[webkit-changes] [161812] trunk/Source/WebCore

[andersca]

Title: [161812] trunk/Source/WebCore

Revision

161812

Author

ander...@apple.com

Date

2014-01-12 09:33:38 -0800 (Sun, 12 Jan 2014)

Log Message

Remove unsafe uses of AtomicallyInitializedStatic
https://bugs.webkit.org/show_bug.cgi?id=126838

Reviewed by Andreas Kling.

AtomicStrings are per thread so any static initialization of them is potentially dangerous
unless it's certain that they're only ever used from the same thread.

This goes against using them with AtomicallyInitializedStatic, so just create AtomicStrings where needed.
(This is highly unlikely to have any real negative performance impact since these two functions
aren't called very frequently).

* loader/CrossOriginAccessControl.cpp:
(WebCore::passesAccessControlCheck):
* page/PerformanceResourceTiming.cpp:
(WebCore::passesTimingAllowCheck):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp
• trunk/Source/WebCore/page/PerformanceResourceTiming.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (161811 => 161812)

--- trunk/Source/WebCore/ChangeLog	2014-01-12 17:29:54 UTC (rev 161811)
+++ trunk/Source/WebCore/ChangeLog	2014-01-12 17:33:38 UTC (rev 161812)
@@ -1,3 +1,22 @@
+2014-01-11  Anders Carlsson  <ander...@apple.com>
+
+        Remove unsafe uses of AtomicallyInitializedStatic
+        https://bugs.webkit.org/show_bug.cgi?id=126838
+
+        Reviewed by Andreas Kling.
+
+        AtomicStrings are per thread so any static initialization of them is potentially dangerous
+        unless it's certain that they're only ever used from the same thread.
+        
+        This goes against using them with AtomicallyInitializedStatic, so just create AtomicStrings where needed.
+        (This is highly unlikely to have any real negative performance impact since these two functions
+        aren't called very frequently).
+
+        * loader/CrossOriginAccessControl.cpp:
+        (WebCore::passesAccessControlCheck):
+        * page/PerformanceResourceTiming.cpp:
+        (WebCore::passesTimingAllowCheck):
+
 2014-01-12  David Kilzer  <ddkil...@apple.com>
 
         [iOS] Fix link errors for iOS: Part 2

Modified: trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp (161811 => 161812)

--- trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp	2014-01-12 17:29:54 UTC (rev 161811)
+++ trunk/Source/WebCore/loader/CrossOriginAccessControl.cpp	2014-01-12 17:33:38 UTC (rev 161812)
@@ -133,12 +133,9 @@
 
 bool passesAccessControlCheck(const ResourceResponse& response, StoredCredentials includeCredentials, SecurityOrigin* securityOrigin, String& errorDescription)
 {
-    AtomicallyInitializedStatic(AtomicString&, accessControlAllowOrigin = *new AtomicString("access-control-allow-origin", AtomicString::ConstructFromLiteral));
-    AtomicallyInitializedStatic(AtomicString&, accessControlAllowCredentials = *new AtomicString("access-control-allow-credentials", AtomicString::ConstructFromLiteral));
-
     // A wildcard Access-Control-Allow-Origin can not be used if credentials are to be sent,
     // even with Access-Control-Allow-Credentials set to true.
-    const String& accessControlOriginString = response.httpHeaderField(accessControlAllowOrigin);
+    const String& accessControlOriginString = response.httpHeaderField("access-control-allow-origin");
     if (accessControlOriginString == "*" && includeCredentials == DoNotAllowStoredCredentials)
         return true;
 
@@ -157,7 +154,7 @@
     }
 
     if (includeCredentials == AllowStoredCredentials) {
-        const String& accessControlCredentialsString = response.httpHeaderField(accessControlAllowCredentials);
+        const String& accessControlCredentialsString = response.httpHeaderField("access-control-allow-credentials");
         if (accessControlCredentialsString != "true") {
             errorDescription = "Credentials flag is true, but Access-Control-Allow-Credentials is not \"true\".";
             return false;

Modified: trunk/Source/WebCore/page/PerformanceResourceTiming.cpp (161811 => 161812)

--- trunk/Source/WebCore/page/PerformanceResourceTiming.cpp	2014-01-12 17:29:54 UTC (rev 161811)
+++ trunk/Source/WebCore/page/PerformanceResourceTiming.cpp	2014-01-12 17:33:38 UTC (rev 161812)
@@ -53,13 +53,11 @@
 
 static bool passesTimingAllowCheck(const ResourceResponse& response, Document* requestingDocument)
 {
-    AtomicallyInitializedStatic(AtomicString&, timingAllowOrigin = *new AtomicString("timing-allow-origin"));
-
     RefPtr<SecurityOrigin> resourceOrigin = SecurityOrigin::create(response.url());
     if (resourceOrigin->isSameSchemeHostPort(requestingDocument->securityOrigin()))
         return true;
 
-    const String& timingAllowOriginString = response.httpHeaderField(timingAllowOrigin);
+    const String& timingAllowOriginString = response.httpHeaderField("timing-allow-origin");
     if (timingAllowOriginString.isEmpty() || equalIgnoringCase(timingAllowOriginString, "null"))
         return false;
 

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes