Title: [248182] trunk/Source/WebCore
- Revision
- 248182
- Author
- [email protected]
- Date
- 2019-08-02 14:32:09 -0700 (Fri, 02 Aug 2019)
Log Message
[Curl] Crash while destructing a URL in ~SocketStreamHandle due to data race
https://bugs.webkit.org/show_bug.cgi?id=200378
Reviewed by Ross Kirsling.
URL::isolatedCopy() is called in the worker thread. URL is using a
thread-unsafe ref-counter. It should be called in the main thread.
Covered by existing tests.
* platform/network/curl/SocketStreamHandleImpl.h:
* platform/network/curl/SocketStreamHandleImplCurl.cpp:
(WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl): Call URL::isolatedCopy() in the main thread.
(WebCore::SocketStreamHandleImpl::threadEntryPoint): Added a URL argument.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (248181 => 248182)
--- trunk/Source/WebCore/ChangeLog 2019-08-02 21:19:51 UTC (rev 248181)
+++ trunk/Source/WebCore/ChangeLog 2019-08-02 21:32:09 UTC (rev 248182)
@@ -1,3 +1,20 @@
+2019-08-02 Fujii Hironori <[email protected]>
+
+ [Curl] Crash while destructing a URL in ~SocketStreamHandle due to data race
+ https://bugs.webkit.org/show_bug.cgi?id=200378
+
+ Reviewed by Ross Kirsling.
+
+ URL::isolatedCopy() is called in the worker thread. URL is using a
+ thread-unsafe ref-counter. It should be called in the main thread.
+
+ Covered by existing tests.
+
+ * platform/network/curl/SocketStreamHandleImpl.h:
+ * platform/network/curl/SocketStreamHandleImplCurl.cpp:
+ (WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl): Call URL::isolatedCopy() in the main thread.
+ (WebCore::SocketStreamHandleImpl::threadEntryPoint): Added a URL argument.
+
2019-08-02 Sihui Liu <[email protected]>
API tests using permanent credentials should clear credentials left by previous tests
Modified: trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h (248181 => 248182)
--- trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h 2019-08-02 21:19:51 UTC (rev 248181)
+++ trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h 2019-08-02 21:32:09 UTC (rev 248182)
@@ -64,7 +64,7 @@
Optional<size_t> platformSendInternal(const uint8_t*, size_t);
bool sendPendingData();
- void threadEntryPoint();
+ void threadEntryPoint(const URL&);
void handleError(CURLcode);
void stopThread();
Modified: trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImplCurl.cpp (248181 => 248182)
--- trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImplCurl.cpp 2019-08-02 21:19:51 UTC (rev 248181)
+++ trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImplCurl.cpp 2019-08-02 21:32:09 UTC (rev 248182)
@@ -57,8 +57,8 @@
if (m_url.protocolIs("wss") && DeprecatedGlobalSettings::allowsAnySSLCertificate())
CurlContext::singleton().sslHandle().setIgnoreSSLErrors(true);
- m_workerThread = Thread::create("WebSocket thread", [this, protectedThis = makeRef(*this)] {
- threadEntryPoint();
+ m_workerThread = Thread::create("WebSocket thread", [this, protectedThis = makeRef(*this), url = "" {
+ threadEntryPoint(url);
});
}
@@ -104,11 +104,11 @@
m_client.didCloseSocketStream(*this);
}
-void SocketStreamHandleImpl::threadEntryPoint()
+void SocketStreamHandleImpl::threadEntryPoint(const URL& url)
{
ASSERT(!isMainThread());
- CurlSocketHandle socket { m_url.isolatedCopy(), [this](CURLcode errorCode) {
+ CurlSocketHandle socket { url, [this](CURLcode errorCode) {
handleError(errorCode);
}};
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
