Modified: trunk/Source/WebKit/ChangeLog (247091 => 247092)
--- trunk/Source/WebKit/ChangeLog 2019-07-03 12:26:11 UTC (rev 247091)
+++ trunk/Source/WebKit/ChangeLog 2019-07-03 17:28:53 UTC (rev 247092)
@@ -1,3 +1,21 @@
+2019-07-03 Youenn Fablet <[email protected]>
+
+ Make sure to cross-thread copy in StorageManager when hopping back to the main thread
+ https://bugs.webkit.org/show_bug.cgi?id=199423
+
+ Reviewed by Chris Dumez.
+
+ Make sure to isolate copy some strings that may not be isolated in case of ephemeral sessions.
+ Small refactoring to use crossThreadCopy instead of doing vector copy ourselves.
+
+ * NetworkProcess/WebStorage/LocalStorageDatabaseTracker.h:
+ (WebKit::LocalStorageDatabaseTracker::OriginDetails::isolatedCopy const):
+ * NetworkProcess/WebStorage/StorageManager.cpp:
+ (WebKit::StorageManager::deleteSessionStorageEntriesForOrigins):
+ (WebKit::StorageManager::getLocalStorageOrigins):
+ (WebKit::StorageManager::getLocalStorageOriginDetails):
+ (WebKit::StorageManager::deleteLocalStorageEntriesForOrigins):
+
2019-07-02 Joonghun Park <[email protected]>
Unreviewed. Fix build break introduced in r247058.
Modified: trunk/Source/WebKit/NetworkProcess/WebStorage/LocalStorageDatabaseTracker.h (247091 => 247092)
--- trunk/Source/WebKit/NetworkProcess/WebStorage/LocalStorageDatabaseTracker.h 2019-07-03 12:26:11 UTC (rev 247091)
+++ trunk/Source/WebKit/NetworkProcess/WebStorage/LocalStorageDatabaseTracker.h 2019-07-03 17:28:53 UTC (rev 247092)
@@ -58,6 +58,8 @@
template<class Encoder> void encode(Encoder&) const;
template<class Decoder> static Optional<OriginDetails> decode(Decoder&);
+
+ OriginDetails isolatedCopy() const { return { originIdentifier.isolatedCopy(), creationTime, modificationTime }; }
};
Vector<OriginDetails> originDetails();
Modified: trunk/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp (247091 => 247092)
--- trunk/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp 2019-07-03 12:26:11 UTC (rev 247091)
+++ trunk/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp 2019-07-03 17:28:53 UTC (rev 247092)
@@ -621,13 +621,7 @@
void StorageManager::deleteSessionStorageEntriesForOrigins(const Vector<WebCore::SecurityOriginData>& origins, Function<void()>&& completionHandler)
{
- Vector<WebCore::SecurityOriginData> copiedOrigins;
- copiedOrigins.reserveInitialCapacity(origins.size());
-
- for (auto& origin : origins)
- copiedOrigins.uncheckedAppend(origin.isolatedCopy());
-
- m_queue->dispatch([this, protectedThis = makeRef(*this), copiedOrigins = WTFMove(copiedOrigins), completionHandler = WTFMove(completionHandler)]() mutable {
+ m_queue->dispatch([this, protectedThis = makeRef(*this), copiedOrigins = crossThreadCopy(origins), completionHandler = WTFMove(completionHandler)]() mutable {
for (auto& origin : copiedOrigins) {
for (auto& sessionStorageNamespace : m_sessionStorageNamespaces.values())
sessionStorageNamespace->clearStorageAreasMatchingOrigin(origin);
@@ -644,17 +638,17 @@
if (m_localStorageDatabaseTracker) {
for (auto& origin : m_localStorageDatabaseTracker->origins())
- origins.add(origin);
+ origins.add(origin.isolatedCopy());
} else {
for (const auto& localStorageNameSpace : m_localStorageNamespaces.values()) {
for (auto& origin : localStorageNameSpace->ephemeralOrigins())
- origins.add(origin);
+ origins.add(origin.isolatedCopy());
}
}
for (auto& transientLocalStorageNamespace : m_transientLocalStorageNamespaces.values()) {
for (auto& origin : transientLocalStorageNamespace->origins())
- origins.add(origin);
+ origins.add(origin.isolatedCopy());
}
RunLoop::main().dispatch([origins = WTFMove(origins), completionHandler = WTFMove(completionHandler)]() mutable {
@@ -668,7 +662,7 @@
m_queue->dispatch([this, protectedThis = makeRef(*this), completionHandler = WTFMove(completionHandler)]() mutable {
Vector<LocalStorageDatabaseTracker::OriginDetails> originDetails;
if (m_localStorageDatabaseTracker)
- originDetails = m_localStorageDatabaseTracker->originDetails();
+ originDetails = m_localStorageDatabaseTracker->originDetails().isolatedCopy();
RunLoop::main().dispatch([originDetails = WTFMove(originDetails), completionHandler = WTFMove(completionHandler)]() mutable {
completionHandler(WTFMove(originDetails));
@@ -716,13 +710,7 @@
void StorageManager::deleteLocalStorageEntriesForOrigins(const Vector<WebCore::SecurityOriginData>& origins, Function<void()>&& completionHandler)
{
- Vector<SecurityOriginData> copiedOrigins;
- copiedOrigins.reserveInitialCapacity(origins.size());
-
- for (auto& origin : origins)
- copiedOrigins.uncheckedAppend(origin.isolatedCopy());
-
- m_queue->dispatch([this, protectedThis = makeRef(*this), copiedOrigins = WTFMove(copiedOrigins), completionHandler = WTFMove(completionHandler)]() mutable {
+ m_queue->dispatch([this, protectedThis = makeRef(*this), copiedOrigins = crossThreadCopy(origins), completionHandler = WTFMove(completionHandler)]() mutable {
for (auto& origin : copiedOrigins) {
for (auto& localStorageNamespace : m_localStorageNamespaces.values())
localStorageNamespace->clearStorageAreasMatchingOrigin(origin);
