to a memory buffer immediately before starting a revalidation request.
This makes the window where the file could become inaccessible much shorter (since it no longer depends on network).
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.20/Source/WebKit/ChangeLog (229266 => 229267)
--- releases/WebKitGTK/webkit-2.20/Source/WebKit/ChangeLog 2018-03-05 13:16:20 UTC (rev 229266)
+++ releases/WebKitGTK/webkit-2.20/Source/WebKit/ChangeLog 2018-03-05 13:16:29 UTC (rev 229267)
@@ -1,3 +1,22 @@
+2018-03-01 Antti Koivisto <[email protected]>
+
+ Crash when updating cache entry after validation in apps that uses class A file protection
+ https://bugs.webkit.org/show_bug.cgi?id=183242
+ <rdar://problem/33289058>
+
+ Reviewed by Chris Dumez.
+
+ When validating a cache entry, we keep it alive until we get a network response. With 304 response
+ we then update the headers of this existing entry. This accesses the body data of the entry which
+ may be backed by a mapped file. If the app uses class A protection, user might have locked
+ the device and the entry might have become inaccessible, leading to a crash.
+
+ * NetworkProcess/cache/NetworkCacheEntry.cpp:
+ (WebKit::NetworkCache::Entry::setNeedsValidation):
+
+ In case of class A protection, pull the data to a memory buffer immediately before starting a revalidation request.
+ This makes the window where the file could become inaccessible much shorter (since it no longer depends on network).
+
2018-03-01 Carlos Garcia Campos <[email protected]>
REGRESSION(r221514): [GTK] UI process crash in WebKit::WaylandCompositor::Surface::flushPendingFrameCallbacks
Modified: releases/WebKitGTK/webkit-2.20/Source/WebKit/NetworkProcess/cache/NetworkCacheEntry.cpp (229266 => 229267)
--- releases/WebKitGTK/webkit-2.20/Source/WebKit/NetworkProcess/cache/NetworkCacheEntry.cpp 2018-03-05 13:16:20 UTC (rev 229266)
+++ releases/WebKitGTK/webkit-2.20/Source/WebKit/NetworkProcess/cache/NetworkCacheEntry.cpp 2018-03-05 13:16:29 UTC (rev 229267)
@@ -195,6 +195,13 @@
void Entry::setNeedsValidation(bool value)
{
+ if (value) {
+ // Validation keeps the entry alive waiting for the network response. Pull data from a mapped file into a buffer early
+ // to protect against map disappearing due to device becoming locked.
+ // FIXME: Cache files should be Class B/C, or we shoudn't use mapped files at all in these cases.
+ if (!NetworkProcess::singleton().cache()->canUseSharedMemoryForBodyData())
+ buffer();
+ }
m_response.setSource(value ? WebCore::ResourceResponse::Source::DiskCacheAfterValidation : WebCore::ResourceResponse::Source::DiskCache);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
