WebKit Bugzilla
Attachment 373329 Details for
Bug 199388
: Null dereference under StorageManager::destroySessionStorageNamespace()
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
Patch
bug-199388-20190702090111.patch (text/plain), 2.79 KB, created by
Chris Dumez
on 2019-07-02 09:01:12 PDT
(
hide
)
Description:
Patch
Filename:
MIME Type:
Creator:
Chris Dumez
Created:
2019-07-02 09:01:12 PDT
Size:
2.79 KB
patch
obsolete
>Subversion Revision: 247025 >diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog >index 2c148bdb2f0c7c4c6f84237daf29e68a3c8d359d..75689f6cd1268b7f162bdf9e2c331e5e11cc7935 100644 >--- a/Source/WebKit/ChangeLog >+++ b/Source/WebKit/ChangeLog >@@ -1,3 +1,19 @@ >+2019-07-02 Chris Dumez <cdumez@apple.com> >+ >+ Null dereference under StorageManager::destroySessionStorageNamespace() >+ https://bugs.webkit.org/show_bug.cgi?id=199388 >+ <rdar://problem/52030641> >+ >+ Reviewed by NOBODY (OOPS!). >+ >+ * NetworkProcess/WebStorage/StorageManager.cpp: >+ (WebKit::StorageManager::createSessionStorageNamespace): >+ Call HashMap::ensure() instead of contains() + set() to avoid double hash lookup. >+ >+ (WebKit::StorageManager::destroySessionStorageNamespace): >+ Add null check to address top crasher, similarly to what was done in r246552. >+ I am keeping the debug assertion since this is not supposed to happen. >+ > 2019-07-01 Alex Christensen <achristensen@webkit.org> > > Deprecate but still call _webView:showCustomSheetForElement: after transition to UIContextMenuInteraction >diff --git a/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp b/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp >index 211f823046dd876c5357c89009968d692f4e4c0e..4e723b4c1625143a80ae557c1075ce7a5530dabb 100644 >--- a/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp >+++ b/Source/WebKit/NetworkProcess/WebStorage/StorageManager.cpp >@@ -502,10 +502,9 @@ StorageManager::~StorageManager() > void StorageManager::createSessionStorageNamespace(uint64_t storageNamespaceID, unsigned quotaInBytes) > { > m_queue->dispatch([this, protectedThis = makeRef(*this), storageNamespaceID, quotaInBytes]() mutable { >- if (m_sessionStorageNamespaces.contains(storageNamespaceID)) >- return; >- >- m_sessionStorageNamespaces.set(storageNamespaceID, SessionStorageNamespace::create(quotaInBytes)); >+ m_sessionStorageNamespaces.ensure(storageNamespaceID, [quotaInBytes] { >+ return SessionStorageNamespace::create(quotaInBytes); >+ }); > }); > } > >@@ -513,8 +512,10 @@ void StorageManager::destroySessionStorageNamespace(uint64_t storageNamespaceID) > { > m_queue->dispatch([this, protectedThis = makeRef(*this), storageNamespaceID] { > ASSERT(m_sessionStorageNamespaces.contains(storageNamespaceID)); >- if (m_sessionStorageNamespaces.get(storageNamespaceID)->allowedConnections().isEmpty()) >- m_sessionStorageNamespaces.remove(storageNamespaceID); >+ if (auto* sessionStorageNamespace = m_sessionStorageNamespaces.get(storageNamespaceID)) { >+ if (sessionStorageNamespace->allowedConnections().isEmpty()) >+ m_sessionStorageNamespaces.remove(storageNamespaceID); >+ } > }); > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=373329">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Formatted Diff
|
Diff
Attachments on
bug 199388
: 373329