WebKit Bugzilla
Attachment 372341 Details for
Bug 198966
: StorageManager::removeAllowedSessionStorageNamespaceConnection should make sure its storageNamespaceID is valid
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-198966-20190618091410.patch (text/plain), 2.25 KB, created by
youenn fablet
on 2019-06-18 09:14:10 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
youenn fablet
Created:
2019-06-18 09:14:10 PDT
Size:
2.25 KB
patch
obsolete
>Subversion Revision: 246451 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index f2aaab43bd8c8e8cf09a8b83f9858a7b1406fd31..1a0b05bce22a26ad6ddd841f1de5a57dcb30428b 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,20 @@ >+2019-06-18 Youenn Fablet <youenn@apple.com> >+ >+ StorageManager::removeAllowedSessionStorageNamespaceConnection should make sure its storageNamespaceID is valid >+ https://bugs.webkit.org/show_bug.cgi?id=198966 >+ rdar://problem/51352080 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Make sure the namespace ID is a key of the map before using the value. >+ The namespace ID is coming straight from IPC so should not be trusted. >+ Also, namespace IDs are added/removed based on web pages being created/deleted. >+ Namespace IDs are supposed to be scoped by session IDs. >+ Using page IDs for namespace IDs works as long as the page does not change of session ID during its lifetime, which is not guaranteed. >+ >+ * NetworkProcess/WebStorage/StorageManager.cpp: >+ (WebKit::StorageManager::removeAllowedSessionStorageNamespaceConnection): >+ > 2019-06-15 Youenn Fablet <youenn@apple.com> > > WebPageProxy should use the right path for sandbox extension >diff --git a/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp b/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp >index 9f3e68195ebdca4bbf7935eff95d8db70ca14b26..c241fcd9ab2c4eba6b8f337ca1961d4f86136836 100644 >--- a/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp >+++ b/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp >@@ -550,8 +550,8 @@ void StorageManager::removeAllowedSessionStorageNamespaceConnection(uint64_t sto > auto allowedConnectionID = allowedConnection.uniqueID(); > m_queue->dispatch([this, protectedThis = makeRef(*this), allowedConnectionID, storageNamespaceID]() mutable { > ASSERT(m_sessionStorageNamespaces.contains(storageNamespaceID)); >- >- m_sessionStorageNamespaces.get(storageNamespaceID)->removeAllowedConnection(allowedConnectionID); >+ if (auto* sessionStorageNamespace = m_sessionStorageNamespaces.get(storageNamespaceID)) >+ sessionStorageNamespace->removeAllowedConnection(allowedConnectionID); > }); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=372341">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 198966
: 372341