Title: [271263] trunk/Source/WebKit
- Revision
- 271263
- Author
- [email protected]
- Date
- 2021-01-07 15:09:45 -0800 (Thu, 07 Jan 2021)
Log Message
Assertion failure in WebPageProxy::stopURLSchemeTask,
https://bugs.webkit.org/show_bug.cgi?id=220401
Patch by Alex Christensen <[email protected]> on 2021-01-07
Reviewed by Ryosuke Niwa.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::startURLSchemeTaskShared):
(WebKit::WebPageProxy::stopURLSchemeTask):
(WebKit::WebPageProxy::loadSynchronousURLSchemeTask):
* UIProcess/WebURLSchemeHandler.cpp:
(WebKit::WebURLSchemeHandler::processForTaskIdentifier const):
(WebKit::WebURLSchemeHandler::stopTask):
(WebKit::WebURLSchemeHandler::removeTaskFromPageMap):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (271262 => 271263)
--- trunk/Source/WebKit/ChangeLog 2021-01-07 23:09:29 UTC (rev 271262)
+++ trunk/Source/WebKit/ChangeLog 2021-01-07 23:09:45 UTC (rev 271263)
@@ -1,3 +1,19 @@
+2021-01-07 Alex Christensen <[email protected]>
+
+ Assertion failure in WebPageProxy::stopURLSchemeTask,
+ https://bugs.webkit.org/show_bug.cgi?id=220401
+
+ Reviewed by Ryosuke Niwa.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::startURLSchemeTaskShared):
+ (WebKit::WebPageProxy::stopURLSchemeTask):
+ (WebKit::WebPageProxy::loadSynchronousURLSchemeTask):
+ * UIProcess/WebURLSchemeHandler.cpp:
+ (WebKit::WebURLSchemeHandler::processForTaskIdentifier const):
+ (WebKit::WebURLSchemeHandler::stopTask):
+ (WebKit::WebURLSchemeHandler::removeTaskFromPageMap):
+
2021-01-07 Andy Estes <[email protected]>
[Mac] Prepend "Media" to FormatReader, SampleCursor, and TrackReader class names
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (271262 => 271263)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2021-01-07 23:09:29 UTC (rev 271262)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2021-01-07 23:09:45 UTC (rev 271263)
@@ -9544,6 +9544,7 @@
void WebPageProxy::startURLSchemeTaskShared(Ref<WebProcessProxy>&& process, PageIdentifier webPageID, URLSchemeTaskParameters&& parameters)
{
+ MESSAGE_CHECK(m_process, decltype(m_urlSchemeHandlersByIdentifier)::isValidKey(parameters.handlerIdentifier));
auto iterator = m_urlSchemeHandlersByIdentifier.find(parameters.handlerIdentifier);
MESSAGE_CHECK(process, iterator != m_urlSchemeHandlersByIdentifier.end());
@@ -9552,6 +9553,7 @@
void WebPageProxy::stopURLSchemeTask(uint64_t handlerIdentifier, uint64_t taskIdentifier)
{
+ MESSAGE_CHECK(m_process, decltype(m_urlSchemeHandlersByIdentifier)::isValidKey(handlerIdentifier));
auto iterator = m_urlSchemeHandlersByIdentifier.find(handlerIdentifier);
MESSAGE_CHECK(m_process, iterator != m_urlSchemeHandlersByIdentifier.end());
@@ -9560,6 +9562,7 @@
void WebPageProxy::loadSynchronousURLSchemeTask(URLSchemeTaskParameters&& parameters, Messages::WebPageProxy::LoadSynchronousURLSchemeTask::DelayedReply&& reply)
{
+ MESSAGE_CHECK(m_process, decltype(m_urlSchemeHandlersByIdentifier)::isValidKey(parameters.handlerIdentifier));
auto iterator = m_urlSchemeHandlersByIdentifier.find(parameters.handlerIdentifier);
MESSAGE_CHECK(m_process, iterator != m_urlSchemeHandlersByIdentifier.end());
Modified: trunk/Source/WebKit/UIProcess/WebURLSchemeHandler.cpp (271262 => 271263)
--- trunk/Source/WebKit/UIProcess/WebURLSchemeHandler.cpp 2021-01-07 23:09:29 UTC (rev 271262)
+++ trunk/Source/WebKit/UIProcess/WebURLSchemeHandler.cpp 2021-01-07 23:09:45 UTC (rev 271263)
@@ -64,6 +64,8 @@
WebProcessProxy* WebURLSchemeHandler::processForTaskIdentifier(uint64_t taskIdentifier) const
{
+ if (!decltype(m_tasks)::isValidKey(taskIdentifier))
+ return nullptr;
auto iterator = m_tasks.find(taskIdentifier);
if (iterator == m_tasks.end())
return nullptr;
@@ -91,6 +93,8 @@
void WebURLSchemeHandler::stopTask(WebPageProxy& page, uint64_t taskIdentifier)
{
+ if (!decltype(m_tasks)::isValidKey(taskIdentifier))
+ return;
auto iterator = m_tasks.find(taskIdentifier);
if (iterator == m_tasks.end())
return;
@@ -116,6 +120,8 @@
auto iterator = m_tasksByPageIdentifier.find(pageID);
ASSERT(iterator != m_tasksByPageIdentifier.end());
ASSERT(iterator->value.contains(taskID));
+ if (!decltype(iterator->value)::isValidValue(taskID))
+ return;
iterator->value.remove(taskID);
if (iterator->value.isEmpty())
m_tasksByPageIdentifier.remove(iterator);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
