[webkit-changes] [WebKit/WebKit] 39104f: [990d58df312b55ff] ASAN_TRAP | WebKit::WebCookieJa...

Fri, 04 Apr 2025 06:40:59 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 39104faa73bc82f25ab31998a7bf842f8701600e
      
https://github.com/WebKit/WebKit/commit/39104faa73bc82f25ab31998a7bf842f8701600e
  Author: Rupin Mittal <ru...@apple.com>
  Date:   2025-04-04 (Fri, 04 Apr 2025)

  Changed paths:
    A 
LayoutTests/cookies/cookie-store-register-eventlistener-from-file-protocol-expected.txt
    A 
LayoutTests/cookies/cookie-store-register-eventlistener-from-file-protocol.html
    M Source/WebCore/Modules/cookie-store/CookieStore.cpp
    M Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp

  Log Message:
  -----------
  [990d58df312b55ff] ASAN_TRAP | 
WebKit::WebCookieJar::addChangeListenerWithAccess; 
WebKit::WebCookieJar::addChangeListener; 
WebCore::CookieStore::eventListenersDidChange
https://bugs.webkit.org/show_bug.cgi?id=288666
rdar://144404037

Reviewed by Chris Dumez.

Event listeners are keyed on the host of the document that registered them. If 
the request comes from
a file protocol, the host will be empty and attempting to use an empty string 
as the key of a HashMap
causes an assert to be hit, leading to a crash.

We fix this by ensuring that the CookieStore and WebCookieJar do not attempt to 
register event listeners
with empty host names and if, somehow, such a request were to make it to the 
Network Process, that process
will kill the sending Web Process.

Credit to Rob Buis for doing most of the work in creating the layout test.

* 
LayoutTests/cookies/cookie-store-register-eventlistener-from-file-protocol-expected.txt:
 Added.
* 
LayoutTests/cookies/cookie-store-register-eventlistener-from-file-protocol.html:
 Added.
* Source/WebCore/Modules/cookie-store/CookieStore.cpp:
(WebCore::CookieStore::stop):
(WebCore::CookieStore::eventListenersDidChange):
* Source/WebKit/NetworkProcess/NetworkConnectionToWebProcess.cpp:
(WebKit::NetworkConnectionToWebProcess::subscribeToCookieChangeNotifications):
(WebKit::NetworkConnectionToWebProcess::unsubscribeFromCookieChangeNotifications):

Originally-landed-as: 289651.191@safari-7621-branch (9bf48496fa9a). 
rdar://148056335
Canonical link: https://commits.webkit.org/293237@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to