Title: [252849] trunk/Source
- Revision
- 252849
- Author
- [email protected]
- Date
- 2019-11-25 01:15:15 -0800 (Mon, 25 Nov 2019)
Log Message
Crash in WebCore::ServiceWorkerRegistrationKey::hash() const
https://bugs.webkit.org/show_bug.cgi?id=204497
<rdar://problem/57348603>
Reviewed by Alex Christensen.
Source/WebCore:
Update ServiceWorkerContainer::jobResolvedWithRegistration to handle the case of a
ServiceWorkerContainer that might have a job whose promise is not related to the same context.
In that case, the ServiceWorkerContainer might get stopped, thus its m_ongoingSettledRegistrations be cleared.
But the promise may get settled shortly after since its context is not stopped and will then retrieve an empty registration data key.
This is difficult to test given we do not control when the resolvedWithRegistration task is posted to the client.
* workers/service/ServiceWorkerContainer.cpp:
(WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
* workers/service/ServiceWorkerRegistrationKey.h:
(WebCore::ServiceWorkerRegistrationKey::encode const):
Add release asserts to make sure we do not store/transfer empty registration keys.
Source/WebKit:
* WebProcess/Storage/WebSWClientConnection.cpp:
(WebKit::WebSWClientConnection::scheduleJobInServer):
Add a release assert to be able to further debug the crash.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (252848 => 252849)
--- trunk/Source/WebCore/ChangeLog 2019-11-25 09:13:41 UTC (rev 252848)
+++ trunk/Source/WebCore/ChangeLog 2019-11-25 09:15:15 UTC (rev 252849)
@@ -1,5 +1,25 @@
2019-11-25 Youenn Fablet <[email protected]>
+ Crash in WebCore::ServiceWorkerRegistrationKey::hash() const
+ https://bugs.webkit.org/show_bug.cgi?id=204497
+ <rdar://problem/57348603>
+
+ Reviewed by Alex Christensen.
+
+ Update ServiceWorkerContainer::jobResolvedWithRegistration to handle the case of a
+ ServiceWorkerContainer that might have a job whose promise is not related to the same context.
+ In that case, the ServiceWorkerContainer might get stopped, thus its m_ongoingSettledRegistrations be cleared.
+ But the promise may get settled shortly after since its context is not stopped and will then retrieve an empty registration data key.
+ This is difficult to test given we do not control when the resolvedWithRegistration task is posted to the client.
+
+ * workers/service/ServiceWorkerContainer.cpp:
+ (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
+ * workers/service/ServiceWorkerRegistrationKey.h:
+ (WebCore::ServiceWorkerRegistrationKey::encode const):
+ Add release asserts to make sure we do not store/transfer empty registration keys.
+
+2019-11-25 Youenn Fablet <[email protected]>
+
Use SWClientConnection instead of hopping to main thread in ServiceWorkerContainer
https://bugs.webkit.org/show_bug.cgi?id=204499
Modified: trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp (252848 => 252849)
--- trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp 2019-11-25 09:13:41 UTC (rev 252848)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp 2019-11-25 09:15:15 UTC (rev 252849)
@@ -392,7 +392,11 @@
if (shouldNotifyWhenResolved == ShouldNotifyWhenResolved::Yes) {
m_ongoingSettledRegistrations.add(++m_lastOngoingSettledRegistrationIdentifier, registration->data().key);
promise->whenSettled([this, protectedThis = WTFMove(protectedThis), identifier = m_lastOngoingSettledRegistrationIdentifier] {
- notifyRegistrationIsSettled(m_ongoingSettledRegistrations.take(identifier));
+ auto iterator = m_ongoingSettledRegistrations.find(identifier);
+ if (iterator == m_ongoingSettledRegistrations.end())
+ return;
+ notifyRegistrationIsSettled(iterator->value);
+ m_ongoingSettledRegistrations.remove(iterator);
});
}
Modified: trunk/Source/WebCore/workers/service/ServiceWorkerRegistrationKey.h (252848 => 252849)
--- trunk/Source/WebCore/workers/service/ServiceWorkerRegistrationKey.h 2019-11-25 09:13:41 UTC (rev 252848)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerRegistrationKey.h 2019-11-25 09:15:15 UTC (rev 252849)
@@ -73,6 +73,8 @@
template<class Encoder>
void ServiceWorkerRegistrationKey::encode(Encoder& encoder) const
{
+ RELEASE_ASSERT(!m_topOrigin.isEmpty());
+ RELEASE_ASSERT(!m_scope.isNull());
encoder << m_topOrigin << m_scope;
}
Modified: trunk/Source/WebKit/ChangeLog (252848 => 252849)
--- trunk/Source/WebKit/ChangeLog 2019-11-25 09:13:41 UTC (rev 252848)
+++ trunk/Source/WebKit/ChangeLog 2019-11-25 09:15:15 UTC (rev 252849)
@@ -1,3 +1,15 @@
+2019-11-25 Youenn Fablet <[email protected]>
+
+ Crash in WebCore::ServiceWorkerRegistrationKey::hash() const
+ https://bugs.webkit.org/show_bug.cgi?id=204497
+ <rdar://problem/57348603>
+
+ Reviewed by Alex Christensen.
+
+ * WebProcess/Storage/WebSWClientConnection.cpp:
+ (WebKit::WebSWClientConnection::scheduleJobInServer):
+ Add a release assert to be able to further debug the crash.
+
2019-11-23 John Wilander <[email protected]>
Resource Load Statistics: Allow multiple third-party cookie blocking settings
Modified: trunk/Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp (252848 => 252849)
--- trunk/Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp 2019-11-25 09:13:41 UTC (rev 252848)
+++ trunk/Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp 2019-11-25 09:15:15 UTC (rev 252849)
@@ -73,6 +73,7 @@
void WebSWClientConnection::scheduleJobInServer(const ServiceWorkerJobData& jobData)
{
+ RELEASE_ASSERT(!jobData.scopeURL.isNull());
runOrDelayTaskForImport([this, jobData] {
send(Messages::WebSWServerConnection::ScheduleJobInServer { jobData });
});
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
