Skip to site navigation (Press enter)

[webkit-changes] [269512] trunk/Source/WebCore

commit-queue Wed, 11 Nov 2020 07:38:29 -0800

Title: [269512] trunk/Source/WebCore

Revision: 269512
Author: [email protected]
Date: 2020-11-06 08:01:31 -0800 (Fri, 06 Nov 2020)

Log Message

Fix crashes around NetworkStorageSession::registerCookieChangeListenersIfNecessary
https://bugs.webkit.org/show_bug.cgi?id=218626
<rdar://66837628>


Patch by Alex Christensen <[email protected]> on 2020-11-06
Reviewed by Chris Dumez.

We need to check if the NetworkStorageSession has been deallocated before using its member variables in a callback from CFNetwork.

* platform/network/NetworkStorageSession.h:
* platform/network/cocoa/NetworkStorageSessionCocoa.mm:
(WebCore::NetworkStorageSession::registerCookieChangeListenersIfNecessary):

Modified Paths

trunk/Source/WebCore/ChangeLog
trunk/Source/WebCore/platform/network/NetworkStorageSession.h
trunk/Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm

Diff

Modified: trunk/Source/WebCore/ChangeLog (269511 => 269512)


--- trunk/Source/WebCore/ChangeLog	2020-11-06 15:50:49 UTC (rev 269511)
+++ trunk/Source/WebCore/ChangeLog	2020-11-06 16:01:31 UTC (rev 269512)
@@ -1,3 +1,17 @@
+2020-11-06  Alex Christensen  <[email protected]>
+
+        Fix crashes around NetworkStorageSession::registerCookieChangeListenersIfNecessary
+        https://bugs.webkit.org/show_bug.cgi?id=218626
+        <rdar://66837628>
+
+        Reviewed by Chris Dumez.
+
+        We need to check if the NetworkStorageSession has been deallocated before using its member variables in a callback from CFNetwork.
+
+        * platform/network/NetworkStorageSession.h:
+        * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
+        (WebCore::NetworkStorageSession::registerCookieChangeListenersIfNecessary):
+
 2020-11-06  Antti Koivisto  <[email protected]>
 
         [LFC][Integration] localCaretOffset should use iterator

Modified: trunk/Source/WebCore/platform/network/NetworkStorageSession.h (269511 => 269512)


--- trunk/Source/WebCore/platform/network/NetworkStorageSession.h	2020-11-06 15:50:49 UTC (rev 269511)
+++ trunk/Source/WebCore/platform/network/NetworkStorageSession.h	2020-11-06 16:01:31 UTC (rev 269512)
@@ -36,6 +36,7 @@
 #include <wtf/HashMap.h>
 #include <wtf/HashSet.h>
 #include <wtf/WallTime.h>
+#include <wtf/WeakPtr.h>
 #include <wtf/text/WTFString.h>
 
 #if PLATFORM(COCOA) || USE(CFURLCONNECTION)
@@ -98,7 +99,7 @@
 };
 #endif
 
-class NetworkStorageSession {
+class NetworkStorageSession : public CanMakeWeakPtr<NetworkStorageSession> {
     WTF_MAKE_NONCOPYABLE(NetworkStorageSession); WTF_MAKE_FAST_ALLOCATED;
 public:
     using TopFrameDomain = WebCore::RegistrableDomain;

Modified: trunk/Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm (269511 => 269512)


--- trunk/Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm	2020-11-06 15:50:49 UTC (rev 269511)
+++ trunk/Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm	2020-11-06 16:01:31 UTC (rev 269512)
@@ -33,6 +33,7 @@
 #import "SameSiteInfo.h"
 #import <pal/spi/cf/CFNetworkSPI.h>
 #import <wtf/BlockObjCExceptions.h>
+#import <wtf/BlockPtr.h>
 #import <wtf/Optional.h>
 #import <wtf/ProcessPrivilege.h>
 #import <wtf/URL.h>
@@ -624,7 +625,9 @@
 
     m_didRegisterCookieListeners = true;
 
-    [nsCookieStorage() _setCookiesChangedHandler:^(NSArray<NSHTTPCookie*>* addedCookies, NSString* domainForChangedCookie) {
+    [nsCookieStorage() _setCookiesChangedHandler:makeBlockPtr([this, weakThis = makeWeakPtr(*this)](NSArray<NSHTTPCookie *> *addedCookies, NSString *domainForChangedCookie) {
+        if (!weakThis)
+            return;
         String host = domainForChangedCookie;
         auto it = m_cookieChangeObservers.find(host);
         if (it == m_cookieChangeObservers.end())
@@ -634,9 +637,11 @@
             return;
         for (auto* observer : it->value)
             observer->cookiesAdded(host, cookies);
-    } onQueue:dispatch_get_main_queue()];
+    }).get() onQueue:dispatch_get_main_queue()];
 
-    [nsCookieStorage() _setCookiesRemovedHandler:^(NSArray<NSHTTPCookie*>* removedCookies, NSString* domainForRemovedCookies, bool removeAllCookies) {
+    [nsCookieStorage() _setCookiesRemovedHandler:makeBlockPtr([this, weakThis = makeWeakPtr(*this)](NSArray<NSHTTPCookie *> *removedCookies, NSString *domainForRemovedCookies, bool removeAllCookies) {
+        if (!weakThis)
+            return;
         if (removeAllCookies) {
             for (auto& observers : m_cookieChangeObservers.values()) {
                 for (auto* observer : observers)
@@ -655,7 +660,7 @@
             return;
         for (auto* observer : it->value)
             observer->cookiesDeleted(host, cookies);
-    } onQueue:dispatch_get_main_queue()];
+    }).get() onQueue:dispatch_get_main_queue()];
 }
 
 void NetworkStorageSession::unregisterCookieChangeListenersIfNecessary()

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes