[webkit-changes] [239664] trunk/Source/WebCore

Sun, 06 Jan 2019 18:09:28 -0800

Title: [239664] trunk/Source/WebCore
Revision
239664
Author
[email protected]
Date
2019-01-06 18:05:44 -0800 (Sun, 06 Jan 2019)

Log Message

Leak of WTF::Function objects in WebCore::CryptoKeyRSA::generatePair() (64-80 bytes each) in com.apple.WebKit.WebContent running WebKit layout tests
<https://webkit.org/b/193177>
<rdar://problem/47072196>

Reviewed by Saam Barati.

* crypto/mac/CryptoKeyRSAMac.cpp:
(WebCore::CryptoKeyRSA::generatePair): Fix the leak by changing
raw pointers to heap-allocated __block variables to hold the
WTF::Function objects until they are consumed within the block
passed to dispatch_async().  The __block variables act like
captured variables in a C++ lambda and have the same lifetime as
the block that they are captured in.  Note that we would have to
convert the source file from C++ to Objective-C++ to use a C++
lambda functor with dispatch_async(), which creates its own
issue because the comipiler requires a copy constructor to
convert the C++ lambda to a block functor, but the copy
constructor for the C++ lambda is implicitly deleted because the
WTF::Function copy constructor is explicitly deleted.  Whew!

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (239663 => 239664)


--- trunk/Source/WebCore/ChangeLog	2019-01-06 17:15:29 UTC (rev 239663)
+++ trunk/Source/WebCore/ChangeLog	2019-01-07 02:05:44 UTC (rev 239664)
@@ -1,3 +1,25 @@
+2019-01-06  David Kilzer  <[email protected]>
+
+        Leak of WTF::Function objects in WebCore::CryptoKeyRSA::generatePair() (64-80 bytes each) in com.apple.WebKit.WebContent running WebKit layout tests
+        <https://webkit.org/b/193177>
+        <rdar://problem/47072196>
+
+        Reviewed by Saam Barati.
+
+        * crypto/mac/CryptoKeyRSAMac.cpp:
+        (WebCore::CryptoKeyRSA::generatePair): Fix the leak by changing
+        raw pointers to heap-allocated __block variables to hold the
+        WTF::Function objects until they are consumed within the block
+        passed to dispatch_async().  The __block variables act like
+        captured variables in a C++ lambda and have the same lifetime as
+        the block that they are captured in.  Note that we would have to
+        convert the source file from C++ to Objective-C++ to use a C++
+        lambda functor with dispatch_async(), which creates its own
+        issue because the comipiler requires a copy constructor to
+        convert the C++ lambda to a block functor, but the copy
+        constructor for the C++ lambda is implicitly deleted because the
+        WTF::Function copy constructor is explicitly deleted.  Whew!
+
 2019-01-06  Pablo Saavedra  <[email protected]>
 
         [WPE][GTK] Building with ENABLE_VIDEO=OFF fails trying to use Document MediaPlayback functions.

Modified: trunk/Source/WebCore/crypto/mac/CryptoKeyRSAMac.cpp (239663 => 239664)


--- trunk/Source/WebCore/crypto/mac/CryptoKeyRSAMac.cpp	2019-01-06 17:15:29 UTC (rev 239663)
+++ trunk/Source/WebCore/crypto/mac/CryptoKeyRSAMac.cpp	2019-01-07 02:05:44 UTC (rev 239664)
@@ -301,13 +301,9 @@
         return;
     }
 
-    // We only use the callback functions when back on the main/worker thread, but captured variables are copied on a secondary thread too.
-    KeyPairCallback* localCallback = new KeyPairCallback(WTFMove(callback));
-    VoidCallback* localFailureCallback = new VoidCallback(WTFMove(failureCallback));
+    __block auto blockCallback(WTFMove(callback));
+    __block auto blockFailureCallback(WTFMove(failureCallback));
     auto contextIdentifier = context->contextIdentifier();
-
-    // FIXME: There is a risk that localCallback and localFailureCallback are never freed.
-    // Fix this by using unique pointers and move them from one lambda to the other.
     dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
         CCRSACryptorRef ccPublicKey = nullptr;
         CCRSACryptorRef ccPrivateKey = nullptr;
@@ -314,21 +310,16 @@
         CCCryptorStatus status = CCRSACryptorGeneratePair(modulusLength, e, &ccPublicKey, &ccPrivateKey);
         if (status) {
             WTFLogAlways("Could not generate a key pair, status %d", status);
-            ScriptExecutionContext::postTaskTo(contextIdentifier, [localCallback, localFailureCallback](auto&) {
-                (*localFailureCallback)();
-                delete localCallback;
-                delete localFailureCallback;
+            ScriptExecutionContext::postTaskTo(contextIdentifier, [callback = WTFMove(blockCallback), failureCallback = WTFMove(blockFailureCallback)](auto&) {
+                failureCallback();
             });
             return;
         }
-        ScriptExecutionContext::postTaskTo(contextIdentifier, [algorithm, hash, hasHash, extractable, usage, localCallback, localFailureCallback, ccPublicKey = PlatformRSAKeyContainer(ccPublicKey), ccPrivateKey = PlatformRSAKeyContainer(ccPrivateKey)](auto&) mutable {
+        ScriptExecutionContext::postTaskTo(contextIdentifier, [algorithm, hash, hasHash, extractable, usage, callback = WTFMove(blockCallback), failureCallback = WTFMove(blockFailureCallback), ccPublicKey = PlatformRSAKeyContainer(ccPublicKey), ccPrivateKey = PlatformRSAKeyContainer(ccPrivateKey)](auto&) mutable {
             auto publicKey = CryptoKeyRSA::create(algorithm, hash, hasHash, CryptoKeyType::Public, WTFMove(ccPublicKey), true, usage);
             auto privateKey = CryptoKeyRSA::create(algorithm, hash, hasHash, CryptoKeyType::Private, WTFMove(ccPrivateKey), extractable, usage);
 
-            (*localCallback)(CryptoKeyPair { WTFMove(publicKey), WTFMove(privateKey) });
-
-            delete localCallback;
-            delete localFailureCallback;
+            callback(CryptoKeyPair { WTFMove(publicKey), WTFMove(privateKey) });
         });
     });
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to