Modified: branches/safari-608-branch/Source/WebKit/ChangeLog (248986 => 248987)
--- branches/safari-608-branch/Source/WebKit/ChangeLog 2019-08-22 01:25:41 UTC (rev 248986)
+++ branches/safari-608-branch/Source/WebKit/ChangeLog 2019-08-22 01:25:43 UTC (rev 248987)
@@ -1,3 +1,42 @@
+2019-08-21 Kocsen Chung <kocsen_ch...@apple.com>
+
+ Cherry-pick r248959. rdar://problem/54579630
+
+ Crash under StringImpl::~StringImpl() in NetworkProcess::deleteWebsiteDataForRegistrableDomains()
+ https://bugs.webkit.org/show_bug.cgi?id=200986
+ <rdar://problem/32850192>
+
+ Reviewed by Brent Fulgham.
+
+ Code was calling postStorageTask() with a lambda that captures Strings that are not isolated copied.
+ The lambda would get executed on another thread so this is not safe. The CrossThreadTask constructor
+ does not take care of this for you, despite its name (the createCrossThreadTask() function does though).
+
+ * NetworkProcess/NetworkProcess.cpp:
+ (WebKit::NetworkProcess::fetchWebsiteData):
+ (WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains):
+ (WebKit::NetworkProcess::registrableDomainsWithWebsiteData):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@248959 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-08-21 Chris Dumez <cdu...@apple.com>
+
+ Crash under StringImpl::~StringImpl() in NetworkProcess::deleteWebsiteDataForRegistrableDomains()
+ https://bugs.webkit.org/show_bug.cgi?id=200986
+ <rdar://problem/32850192>
+
+ Reviewed by Brent Fulgham.
+
+ Code was calling postStorageTask() with a lambda that captures Strings that are not isolated copied.
+ The lambda would get executed on another thread so this is not safe. The CrossThreadTask constructor
+ does not take care of this for you, despite its name (the createCrossThreadTask() function does though).
+
+ * NetworkProcess/NetworkProcess.cpp:
+ (WebKit::NetworkProcess::fetchWebsiteData):
+ (WebKit::NetworkProcess::deleteWebsiteDataForRegistrableDomains):
+ (WebKit::NetworkProcess::registrableDomainsWithWebsiteData):
+
2019-08-20 Babak Shafiei <bshaf...@apple.com>
Cherry-pick r248928. rdar://problem/54543351
Modified: branches/safari-608-branch/Source/WebKit/NetworkProcess/NetworkProcess.cpp (248986 => 248987)
--- branches/safari-608-branch/Source/WebKit/NetworkProcess/NetworkProcess.cpp 2019-08-22 01:25:41 UTC (rev 248986)
+++ branches/safari-608-branch/Source/WebKit/NetworkProcess/NetworkProcess.cpp 2019-08-22 01:25:43 UTC (rev 248987)
@@ -1339,7 +1339,7 @@
auto path = m_idbDatabasePaths.get(sessionID);
if (!path.isEmpty() && websiteDataTypes.contains(WebsiteDataType::IndexedDBDatabases)) {
// FIXME: Pick the right database store based on the session ID.
- postStorageTask(CrossThreadTask([this, callbackAggregator = callbackAggregator.copyRef(), path = WTFMove(path)]() mutable {
+ postStorageTask(CrossThreadTask([this, callbackAggregator = callbackAggregator.copyRef(), path = crossThreadCopy(path)]() mutable {
RunLoop::main().dispatch([callbackAggregator = WTFMove(callbackAggregator), securityOrigins = indexedDatabaseOrigins(path)] {
for (const auto& securityOrigin : securityOrigins)
callbackAggregator->m_websiteData.entries.append({ securityOrigin, WebsiteDataType::IndexedDBDatabases, 0 });
@@ -1717,8 +1717,8 @@
auto path = m_idbDatabasePaths.get(sessionID);
if (!path.isEmpty() && websiteDataTypes.contains(WebsiteDataType::IndexedDBDatabases)) {
// FIXME: Pick the right database store based on the session ID.
- postStorageTask(CrossThreadTask([this, sessionID, callbackAggregator = callbackAggregator.copyRef(), path = WTFMove(path), domainsToDeleteAllButCookiesFor]() mutable {
- RunLoop::main().dispatch([this, sessionID, domainsToDeleteAllButCookiesFor = crossThreadCopy(domainsToDeleteAllButCookiesFor), callbackAggregator = callbackAggregator.copyRef(), securityOrigins = indexedDatabaseOrigins(path)] {
+ postStorageTask(CrossThreadTask([this, sessionID, callbackAggregator = callbackAggregator.copyRef(), path = crossThreadCopy(path), domainsToDeleteAllButCookiesFor = crossThreadCopy(domainsToDeleteAllButCookiesFor)]() mutable {
+ RunLoop::main().dispatch([this, sessionID, domainsToDeleteAllButCookiesFor = WTFMove(domainsToDeleteAllButCookiesFor), callbackAggregator = callbackAggregator.copyRef(), securityOrigins = indexedDatabaseOrigins(path)] {
Vector<SecurityOriginData> entriesToDelete;
for (const auto& securityOrigin : securityOrigins) {
auto domain = RegistrableDomain::uncheckedCreateFromHost(securityOrigin.host);
@@ -1862,7 +1862,7 @@
auto path = m_idbDatabasePaths.get(sessionID);
if (!path.isEmpty() && websiteDataTypes.contains(WebsiteDataType::IndexedDBDatabases)) {
// FIXME: Pick the right database store based on the session ID.
- postStorageTask(CrossThreadTask([this, callbackAggregator = callbackAggregator.copyRef(), path = WTFMove(path)]() mutable {
+ postStorageTask(CrossThreadTask([this, callbackAggregator = callbackAggregator.copyRef(), path = crossThreadCopy(path)]() mutable {
RunLoop::main().dispatch([callbackAggregator = callbackAggregator.copyRef(), securityOrigins = indexedDatabaseOrigins(path)] {
for (const auto& securityOrigin : securityOrigins)
callbackAggregator->m_websiteData.entries.append({ securityOrigin, WebsiteDataType::IndexedDBDatabases, 0 });
