Diff
Modified: releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/ChangeLog 2020-02-06 15:10:47 UTC (rev 255934)
@@ -1,3 +1,19 @@
+2020-02-05 Chris Dumez <[email protected]>
+
+ Regression(r248734) StorageAreaMap objects are getting leaked
+ https://bugs.webkit.org/show_bug.cgi?id=207073
+ <rdar://problem/59168065>
+
+ Reviewed by Darin Adler.
+
+ Add layout test coverage.
+
+ * TestExpectations:
+ * http/tests/storage/resources/storage-map-leaking-iframe.html: Added.
+ * http/tests/storage/storage-map-leaking-expected.txt: Added.
+ * http/tests/storage/storage-map-leaking.html: Added.
+ * platform/wk2/TestExpectations:
+
2020-02-05 Diego Pino Garcia <[email protected]>
[GTK] Gardening, new baselines and update TestExpectations
Modified: releases/WebKitGTK/webkit-2.28/LayoutTests/TestExpectations (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/TestExpectations 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/TestExpectations 2020-02-06 15:10:47 UTC (rev 255934)
@@ -827,6 +827,9 @@
# This test currently only works for mac-wk2
fast/events/inactive-window-no-mouse-event.html [ Skip ]
+# This test is only relevant for WebKit2.
+http/tests/storage/storage-map-leaking.html [ Skip ]
+
# The Web Share API is currently only implemented for modern WebKit on iOS and macOS
fast/web-share [ Skip ]
Added: releases/WebKitGTK/webkit-2.28/LayoutTests/http/tests/storage/resources/storage-map-leaking-iframe.html (0 => 255934)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/http/tests/storage/resources/storage-map-leaking-iframe.html (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/http/tests/storage/resources/storage-map-leaking-iframe.html 2020-02-06 15:10:47 UTC (rev 255934)
@@ -0,0 +1,3 @@
+<script>
+localStorage.setItem("foo", "bar");
+</script>
Added: releases/WebKitGTK/webkit-2.28/LayoutTests/http/tests/storage/storage-map-leaking-expected.txt (0 => 255934)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/http/tests/storage/storage-map-leaking-expected.txt (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/http/tests/storage/storage-map-leaking-expected.txt 2020-02-06 15:10:47 UTC (rev 255934)
@@ -0,0 +1,10 @@
+Make sure that StorageAreaMap objects do no leak.
+
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+
+
+PASS StorageAreaMap objects are not leaking
+PASS successfullyParsed is true
+
+TEST COMPLETE
+
Added: releases/WebKitGTK/webkit-2.28/LayoutTests/http/tests/storage/storage-map-leaking.html (0 => 255934)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/http/tests/storage/storage-map-leaking.html (rev 0)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/http/tests/storage/storage-map-leaking.html 2020-02-06 15:10:47 UTC (rev 255934)
@@ -0,0 +1,27 @@
+<!DOCTYPE html>
+<html>
+<body>
+<script src=""
+<script>
+description("Make sure that StorageAreaMap objects do no leak.");
+jsTestIsAsync = true;
+localStorage.setItem("foo", "bar");
+
+_onload_ = function() {
+ initialStorageAreaMapCount = internals.storageAreaMapCount;
+
+ document.getElementById("testFrame").remove();
+
+ handle = setInterval(() => {
+ gc()
+ if (internals.storageAreaMapCount < initialStorageAreaMapCount) {
+ testPassed("StorageAreaMap objects are not leaking");
+ clearInterval(handle);
+ finishJSTest();
+ }
+ }, 10);
+}
+</script>
+<iframe id="testFrame" src=""
+</body>
+</html>
Modified: releases/WebKitGTK/webkit-2.28/LayoutTests/platform/wk2/TestExpectations (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/LayoutTests/platform/wk2/TestExpectations 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/LayoutTests/platform/wk2/TestExpectations 2020-02-06 15:10:47 UTC (rev 255934)
@@ -702,6 +702,9 @@
fast/images/animated-gif-no-layout.html [ Pass ]
fast/images/gif-loop-count.html [ Pass ]
+# Only relevant for WebKit2
+http/tests/storage/storage-map-leaking.html [ Pass ]
+
# DumpRenderTree does not implement setWillSendRequestHTTPBody
http/tests/misc/will-send-request-with-client-provided-http-body.html [ Pass ]
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/ChangeLog 2020-02-06 15:10:47 UTC (rev 255934)
@@ -1,3 +1,23 @@
+2020-02-05 Chris Dumez <[email protected]>
+
+ Regression(r248734) StorageAreaMap objects are getting leaked
+ https://bugs.webkit.org/show_bug.cgi?id=207073
+ <rdar://problem/59168065>
+
+ Reviewed by Darin Adler.
+
+ Add test infrastructure for testing this change.
+
+ Test: http/tests/storage/storage-map-leaking.html
+
+ * storage/StorageNamespace.h:
+ (WebCore::StorageNamespace::storageAreaMapCountForTesting const):
+ * storage/StorageNamespaceProvider.h:
+ * testing/Internals.cpp:
+ (WebCore::Internals::storageAreaMapCount const):
+ * testing/Internals.h:
+ * testing/Internals.idl:
+
2020-02-05 Alex Christensen <[email protected]>
Make WKWebView._negotiatedLegacyTLS accurate when loading main resouorce from network or cache
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/storage/StorageNamespace.h (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/storage/StorageNamespace.h 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/storage/StorageNamespace.h 2020-02-06 15:10:47 UTC (rev 255934)
@@ -48,6 +48,8 @@
virtual PAL::SessionID sessionID() const = 0;
virtual void setSessionIDForTesting(PAL::SessionID) = 0;
+
+ virtual uint64_t storageAreaMapCountForTesting() const { return 0; }
};
} // namespace WebCore
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/storage/StorageNamespaceProvider.h (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/storage/StorageNamespaceProvider.h 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/storage/StorageNamespaceProvider.h 2020-02-06 15:10:47 UTC (rev 255934)
@@ -58,7 +58,8 @@
StorageNamespace* optionalLocalStorageNamespace() { return m_localStorageNamespace.get(); }
private:
- StorageNamespace& localStorageNamespace(PAL::SessionID);
+ friend class Internals;
+ WEBCORE_TESTSUPPORT_EXPORT StorageNamespace& localStorageNamespace(PAL::SessionID);
StorageNamespace& transientLocalStorageNamespace(SecurityOrigin&, PAL::SessionID);
virtual Ref<StorageNamespace> createLocalStorageNamespace(unsigned quota, PAL::SessionID) = 0;
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/testing/Internals.cpp (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/testing/Internals.cpp 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/testing/Internals.cpp 2020-02-06 15:10:47 UTC (rev 255934)
@@ -176,6 +176,8 @@
#include "SourceBuffer.h"
#include "SpellChecker.h"
#include "StaticNodeList.h"
+#include "StorageNamespace.h"
+#include "StorageNamespaceProvider.h"
#include "StringCallback.h"
#include "StyleResolver.h"
#include "StyleRule.h"
@@ -2531,6 +2533,15 @@
return Document::allDocumentsMap().contains(makeObjectIdentifier<DocumentIdentifierType>(documentIdentifier));
}
+uint64_t Internals::storageAreaMapCount() const
+{
+ auto* page = contextDocument() ? contextDocument()->page() : nullptr;
+ if (!page)
+ return 0;
+
+ return page->storageNamespaceProvider().localStorageNamespace(page->sessionID()).storageAreaMapCountForTesting();
+}
+
uint64_t Internals::elementIdentifier(Element& element) const
{
return element.document().identifierForElement(element).toUInt64();
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/testing/Internals.h (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/testing/Internals.h 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/testing/Internals.h 2020-02-06 15:10:47 UTC (rev 255934)
@@ -424,6 +424,8 @@
uint64_t documentIdentifier(const Document&) const;
bool isDocumentAlive(uint64_t documentIdentifier) const;
+ uint64_t storageAreaMapCount() const;
+
uint64_t elementIdentifier(Element&) const;
uint64_t frameIdentifier(const Document&) const;
uint64_t pageIdentifier(const Document&) const;
Modified: releases/WebKitGTK/webkit-2.28/Source/WebCore/testing/Internals.idl (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebCore/testing/Internals.idl 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebCore/testing/Internals.idl 2020-02-06 15:10:47 UTC (rev 255934)
@@ -734,6 +734,8 @@
unsigned long long documentIdentifier(Document document);
boolean isDocumentAlive(unsigned long long documentIdentifier);
+ readonly attribute unsigned long long storageAreaMapCount;
+
unsigned long long elementIdentifier(Element element);
unsigned long long frameIdentifier(Document document);
unsigned long long pageIdentifier(Document document);
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/ChangeLog 2020-02-06 15:10:47 UTC (rev 255934)
@@ -1,5 +1,32 @@
2020-02-05 Chris Dumez <[email protected]>
+ Regression(r248734) StorageAreaMap objects are getting leaked
+ https://bugs.webkit.org/show_bug.cgi?id=207073
+ <rdar://problem/59168065>
+
+ Reviewed by Darin Adler.
+
+ Make sure that StorageAreaMap objects are getting removed from the HashMap
+ in StorageNamespaceImpl, once they no longer have any users.
+
+ * WebProcess/WebStorage/StorageAreaImpl.cpp:
+ (WebKit::StorageAreaImpl::StorageAreaImpl):
+ (WebKit::StorageAreaImpl::~StorageAreaImpl):
+ * WebProcess/WebStorage/StorageAreaMap.cpp:
+ (WebKit::StorageAreaMap::incrementUseCount):
+ (WebKit::StorageAreaMap::decrementUseCount):
+ * WebProcess/WebStorage/StorageAreaMap.h:
+ * WebProcess/WebStorage/StorageNamespaceImpl.cpp:
+ (WebKit::StorageNamespaceImpl::destroyStorageAreaMap):
+ (WebKit::StorageNamespaceImpl::didDestroyStorageAreaMap): Deleted.
+ * WebProcess/WebStorage/StorageNamespaceImpl.h:
+ (WebKit::StorageNamespaceImpl::storageType const): Deleted.
+ (WebKit::StorageNamespaceImpl::storageNamespaceID const): Deleted.
+ (WebKit::StorageNamespaceImpl::topLevelOrigin const): Deleted.
+ (WebKit::StorageNamespaceImpl::quotaInBytes const): Deleted.
+
+2020-02-05 Chris Dumez <[email protected]>
+
[IPC hardening] Protect against bad identifier in CacheStorageEngineConnection::reference() / dereference()
https://bugs.webkit.org/show_bug.cgi?id=207302
<rdar://problem/59016099>
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageAreaImpl.cpp (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageAreaImpl.cpp 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageAreaImpl.cpp 2020-02-06 15:10:47 UTC (rev 255934)
@@ -46,10 +46,13 @@
: m_identifier(Identifier::generate())
, m_storageAreaMap(makeWeakPtr(storageAreaMap))
{
+ storageAreaMap.incrementUseCount();
}
StorageAreaImpl::~StorageAreaImpl()
{
+ if (m_storageAreaMap)
+ m_storageAreaMap->decrementUseCount();
}
unsigned StorageAreaImpl::length()
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageAreaMap.cpp (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageAreaMap.cpp 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageAreaMap.cpp 2020-02-06 15:10:47 UTC (rev 255934)
@@ -364,4 +364,15 @@
m_mapID = { };
}
+void StorageAreaMap::incrementUseCount()
+{
+ ++m_useCount;
+}
+
+void StorageAreaMap::decrementUseCount()
+{
+ if (!--m_useCount)
+ m_namespace.destroyStorageAreaMap(*this);
+}
+
} // namespace WebKit
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageAreaMap.h (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageAreaMap.h 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageAreaMap.h 2020-02-06 15:10:47 UTC (rev 255934)
@@ -70,6 +70,9 @@
void disconnect();
+ void incrementUseCount();
+ void decrementUseCount();
+
private:
void didSetItem(uint64_t mapSeed, const String& key, bool quotaError);
void didRemoveItem(uint64_t mapSeed, const String& key);
@@ -97,6 +100,7 @@
uint64_t m_currentSeed { 0 };
unsigned m_quotaInBytes;
WebCore::StorageType m_type;
+ uint64_t m_useCount { 0 };
bool m_hasPendingClear { false };
};
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageNamespaceImpl.cpp (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageNamespaceImpl.cpp 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageNamespaceImpl.cpp 2020-02-06 15:10:47 UTC (rev 255934)
@@ -95,7 +95,7 @@
return WebProcess::singleton().sessionID();
}
-void StorageNamespaceImpl::didDestroyStorageAreaMap(StorageAreaMap& map)
+void StorageNamespaceImpl::destroyStorageAreaMap(StorageAreaMap& map)
{
m_storageAreaMaps.remove(map.securityOrigin().data());
}
Modified: releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageNamespaceImpl.h (255933 => 255934)
--- releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageNamespaceImpl.h 2020-02-06 15:10:36 UTC (rev 255933)
+++ releases/WebKitGTK/webkit-2.28/Source/WebKit/WebProcess/WebStorage/StorageNamespaceImpl.h 2020-02-06 15:10:47 UTC (rev 255934)
@@ -40,7 +40,7 @@
class StorageAreaMap;
class WebPage;
-class StorageNamespaceImpl : public WebCore::StorageNamespace {
+class StorageNamespaceImpl final : public WebCore::StorageNamespace {
public:
using Identifier = StorageNamespaceIdentifier;
@@ -58,7 +58,7 @@
unsigned quotaInBytes() const { return m_quotaInBytes; }
PAL::SessionID sessionID() const override;
- void didDestroyStorageAreaMap(StorageAreaMap&);
+ void destroyStorageAreaMap(StorageAreaMap&);
void setSessionIDForTesting(PAL::SessionID) override;
@@ -66,6 +66,7 @@
StorageNamespaceImpl(WebCore::StorageType, Identifier, const Optional<WebCore::PageIdentifier>&, WebCore::SecurityOrigin* topLevelOrigin, unsigned quotaInBytes);
Ref<WebCore::StorageArea> storageArea(const WebCore::SecurityOriginData&) override;
+ uint64_t storageAreaMapCountForTesting() const final { return m_storageAreaMaps.size(); }
// FIXME: This is only valid for session storage and should probably be moved to a subclass.
Ref<WebCore::StorageNamespace> copy(WebCore::Page&) override;
