[webkit-changes] [241352] trunk/Source

[rniwa]

Title: [241352] trunk/Source

Revision

241352

Author

rn...@webkit.org

Date

2019-02-13 01:01:49 -0800 (Wed, 13 Feb 2019)

Log Message

Release assert in PolicyCheckIdentifier::isValidFor via WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction
https://bugs.webkit.org/show_bug.cgi?id=194582

Reviewed by Antti Koivisto.

Source/WebCore:

Check the zero-ness of m_policyCheck first so that we can differentiate process ID being wrong
from the non-generated identifier being sent to us as it was the case in this failure.

* loader/PolicyChecker.cpp:
(WebCore::PolicyCheckIdentifier::isValidFor):

Source/WebKit:

The bug was caused by WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction invoking the callback
with responseIdentifier even when we had failed to send the policy check IPC. Clearly, responseIdentifier
is invalid in that case, and we should be using requestIdentifier instead.

Unfortunately no new tests since I'm not aware of a way to make sendSync fail in this case.

* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/PolicyChecker.cpp
• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (241351 => 241352)

--- trunk/Source/WebCore/ChangeLog	2019-02-13 08:41:22 UTC (rev 241351)
+++ trunk/Source/WebCore/ChangeLog	2019-02-13 09:01:49 UTC (rev 241352)
@@ -1,3 +1,16 @@
+2019-02-13  Ryosuke Niwa  <rn...@webkit.org>
+
+        Release assert in PolicyCheckIdentifier::isValidFor via WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction
+        https://bugs.webkit.org/show_bug.cgi?id=194582
+
+        Reviewed by Antti Koivisto.
+
+        Check the zero-ness of m_policyCheck first so that we can differentiate process ID being wrong
+        from the non-generated identifier being sent to us as it was the case in this failure.
+
+        * loader/PolicyChecker.cpp:
+        (WebCore::PolicyCheckIdentifier::isValidFor):
+
 2019-02-13  Commit Queue  <commit-qu...@webkit.org>
 
         Unreviewed, rolling out r241273.

Modified: trunk/Source/WebCore/loader/PolicyChecker.cpp (241351 => 241352)

--- trunk/Source/WebCore/loader/PolicyChecker.cpp	2019-02-13 08:41:22 UTC (rev 241351)
+++ trunk/Source/WebCore/loader/PolicyChecker.cpp	2019-02-13 09:01:49 UTC (rev 241352)
@@ -80,8 +80,8 @@
 
 bool PolicyCheckIdentifier::isValidFor(PolicyCheckIdentifier expectedIdentifier)
 {
+    RELEASE_ASSERT_WITH_MESSAGE(m_policyCheck, "Received 0 as the policy check identifier");
     RELEASE_ASSERT_WITH_MESSAGE(m_process == expectedIdentifier.m_process, "Received a policy check response for a wrong process");
-    RELEASE_ASSERT_WITH_MESSAGE(m_policyCheck, "Received 0 as the policy check identifier");
     RELEASE_ASSERT_WITH_MESSAGE(m_policyCheck <= expectedIdentifier.m_policyCheck, "Received a policy check response from the future");
     return m_policyCheck == expectedIdentifier.m_policyCheck;
 }

Modified: trunk/Source/WebKit/ChangeLog (241351 => 241352)

--- trunk/Source/WebKit/ChangeLog	2019-02-13 08:41:22 UTC (rev 241351)
+++ trunk/Source/WebKit/ChangeLog	2019-02-13 09:01:49 UTC (rev 241352)
@@ -1,3 +1,19 @@
+2019-02-13  Ryosuke Niwa  <rn...@webkit.org>
+
+        Release assert in PolicyCheckIdentifier::isValidFor via WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction
+        https://bugs.webkit.org/show_bug.cgi?id=194582
+
+        Reviewed by Antti Koivisto.
+
+        The bug was caused by WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction invoking the callback
+        with responseIdentifier even when we had failed to send the policy check IPC. Clearly, responseIdentifier
+        is invalid in that case, and we should be using requestIdentifier instead.
+
+        Unfortunately no new tests since I'm not aware of a way to make sendSync fail in this case.
+
+        * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+        (WebKit::WebFrameLoaderClient::dispatchDecidePolicyForNavigationAction):
+
 2019-02-13  Benjamin Poulain  <benja...@webkit.org>
 
         Responsiveness timers are too expensive for frequent events

Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (241351 => 241352)

--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2019-02-13 08:41:22 UTC (rev 241351)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp	2019-02-13 09:01:49 UTC (rev 241352)
@@ -911,7 +911,7 @@
             requestIdentifier, documentLoader->navigationID(), navigationActionData, originatingFrameInfoData, originatingPageID, navigationAction.resourceRequest(), request,
             IPC::FormDataReference { request.httpBody() }, redirectResponse, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())),
             Messages::WebPageProxy::DecidePolicyForNavigationActionSync::Reply(responseIdentifier, policyAction, newNavigationID, downloadID, websitePolicies))) {
-            m_frame->didReceivePolicyDecision(listenerID, responseIdentifier, PolicyAction::Ignore, 0, { }, { });
+            m_frame->didReceivePolicyDecision(listenerID, requestIdentifier, PolicyAction::Ignore, 0, { }, { });
             return;
         }
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes