[webkit-changes] [248540] trunk/Source/WebKit

Mon, 12 Aug 2019 12:24:56 -0700

Title: [248540] trunk/Source/WebKit
Revision
248540
Author
[email protected]
Date
2019-08-12 12:22:24 -0700 (Mon, 12 Aug 2019)

Log Message

Crash under NetworkResourceLoader::start()
https://bugs.webkit.org/show_bug.cgi?id=200628

Reviewed by Youenn Fablet.

Make sure the NetworkResourceLoader is still alive when the lambda passed to NetworkLoadChecker::check()
gets executed.

* NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::start):
(WebKit::NetworkResourceLoader::retrieveCacheEntry):
* NetworkProcess/NetworkResourceLoader.h:

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (248539 => 248540)


--- trunk/Source/WebKit/ChangeLog	2019-08-12 19:17:56 UTC (rev 248539)
+++ trunk/Source/WebKit/ChangeLog	2019-08-12 19:22:24 UTC (rev 248540)
@@ -1,3 +1,18 @@
+2019-08-12  Chris Dumez  <[email protected]>
+
+        Crash under NetworkResourceLoader::start()
+        https://bugs.webkit.org/show_bug.cgi?id=200628
+
+        Reviewed by Youenn Fablet.
+
+        Make sure the NetworkResourceLoader is still alive when the lambda passed to NetworkLoadChecker::check()
+        gets executed.
+
+        * NetworkProcess/NetworkResourceLoader.cpp:
+        (WebKit::NetworkResourceLoader::start):
+        (WebKit::NetworkResourceLoader::retrieveCacheEntry):
+        * NetworkProcess/NetworkResourceLoader.h:
+
 2019-08-12  Jonathan Bedard  <[email protected]>
 
         Tapping buttons in Data Detectors lookup previews doesn't work (Follow-up fix)

Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (248539 => 248540)


--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2019-08-12 19:17:56 UTC (rev 248539)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp	2019-08-12 19:22:24 UTC (rev 248540)
@@ -174,7 +174,10 @@
     m_wasStarted = true;
 
     if (m_networkLoadChecker) {
-        m_networkLoadChecker->check(ResourceRequest { originalRequest() }, this, [this] (auto&& result) {
+        m_networkLoadChecker->check(ResourceRequest { originalRequest() }, this, [this, weakThis = makeWeakPtr(*this)] (auto&& result) {
+            if (!weakThis)
+                return;
+
             WTF::switchOn(result,
                 [this] (ResourceError& error) {
                     RELEASE_LOG_IF_ALLOWED("start: error checking (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d, parentPID = %d, error.domain = %{public}s, error.code = %d)", m_parameters.webPageID.toUInt64(), m_parameters.webFrameID, m_parameters.identifier, this->isMainResource(), this->isSynchronous(), m_parameters.parentPID, error.domain().utf8().data(), error.errorCode());
@@ -213,7 +216,7 @@
 {
     ASSERT(canUseCache(request));
 
-    RefPtr<NetworkResourceLoader> loader(this);
+    auto protectedThis = makeRef(*this);
     if (isMainFrameLoad()) {
         ASSERT(m_parameters.options.mode == FetchOptions::Mode::Navigate);
         if (auto* session = m_connection->networkProcess().networkSession(sessionID())) {
@@ -221,7 +224,7 @@
                 // FIXME: Deal with credentials (https://bugs.webkit.org/show_bug.cgi?id=200000)
                 if (!entry->redirectRequest.isNull()) {
                     auto cacheEntry = m_cache->makeRedirectEntry(request, entry->response, entry->redirectRequest);
-                    loader->retrieveCacheEntryInternal(WTFMove(cacheEntry), ResourceRequest { request });
+                    retrieveCacheEntryInternal(WTFMove(cacheEntry), ResourceRequest { request });
                     auto maxAgeCap = validateCacheEntryForMaxAgeCapValidation(request, entry->redirectRequest, entry->response);
                     m_cache->storeRedirect(request, entry->response, entry->redirectRequest, maxAgeCap);
                     return;
@@ -228,26 +231,24 @@
                 }
                 auto buffer = entry->releaseBuffer();
                 auto cacheEntry = m_cache->makeEntry(request, entry->response, buffer.copyRef());
-                loader->retrieveCacheEntryInternal(WTFMove(cacheEntry), ResourceRequest { request });
+                retrieveCacheEntryInternal(WTFMove(cacheEntry), ResourceRequest { request });
                 m_cache->store(request, entry->response, WTFMove(buffer), nullptr);
                 return;
             }
         }
     }
-    m_cache->retrieve(request, { m_parameters.webPageID, m_parameters.webFrameID }, [this, loader = WTFMove(loader), request = ResourceRequest { request }](auto entry, auto info) mutable {
-        if (loader->hasOneRef()) {
-            // The loader has been aborted and is only held alive by this lambda.
+    m_cache->retrieve(request, { m_parameters.webPageID, m_parameters.webFrameID }, [this, weakThis = makeWeakPtr(*this), request = ResourceRequest { request }](auto entry, auto info) mutable {
+        if (!weakThis)
             return;
-        }
 
-        loader->logSlowCacheRetrieveIfNeeded(info);
+        logSlowCacheRetrieveIfNeeded(info);
 
         if (!entry) {
             RELEASE_LOG_IF_ALLOWED("retrieveCacheEntry: Resource not in cache (pageID = %" PRIu64 ", frameID = %" PRIu64 ", resourceID = %" PRIu64 ", isMainResource = %d, isSynchronous = %d)", m_parameters.webPageID.toUInt64(), m_parameters.webFrameID, m_parameters.identifier, isMainResource(), isSynchronous());
-            loader->startNetworkLoad(WTFMove(request), FirstLoad::Yes);
+            startNetworkLoad(WTFMove(request), FirstLoad::Yes);
             return;
         }
-        loader->retrieveCacheEntryInternal(WTFMove(entry), WTFMove(request));
+        retrieveCacheEntryInternal(WTFMove(entry), WTFMove(request));
     });
 }

Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h (248539 => 248540)


--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h	2019-08-12 19:17:56 UTC (rev 248539)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.h	2019-08-12 19:22:24 UTC (rev 248540)
@@ -36,6 +36,7 @@
 #include <WebCore/ResourceResponse.h>
 #include <WebCore/SecurityPolicyViolationEvent.h>
 #include <WebCore/Timer.h>
+#include <wtf/WeakPtr.h>
 
 namespace WebCore {
 class BlobDataFileReference;
@@ -58,7 +59,8 @@
     : public RefCounted<NetworkResourceLoader>
     , public NetworkLoadClient
     , public IPC::MessageSender
-    , public WebCore::ContentSecurityPolicyClient {
+    , public WebCore::ContentSecurityPolicyClient
+    , public CanMakeWeakPtr<NetworkResourceLoader> {
 public:
     static Ref<NetworkResourceLoader> create(NetworkResourceLoadParameters&& parameters, NetworkConnectionToWebProcess& connection, Messages::NetworkConnectionToWebProcess::PerformSynchronousLoad::DelayedReply&& reply = nullptr)
     {

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to