Title: [290627] trunk/Source/WebKit
- Revision
- 290627
- Author
- [email protected]
- Date
- 2022-02-28 19:24:36 -0800 (Mon, 28 Feb 2022)
Log Message
Fix use-after-move bug in NetworkResourceLoader
https://bugs.webkit.org/show_bug.cgi?id=237294
Patch by Alex Christensen <[email protected]> on 2022-02-28
Reviewed by Chris Dumez.
Luckily, they were just two booleans, and after you call std::move on a bool you get
technically undefined behavior. Luckily, in practice the bool value is unchanged.
We don't need to rely on that, though. Let's read from the location with defined behavior.
* NetworkProcess/NetworkResourceLoader.cpp:
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (290626 => 290627)
--- trunk/Source/WebKit/ChangeLog 2022-03-01 03:13:33 UTC (rev 290626)
+++ trunk/Source/WebKit/ChangeLog 2022-03-01 03:24:36 UTC (rev 290627)
@@ -1,3 +1,16 @@
+2022-02-28 Alex Christensen <[email protected]>
+
+ Fix use-after-move bug in NetworkResourceLoader
+ https://bugs.webkit.org/show_bug.cgi?id=237294
+
+ Reviewed by Chris Dumez.
+
+ Luckily, they were just two booleans, and after you call std::move on a bool you get
+ technically undefined behavior. Luckily, in practice the bool value is unchanged.
+ We don't need to rely on that, though. Let's read from the location with defined behavior.
+
+ * NetworkProcess/NetworkResourceLoader.cpp:
+
2022-02-28 Ross Kirsling <[email protected]>
REGRESSION(r290470): CDMInstanceSession::setLogIdentifier must be guarded with !RELEASE_LOG_DISABLED
Modified: trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp (290626 => 290627)
--- trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2022-03-01 03:13:33 UTC (rev 290626)
+++ trunk/Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp 2022-03-01 03:24:36 UTC (rev 290627)
@@ -125,7 +125,7 @@
// Once bug 116233 is resolved, this ASSERT can just be "m_webPageID && m_webFrameID"
ASSERT((m_parameters.webPageID && m_parameters.webFrameID) || m_parameters.clientCredentialPolicy == ClientCredentialPolicy::CannotAskClientForCredentials);
- if (synchronousReply || parameters.shouldRestrictHTTPResponseAccess || parameters.options.keepAlive) {
+ if (synchronousReply || m_parameters.shouldRestrictHTTPResponseAccess || m_parameters.options.keepAlive) {
NetworkLoadChecker::LoadType requestLoadType = isMainFrameLoad() ? NetworkLoadChecker::LoadType::MainFrame : NetworkLoadChecker::LoadType::Other;
m_networkLoadChecker = makeUnique<NetworkLoadChecker>(connection.networkProcess(), this, &connection.schemeRegistry(), FetchOptions { m_parameters.options }, sessionID(), m_parameters.webPageProxyID, HTTPHeaderMap { m_parameters.originalRequestHeaders }, URL { m_parameters.request.url() }, URL { m_parameters.documentURL }, m_parameters.sourceOrigin.copyRef(), m_parameters.topOrigin.copyRef(), m_parameters.parentOrigin(), m_parameters.preflightPolicy, originalRequest().httpReferrer(), shouldCaptureExtraNetworkLoadMetrics(), requestLoadType);
if (m_parameters.cspResponseHeaders)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
