WebKit Bugzilla
Attachment 372582 Details for
Bug 199063
: WebURLSchemeHandlerProxy::loadSynchronously crash with sync request
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-199063-20190620141214.patch (text/plain), 6.14 KB, created by
Brady Eidson
on 2019-06-20 14:12:14 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Brady Eidson
Created:
2019-06-20 14:12:14 PDT
Size:
6.14 KB
patch
obsolete
>Subversion Revision: 246650 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 4d853a146b7da1afffe23c4f49fd8235215af7b1..f1b6851719a26f8b9f72f2be1ebf01bbbea8bff4 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,22 @@ >+2019-06-20 Brady Eidson <beidson@apple.com> >+ >+ WebURLSchemeHandlerProxy::loadSynchronously crash with sync request. >+ <rdar://problem/51862206> and https://bugs.webkit.org/show_bug.cgi?id=199063 >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ Don't use a DataReference for the sync reply type. >+ >+ * UIProcess/WebPageProxy.messages.in: >+ * UIProcess/WebURLSchemeHandler.h: >+ >+ * UIProcess/WebURLSchemeTask.cpp: >+ (WebKit::WebURLSchemeTask::didComplete): >+ * UIProcess/WebURLSchemeTask.h: >+ >+ * WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp: >+ (WebKit::WebURLSchemeHandlerProxy::loadSynchronously): >+ > 2019-06-20 Alexander Mikhaylenko <exalm7659@gmail.com> > > [GTK] Enable navigation swipe layout tests >diff --git a/Source/WebKit/UIProcess/WebPageProxy.messages.in b/Source/WebKit/UIProcess/WebPageProxy.messages.in >index 8bf98610978b7f0e67f2ef063de24cdf921584c3..4163793189298e3be706975eb5af75c1f9104d68 100644 >--- a/Source/WebKit/UIProcess/WebPageProxy.messages.in >+++ b/Source/WebKit/UIProcess/WebPageProxy.messages.in >@@ -536,7 +536,7 @@ messages -> WebPageProxy { > > StartURLSchemeTask(struct WebKit::URLSchemeTaskParameters parameters) > StopURLSchemeTask(uint64_t handlerIdentifier, uint64_t taskIdentifier) >- LoadSynchronousURLSchemeTask(struct WebKit::URLSchemeTaskParameters parameters) -> (WebCore::ResourceResponse response, WebCore::ResourceError error, IPC::DataReference data) Synchronous >+ LoadSynchronousURLSchemeTask(struct WebKit::URLSchemeTaskParameters parameters) -> (WebCore::ResourceResponse response, WebCore::ResourceError error, Vector<char> data) Synchronous > > #if ENABLE(DEVICE_ORIENTATION) > ShouldAllowDeviceOrientationAndMotionAccess(uint64_t frameID, struct WebCore::SecurityOriginData origin, bool mayPrompt) -> (enum:uint8_t WebCore::DeviceOrientationOrMotionPermissionState permissionState) Async >diff --git a/Source/WebKit/UIProcess/WebURLSchemeHandler.h b/Source/WebKit/UIProcess/WebURLSchemeHandler.h >index b7af075975f32b8ab85e88d1baffb05a1705a7ba..08f8f5ba423255803020d883bc856059b0b58d8b 100644 >--- a/Source/WebKit/UIProcess/WebURLSchemeHandler.h >+++ b/Source/WebKit/UIProcess/WebURLSchemeHandler.h >@@ -44,7 +44,7 @@ namespace WebKit { > class WebPageProxy; > class WebProcessProxy; > >-using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const IPC::DataReference&)>; >+using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const Vector<char>&)>; > > class WebURLSchemeHandler : public RefCounted<WebURLSchemeHandler> { > WTF_MAKE_NONCOPYABLE(WebURLSchemeHandler); >diff --git a/Source/WebKit/UIProcess/WebURLSchemeTask.cpp b/Source/WebKit/UIProcess/WebURLSchemeTask.cpp >index 19a6bb84c3c1580482987d831baf314f687751f3..24866e1c64d988effc1693d831e7ffd418f70f49 100644 >--- a/Source/WebKit/UIProcess/WebURLSchemeTask.cpp >+++ b/Source/WebKit/UIProcess/WebURLSchemeTask.cpp >@@ -136,10 +136,13 @@ auto WebURLSchemeTask::didComplete(const ResourceError& error) -> ExceptionType > m_completed = true; > > if (isSync()) { >- IPC::DataReference data; >- if (m_syncData) >- data = { reinterpret_cast<const uint8_t*>(m_syncData->data()), m_syncData->size() }; >- m_syncCompletionHandler(m_syncResponse, error, data); >+ Vector<char> data; >+ if (m_syncData) { >+ data.resize(m_syncData->size()); >+ memcpy(data.data(), reinterpret_cast<const char*>(m_syncData->data()), m_syncData->size()); >+ } >+ >+ m_syncCompletionHandler(m_syncResponse, error, WTFMove(data)); > m_syncData = nullptr; > } > >diff --git a/Source/WebKit/UIProcess/WebURLSchemeTask.h b/Source/WebKit/UIProcess/WebURLSchemeTask.h >index a97f160cf2556fa138f52bd815f23e8ea6c7ea6f..aec864557a41e86e1389d9d697e0cb8685ae8c84 100644 >--- a/Source/WebKit/UIProcess/WebURLSchemeTask.h >+++ b/Source/WebKit/UIProcess/WebURLSchemeTask.h >@@ -49,7 +49,7 @@ namespace WebKit { > class WebURLSchemeHandler; > class WebPageProxy; > >-using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const IPC::DataReference&)>; >+using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const Vector<char>&)>; > > class WebURLSchemeTask : public RefCounted<WebURLSchemeTask>, public InstanceCounted<WebURLSchemeTask> { > WTF_MAKE_NONCOPYABLE(WebURLSchemeTask); >diff --git a/Source/WebKit/WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp b/Source/WebKit/WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp >index 48e58e96f59354b3680d2741369e2615b89652d7..2a59deb089b238a9d43df72d307026c628f3111b 100644 >--- a/Source/WebKit/WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp >+++ b/Source/WebKit/WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp >@@ -64,14 +64,11 @@ void WebURLSchemeHandlerProxy::startNewTask(ResourceLoader& loader) > > void WebURLSchemeHandlerProxy::loadSynchronously(ResourceLoadIdentifier loadIdentifier, const ResourceRequest& request, ResourceResponse& response, ResourceError& error, Vector<char>& data) > { >- IPC::DataReference dataReference; >- if (!m_webPage.sendSync(Messages::WebPageProxy::LoadSynchronousURLSchemeTask(URLSchemeTaskParameters { m_identifier, loadIdentifier, request }), Messages::WebPageProxy::LoadSynchronousURLSchemeTask::Reply(response, error, dataReference))) { >+ data.shrink(0); >+ if (!m_webPage.sendSync(Messages::WebPageProxy::LoadSynchronousURLSchemeTask(URLSchemeTaskParameters { m_identifier, loadIdentifier, request }), Messages::WebPageProxy::LoadSynchronousURLSchemeTask::Reply(response, error, data))) { > error = failedCustomProtocolSyncLoad(request); > return; > } >- >- data.resize(dataReference.size()); >- memcpy(data.data(), dataReference.data(), dataReference.size()); > } > > void WebURLSchemeHandlerProxy::stopAllTasks()
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=372582">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 199063
:
372546
| 372582