Attachment 358543 Details for Bug 193219 – Patch

[patch] Patch

bug-193219-20190107153149.patch (text/plain), 9.31 KB, created by youenn fablet on 2019-01-07 15:31:50 PST

(hide)

Description:

Filename:

MIME Type:

Creator: youenn fablet

Created: 2019-01-07 15:31:50 PST

Size: 9.31 KB

patch

obsolete

>Subversion Revision: 239660
>diff --git a/Source/WebCore/ChangeLog b/Source/WebCore/ChangeLog
>index 81a0a1d578c7c312229f59a16d70986d06067efa..0abcdb8ea34f7b9361951217cdd8e5912b7cd8e7 100644
>--- a/Source/WebCore/ChangeLog
>+++ b/Source/WebCore/ChangeLog
>@@ -1,3 +1,29 @@
>+2019-01-07  Youenn Fablet  <youenn@apple.com>
>+
>+        IDB storage of Crypto keys does not work in private browsing mode
>+        https://bugs.webkit.org/show_bug.cgi?id=193219
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        https://trac.webkit.org/changeset/238677 moved from using a JSGlobalObject to a JSDOMGlobalObject for serialization/deserialization.
>+        This does not work for crypto keys as they require not only a JSDOMGlobalObject but either a window or worker global object.
>+
>+        To fix the issue, revert 238677, and fix it by checking whether the dumping of an ArrayBuffer happens for a JSDOMGlobalObject or a JSGlobalObject.
>+        If it is the latter, use JSC routines instead of toJS() which requires a JSDOMGlobalObject.
>+
>+        Covered by updated test.
>+
>+        * Modules/indexeddb/server/UniqueIDBDatabase.cpp:
>+        (WebCore::IDBServer::UniqueIDBDatabase::databaseThreadVM):
>+        (WebCore::IDBServer::UniqueIDBDatabase::databaseThreadExecState):
>+        * bindings/js/JSDOMGlobalObject.cpp:
>+        * bindings/js/JSDOMGlobalObject.h:
>+        * bindings/js/JSDOMWrapper.cpp:
>+        (WebCore::JSDOMObject::JSDOMObject):
>+        * bindings/js/SerializedScriptValue.cpp:
>+        (WebCore::CloneSerializer::dumpArrayBufferView):
>+        (WebCore::CloneSerializer::toJSArrayBuffer):
>+
> 2019-01-05  Youenn Fablet  <youenn@apple.com>
> 
>         service worker fetch handler results in bad referrer
>diff --git a/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp b/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
>index 4e2a2df6b7a37777229cc8f2d5a44985b668c673..fecc7995e308d86f6259012a0a11a25ef3c0035b 100644
>--- a/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
>+++ b/Source/WebCore/Modules/indexeddb/server/UniqueIDBDatabase.cpp
>@@ -28,7 +28,6 @@
> 
> #if ENABLE(INDEXED_DATABASE)
> 
>-#include "DOMWrapperWorld.h"
> #include "IDBBindingUtilities.h"
> #include "IDBCursorInfo.h"
> #include "IDBGetAllRecordsData.h"
>@@ -43,7 +42,6 @@
> #include "Logging.h"
> #include "SerializedScriptValue.h"
> #include "UniqueIDBDatabaseConnection.h"
>-#include "WebCoreJSClientData.h"
> #include <JavaScriptCore/AuxiliaryBarrierInlines.h>
> #include <JavaScriptCore/HeapInlines.h>
> #include <JavaScriptCore/StrongInlines.h>
>@@ -940,11 +938,6 @@ VM& UniqueIDBDatabase::databaseThreadVM()
> {
>     ASSERT(!isMainThread());
>     static VM* vm = &VM::create().leakRef();
>-    if (!vm->heap.hasAccess()) {
>-        vm->heap.acquireAccess();
>-        JSVMClientData::initNormalWorld(vm);
>-    }
>-
>     return *vm;
> }
> 
>@@ -952,10 +945,10 @@ ExecState& UniqueIDBDatabase::databaseThreadExecState()
> {
>     ASSERT(!isMainThread());
> 
>-    static NeverDestroyed<Strong<JSDOMGlobalObject>> domGlobalObject(databaseThreadVM(), JSDOMGlobalObject::create(databaseThreadVM(), JSDOMGlobalObject::createStructure(databaseThreadVM(), jsNull()), normalWorld(databaseThreadVM())));
>+    static NeverDestroyed<Strong<JSGlobalObject>> globalObject(databaseThreadVM(), JSGlobalObject::create(databaseThreadVM(), JSGlobalObject::createStructure(databaseThreadVM(), jsNull())));
> 
>-    RELEASE_ASSERT(domGlobalObject.get()->globalExec());
>-    return *domGlobalObject.get()->globalExec();
>+    RELEASE_ASSERT(globalObject.get()->globalExec());
>+    return *globalObject.get()->globalExec();
> }
> 
> void UniqueIDBDatabase::performPutOrAdd(uint64_t callbackIdentifier, const IDBResourceIdentifier& transactionIdentifier, uint64_t objectStoreIdentifier, const IDBKeyData& keyData, const IDBValue& originalRecordValue, IndexedDB::ObjectStoreOverwriteMode overwriteMode)
>diff --git a/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp b/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
>index a2eb7b60ec14c4443fc09d8367710f75a6fa408d..a4ec4d0a98a90221ce3e44a6f828fb8bb5bb4d26 100644
>--- a/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
>+++ b/Source/WebCore/bindings/js/JSDOMGlobalObject.cpp
>@@ -75,13 +75,6 @@ void JSDOMGlobalObject::destroy(JSCell* cell)
>     static_cast<JSDOMGlobalObject*>(cell)->JSDOMGlobalObject::~JSDOMGlobalObject();
> }
> 
>-JSDOMGlobalObject* JSDOMGlobalObject::create(JSC::VM& vm, JSC::Structure* structure, Ref<DOMWrapperWorld>&& world)
>-{
>-    JSDOMGlobalObject* domGlobalObject = new (NotNull, JSC::allocateCell<JSDOMGlobalObject>(vm.heap)) JSDOMGlobalObject(vm, structure, WTFMove(world));
>-    domGlobalObject->finishCreation(vm);
>-    return domGlobalObject;
>-}
>-
> EncodedJSValue JSC_HOST_CALL makeThisTypeErrorForBuiltins(ExecState* execState)
> {
>     ASSERT(execState);
>diff --git a/Source/WebCore/bindings/js/JSDOMGlobalObject.h b/Source/WebCore/bindings/js/JSDOMGlobalObject.h
>index ac6928f239fceee707cdc1b01ba978898c21a125..ed52551010026a1a8e47e70367651274a1a35770 100644
>--- a/Source/WebCore/bindings/js/JSDOMGlobalObject.h
>+++ b/Source/WebCore/bindings/js/JSDOMGlobalObject.h
>@@ -53,8 +53,6 @@ protected:
>     void finishCreation(JSC::VM&, JSC::JSObject*);
> 
> public:
>-    static JSDOMGlobalObject* create(JSC::VM&, JSC::Structure*, Ref<DOMWrapperWorld>&&);
>-
>     Lock& gcLock() { return m_gcLock; }
> 
>     JSDOMStructureMap& structures(const AbstractLocker&) { return m_structures; }
>diff --git a/Source/WebCore/bindings/js/JSDOMWrapper.cpp b/Source/WebCore/bindings/js/JSDOMWrapper.cpp
>index e9525a46d88e1a5b024a5df3f3317339ed31210c..0718b1476158dd040af61241f96bf3d8a0954f0e 100644
>--- a/Source/WebCore/bindings/js/JSDOMWrapper.cpp
>+++ b/Source/WebCore/bindings/js/JSDOMWrapper.cpp
>@@ -41,7 +41,7 @@ STATIC_ASSERT_IS_TRIVIALLY_DESTRUCTIBLE(JSDOMObject);
> JSDOMObject::JSDOMObject(JSC::Structure* structure, JSC::JSGlobalObject& globalObject)
>     : Base(globalObject.vm(), structure)
> {
>-    ASSERT(globalObject.classInfo() == JSDOMGlobalObject::info() || scriptExecutionContext() || globalObject.classInfo() == JSRemoteDOMWindow::info());
>+    ASSERT(scriptExecutionContext() || globalObject.classInfo() == JSRemoteDOMWindow::info());
> }
> 
> JSC::CompleteSubspace* outputConstraintSubspaceFor(JSC::VM& vm)
>diff --git a/Source/WebCore/bindings/js/SerializedScriptValue.cpp b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
>index a52dec9581460d5703c61346f369ae58ca588c44..077ed67e5d9aba0f9a979ccb973eb7111211cf43 100644
>--- a/Source/WebCore/bindings/js/SerializedScriptValue.cpp
>+++ b/Source/WebCore/bindings/js/SerializedScriptValue.cpp
>@@ -800,8 +800,20 @@ private:
>             code = SerializationReturnCode::ValidationError;
>             return true;
>         }
>-        JSValue bufferObj = toJS(m_exec, jsCast<JSDOMGlobalObject*>(m_exec->lexicalGlobalObject()), arrayBuffer.get());
>-        return dumpIfTerminal(bufferObj, code);
>+
>+        return dumpIfTerminal(toJSArrayBuffer(*arrayBuffer), code);
>+    }
>+
>+    void toJSArrayBuffer(ArrayBuffer& arrayBuffer)
>+    {
>+        auto* globalObject = m_exec->lexicalGlobalObject();
>+        if (globalObject->inherits<JSDOMGlobalObject>(vm))
>+            return toJS(m_exec, jsCast<JSDOMGlobalObject*>(globalObject), arrayBuffer.get());
>+
>+        if (auto* buffer = arrayBuffer.m_wrapper.get())
>+            return buffer;
>+
>+        return JSC::JSArrayBuffer::create(vm, globalObject->arrayBufferStructure(arrayBuffer->sharingMode()), arrayBuffer.get());
>     }
> 
>     void dumpDOMPoint(const DOMPointReadOnly& point)
>diff --git a/LayoutTests/ChangeLog b/LayoutTests/ChangeLog
>index afb0c30bb0ba5faefa84d0ad6109e40bfbd3f7aa..4dce5a251952ed698a69f62aefb23397d1edb6fe 100644
>--- a/LayoutTests/ChangeLog
>+++ b/LayoutTests/ChangeLog
>@@ -1,3 +1,15 @@
>+2019-01-07  Youenn Fablet  <youenn@apple.com>
>+
>+        IDB storage of Crypto keys does not work in private browsing mode
>+        https://bugs.webkit.org/show_bug.cgi?id=193219
>+
>+        Reviewed by NOBODY (OOPS!).
>+
>+        Activate private browsing mode for these two tests.
>+
>+        * crypto/subtle/rsa-indexeddb-non-exportable-private.html:
>+        * crypto/subtle/rsa-indexeddb-private.html:
>+
> 2019-01-06  Youenn Fablet  <youenn@apple.com>
> 
>         LayoutTests/http/wpt/fetch/csp-reports-bypass-csp-checks.html is flaky
>diff --git a/LayoutTests/crypto/subtle/rsa-indexeddb-non-exportable-private.html b/LayoutTests/crypto/subtle/rsa-indexeddb-non-exportable-private.html
>index 651a140611d5c0f5222e6669ff7dd21ac7c058af..9fa1ba8d7b22e4a364b32e35bbead899affc51a8 100644
>--- a/LayoutTests/crypto/subtle/rsa-indexeddb-non-exportable-private.html
>+++ b/LayoutTests/crypto/subtle/rsa-indexeddb-non-exportable-private.html
>@@ -2,7 +2,8 @@
> <html>
> <head>
> <script>
>-enablePrivateBrowsing = true;
>+if (window.testRunner)
>+    testRunner.setPrivateBrowsingEnabled(true);
> </script>
> <script src="../../resources/js-test-pre.js"></script>
> <script src="../resources/common.js"></script>
>diff --git a/LayoutTests/crypto/subtle/rsa-indexeddb-private.html b/LayoutTests/crypto/subtle/rsa-indexeddb-private.html
>index b1ee605cb1ff17add72dfa31ff4c56f70eb8a279..72dfd786f9c037756fd5ed9d22416581d973fe95 100644
>--- a/LayoutTests/crypto/subtle/rsa-indexeddb-private.html
>+++ b/LayoutTests/crypto/subtle/rsa-indexeddb-private.html
>@@ -2,7 +2,8 @@
> <html>
> <head>
> <script>
>-enablePrivateBrowsing = true;
>+if (window.testRunner)
>+    testRunner.setPrivateBrowsingEnabled(true);
> </script>
> <script src="../../resources/js-test-pre.js"></script>
> <script src="../resources/common.js"></script>

Actions: View | Formatted Diff | Diff

Attachments on bug 193219: 358543 | 358548