[webkit-changes] [272211] trunk/Source/WebCore

Tue, 02 Feb 2021 09:08:17 -0800

Title: [272211] trunk/Source/WebCore
Revision
272211
Author
[email protected]
Date
2021-02-02 09:07:34 -0800 (Tue, 02 Feb 2021)

Log Message

Crash under NetworkStorageSession::cookiesForSession()
https://bugs.webkit.org/show_bug.cgi?id=221227
<rdar://71975008>

Reviewed by Geoffrey Garen.

Retain NSArray of cookies in NetworkStorageSession::cookiesForSession() for clearer lifetime
management. This is a speculative fix for <rdar://71975008>.

* platform/network/NetworkStorageSession.h:
* platform/network/cocoa/NetworkStorageSessionCocoa.mm:
(WebCore::NetworkStorageSession::httpCookies const):
(WebCore::cookiesForURL):
(WebCore::NetworkStorageSession::httpCookiesForURL const):
(WebCore::NetworkStorageSession::cookiesForURL const):
(WebCore::NetworkStorageSession::cookiesForSession const):
(WebCore::NetworkStorageSession::getRawCookies const):
(WebCore::NetworkStorageSession::deleteCookie const):
(WebCore::NetworkStorageSession::getHostnamesWithCookies):
(WebCore::NetworkStorageSession::deleteCookiesForHostnames):

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (272210 => 272211)


--- trunk/Source/WebCore/ChangeLog	2021-02-02 16:35:35 UTC (rev 272210)
+++ trunk/Source/WebCore/ChangeLog	2021-02-02 17:07:34 UTC (rev 272211)
@@ -1,3 +1,26 @@
+2021-02-02  Chris Dumez  <[email protected]>
+
+        Crash under NetworkStorageSession::cookiesForSession()
+        https://bugs.webkit.org/show_bug.cgi?id=221227
+        <rdar://71975008>
+
+        Reviewed by Geoffrey Garen.
+
+        Retain NSArray of cookies in NetworkStorageSession::cookiesForSession() for clearer lifetime
+        management. This is a speculative fix for <rdar://71975008>.
+
+        * platform/network/NetworkStorageSession.h:
+        * platform/network/cocoa/NetworkStorageSessionCocoa.mm:
+        (WebCore::NetworkStorageSession::httpCookies const):
+        (WebCore::cookiesForURL):
+        (WebCore::NetworkStorageSession::httpCookiesForURL const):
+        (WebCore::NetworkStorageSession::cookiesForURL const):
+        (WebCore::NetworkStorageSession::cookiesForSession const):
+        (WebCore::NetworkStorageSession::getRawCookies const):
+        (WebCore::NetworkStorageSession::deleteCookie const):
+        (WebCore::NetworkStorageSession::getHostnamesWithCookies):
+        (WebCore::NetworkStorageSession::deleteCookiesForHostnames):
+
 2021-02-02  Zalan Bujtas  <[email protected]>
 
         [LFC][IFC] InlineContentBreaker::processOverflowingTextContent should return the overflowing run index

Modified: trunk/Source/WebCore/platform/network/NetworkStorageSession.h (272210 => 272211)


--- trunk/Source/WebCore/platform/network/NetworkStorageSession.h	2021-02-02 16:35:35 UTC (rev 272210)
+++ trunk/Source/WebCore/platform/network/NetworkStorageSession.h	2021-02-02 17:07:34 UTC (rev 272211)
@@ -232,9 +232,9 @@
 #if PLATFORM(COCOA)
     enum IncludeHTTPOnlyOrNot { DoNotIncludeHTTPOnly, IncludeHTTPOnly };
     std::pair<String, bool> cookiesForSession(const URL& firstParty, const SameSiteInfo&, const URL&, Optional<FrameIdentifier>, Optional<PageIdentifier>, IncludeHTTPOnlyOrNot, IncludeSecureCookies, ShouldAskITP, ShouldRelaxThirdPartyCookieBlocking) const;
-    NSArray *httpCookies(CFHTTPCookieStorageRef) const;
-    NSArray *httpCookiesForURL(CFHTTPCookieStorageRef, NSURL *firstParty, const Optional<SameSiteInfo>&, NSURL *) const;
-    NSArray *cookiesForURL(const URL& firstParty, const SameSiteInfo&, const URL&, Optional<FrameIdentifier>, Optional<PageIdentifier>, ShouldAskITP, ShouldRelaxThirdPartyCookieBlocking) const;
+    RetainPtr<NSArray> httpCookies(CFHTTPCookieStorageRef) const;
+    RetainPtr<NSArray> httpCookiesForURL(CFHTTPCookieStorageRef, NSURL *firstParty, const Optional<SameSiteInfo>&, NSURL *) const;
+    RetainPtr<NSArray> cookiesForURL(const URL& firstParty, const SameSiteInfo&, const URL&, Optional<FrameIdentifier>, Optional<PageIdentifier>, ShouldAskITP, ShouldRelaxThirdPartyCookieBlocking) const;
     void setHTTPCookiesForURL(CFHTTPCookieStorageRef, NSArray *cookies, NSURL *, NSURL *mainDocumentURL, const SameSiteInfo&) const;
     void deleteHTTPCookie(CFHTTPCookieStorageRef, NSHTTPCookie *) const;
 #endif

Modified: trunk/Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm (272210 => 272211)


--- trunk/Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm	2021-02-02 16:35:35 UTC (rev 272210)
+++ trunk/Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm	2021-02-02 17:07:34 UTC (rev 272211)
@@ -213,7 +213,7 @@
     return storageSession.leakRef();
 }
 
-NSArray *NetworkStorageSession::httpCookies(CFHTTPCookieStorageRef cookieStorage) const
+RetainPtr<NSArray> NetworkStorageSession::httpCookies(CFHTTPCookieStorageRef cookieStorage) const
 {
     ASSERT(hasProcessPrivilege(ProcessPrivilege::CanAccessRawCookies) || m_isInMemoryCookieStore);
     if (!cookieStorage) {
@@ -249,7 +249,7 @@
 }
 #endif
 
-static NSArray *cookiesForURL(NSHTTPCookieStorage *storage, NSURL *url, NSURL *mainDocumentURL, const Optional<SameSiteInfo>& sameSiteInfo, NSString *partition = nullptr)
+static RetainPtr<NSArray> cookiesForURL(NSHTTPCookieStorage *storage, NSURL *url, NSURL *mainDocumentURL, const Optional<SameSiteInfo>& sameSiteInfo, NSString *partition = nullptr)
 {
     // The _getCookiesForURL: method calls the completionHandler synchronously. We use Optional<> to ensure this invariant.
     Optional<RetainPtr<NSArray>> cookiesPtr;
@@ -267,7 +267,7 @@
     UNUSED_PARAM(sameSiteInfo);
 #endif
     ASSERT(!!cookiesPtr);
-    return cookiesPtr->autorelease();
+    return *cookiesPtr;
 }
 
 void NetworkStorageSession::setHTTPCookiesForURL(CFHTTPCookieStorageRef cookieStorage, NSArray *cookies, NSURL *url, NSURL *mainDocumentURL, const SameSiteInfo& sameSiteInfo) const
@@ -301,7 +301,7 @@
 #endif
 }
 
-NSArray *NetworkStorageSession::httpCookiesForURL(CFHTTPCookieStorageRef cookieStorage, NSURL *firstParty, const Optional<SameSiteInfo>& sameSiteInfo, NSURL *url) const
+RetainPtr<NSArray> NetworkStorageSession::httpCookiesForURL(CFHTTPCookieStorageRef cookieStorage, NSURL *firstParty, const Optional<SameSiteInfo>& sameSiteInfo, NSURL *url) const
 {
     ASSERT(hasProcessPrivilege(ProcessPrivilege::CanAccessRawCookies) || m_isInMemoryCookieStore);
     if (!cookieStorage) {
@@ -329,7 +329,7 @@
     return cookie;
 }
 
-NSArray *NetworkStorageSession::cookiesForURL(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, Optional<FrameIdentifier> frameID, Optional<PageIdentifier> pageID, ShouldAskITP shouldAskITP, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking) const
+RetainPtr<NSArray> NetworkStorageSession::cookiesForURL(const URL& firstParty, const SameSiteInfo& sameSiteInfo, const URL& url, Optional<FrameIdentifier> frameID, Optional<PageIdentifier> pageID, ShouldAskITP shouldAskITP, ShouldRelaxThirdPartyCookieBlocking shouldRelaxThirdPartyCookieBlocking) const
 {
 #if ENABLE(RESOURCE_LOAD_STATISTICS)
     if (shouldAskITP == ShouldAskITP::Yes && shouldBlockCookies(firstParty, url, frameID, pageID, shouldRelaxThirdPartyCookieBlocking))
@@ -348,13 +348,13 @@
 
     BEGIN_BLOCK_OBJC_EXCEPTIONS
 
-    NSArray *cookies = cookiesForURL(firstParty, sameSiteInfo, url, frameID, pageID, shouldAskITP, shouldRelaxThirdPartyCookieBlocking);
-    if (![cookies count])
+    RetainPtr<NSArray> cookies = cookiesForURL(firstParty, sameSiteInfo, url, frameID, pageID, shouldAskITP, shouldRelaxThirdPartyCookieBlocking);
+    if (!cookies || ![cookies count])
         return { String(), false }; // Return a null string, not an empty one that StringBuilder would create below.
 
     StringBuilder cookiesBuilder;
     bool didAccessSecureCookies = false;
-    for (NSHTTPCookie *cookie in cookies) {
+    for (NSHTTPCookie *cookie in cookies.get()) {
         if (![[cookie name] length])
             continue;
 
@@ -501,7 +501,7 @@
     rawCookies.clear();
     BEGIN_BLOCK_OBJC_EXCEPTIONS
 
-    NSArray *cookies = cookiesForURL(firstParty, sameSiteInfo, url, frameID, pageID, shouldAskITP, shouldRelaxThirdPartyCookieBlocking);
+    RetainPtr<NSArray> cookies = cookiesForURL(firstParty, sameSiteInfo, url, frameID, pageID, shouldAskITP, shouldRelaxThirdPartyCookieBlocking);
     NSUInteger count = [cookies count];
     rawCookies.reserveCapacity(count);
     for (NSUInteger i = 0; i < count; ++i) {
@@ -520,7 +520,7 @@
     BEGIN_BLOCK_OBJC_EXCEPTIONS
 
     RetainPtr<CFHTTPCookieStorageRef> cookieStorage = this->cookieStorage();
-    NSArray *cookies = httpCookiesForURL(cookieStorage.get(), nil, WTF::nullopt, url);
+    RetainPtr<NSArray> cookies = httpCookiesForURL(cookieStorage.get(), nil, WTF::nullopt, url);
 
     NSString *cookieNameString = cookieName;
 
@@ -538,9 +538,9 @@
 {
     BEGIN_BLOCK_OBJC_EXCEPTIONS
 
-    NSArray *cookies = httpCookies(cookieStorage().get());
+    RetainPtr<NSArray> cookies = httpCookies(cookieStorage().get());
     
-    for (NSHTTPCookie* cookie in cookies) {
+    for (NSHTTPCookie* cookie in cookies.get()) {
         if (NSString *domain = [cookie domain])
             hostnames.add(domain);
         else
@@ -567,12 +567,12 @@
     BEGIN_BLOCK_OBJC_EXCEPTIONS
 
     RetainPtr<CFHTTPCookieStorageRef> cookieStorage = this->cookieStorage();
-    NSArray *cookies = httpCookies(cookieStorage.get());
+    RetainPtr<NSArray> cookies = httpCookies(cookieStorage.get());
     if (!cookies)
         return;
 
     HashMap<String, Vector<RetainPtr<NSHTTPCookie>>> cookiesByDomain;
-    for (NSHTTPCookie *cookie in cookies) {
+    for (NSHTTPCookie *cookie in cookies.get()) {
         if (!cookie.domain || (includeHttpOnlyCookies == IncludeHttpOnlyCookies::No && cookie.isHTTPOnly))
             continue;
         cookiesByDomain.ensure(cookie.domain, [] {

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to