Changeset 241611 in webkit

Timestamp:

Feb 15, 2019 1:25:28 PM (5 years ago)

Author:

achristensen@apple.com

Message:

Make WebPaymentCoordinatorProxy more robust and modern
​https://bugs.webkit.org/show_bug.cgi?id=194678

Reviewed by Andy Estes.

Use WeakPtr instead of storing raw pointers in lambdas or the global activePaymentCoordinatorProxy to avoid UAF problems.
Call CompletionHandlers in all code paths to avoid hangs.
Use Delayed instead of LegacySync for synchronous messaging to progress towards removing LegacySync messages.

• Scripts/webkit/messages.py:
• UIProcess/ApplePay/WebPaymentCoordinatorProxy.cpp:

(WebKit::activePaymentCoordinatorProxy):
(WebKit::WebPaymentCoordinatorProxy::~WebPaymentCoordinatorProxy):
(WebKit::WebPaymentCoordinatorProxy::availablePaymentNetworks):
(WebKit::WebPaymentCoordinatorProxy::canMakePayments):
(WebKit::WebPaymentCoordinatorProxy::showPaymentUI):
(WebKit::WebPaymentCoordinatorProxy::didReachFinalState):

• UIProcess/ApplePay/WebPaymentCoordinatorProxy.h:
• UIProcess/ApplePay/WebPaymentCoordinatorProxy.messages.in:
• UIProcess/ApplePay/ios/WebPaymentCoordinatorProxyIOS.mm:

(WebKit::WebPaymentCoordinatorProxy::platformShowPaymentUI):

• UIProcess/ApplePay/mac/WebPaymentCoordinatorProxyMac.mm:

(WebKit::WebPaymentCoordinatorProxy::platformShowPaymentUI):

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• Scripts/webkit/messages.py (modified) (1 diff)
• UIProcess/ApplePay/WebPaymentCoordinatorProxy.cpp (modified) (6 diffs)
• UIProcess/ApplePay/WebPaymentCoordinatorProxy.h (modified) (2 diffs)
• UIProcess/ApplePay/WebPaymentCoordinatorProxy.messages.in (modified) (1 diff)
• UIProcess/ApplePay/ios/WebPaymentCoordinatorProxyIOS.mm (modified) (1 diff)
• UIProcess/ApplePay/mac/WebPaymentCoordinatorProxyMac.mm (modified) (3 diffs)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2019-02-15  Alex Christensen  <achristensen@webkit.org>
+
+        Make WebPaymentCoordinatorProxy more robust and modern
+        https://bugs.webkit.org/show_bug.cgi?id=194678
+
+        Reviewed by Andy Estes.
+
+        Use WeakPtr instead of storing raw pointers in lambdas or the global activePaymentCoordinatorProxy to avoid UAF problems.
+        Call CompletionHandlers in all code paths to avoid hangs.
+        Use Delayed instead of LegacySync for synchronous messaging to progress towards removing LegacySync messages.
+
+        * Scripts/webkit/messages.py:
+        * UIProcess/ApplePay/WebPaymentCoordinatorProxy.cpp:
+        (WebKit::activePaymentCoordinatorProxy):
+        (WebKit::WebPaymentCoordinatorProxy::~WebPaymentCoordinatorProxy):
+        (WebKit::WebPaymentCoordinatorProxy::availablePaymentNetworks):
+        (WebKit::WebPaymentCoordinatorProxy::canMakePayments):
+        (WebKit::WebPaymentCoordinatorProxy::showPaymentUI):
+        (WebKit::WebPaymentCoordinatorProxy::didReachFinalState):
+        * UIProcess/ApplePay/WebPaymentCoordinatorProxy.h:
+        * UIProcess/ApplePay/WebPaymentCoordinatorProxy.messages.in:
+        * UIProcess/ApplePay/ios/WebPaymentCoordinatorProxyIOS.mm:
+        (WebKit::WebPaymentCoordinatorProxy::platformShowPaymentUI):
+        * UIProcess/ApplePay/mac/WebPaymentCoordinatorProxyMac.mm:
+        (WebKit::WebPaymentCoordinatorProxy::platformShowPaymentUI):
+
 2019-02-15  Youenn Fablet  <youenn@apple.com>
 

trunk/Source/WebKit/Scripts/webkit/messages.py

@@ -190 +190 @@
     ])
 
-    for message in receiver.messages:
-        if message.reply_parameters != None:
-            headers.add('<wtf/ThreadSafeRefCounted.h>')
-            types_by_namespace['IPC'].update([('class', 'Connection')])
+    headers.add('"Connection.h"')
+    headers.add('<wtf/ThreadSafeRefCounted.h>')
 
     no_forward_declaration_types = frozenset([

trunk/Source/WebKit/UIProcess/ApplePay/WebPaymentCoordinatorProxy.cpp

@@ -37 +37 @@
 namespace WebKit {
 
-static WebPaymentCoordinatorProxy* activePaymentCoordinatorProxy;
+static WeakPtr<WebPaymentCoordinatorProxy>& activePaymentCoordinatorProxy()
+{
+    static NeverDestroyed<WeakPtr<WebPaymentCoordinatorProxy>> activePaymentCoordinatorProxy;
+    return activePaymentCoordinatorProxy.get();
+}
 
 WebPaymentCoordinatorProxy::WebPaymentCoordinatorProxy(WebPageProxy& webPageProxy)
@@ -50 +54 @@
 WebPaymentCoordinatorProxy::~WebPaymentCoordinatorProxy()
 {
-    if (activePaymentCoordinatorProxy == this)
-        activePaymentCoordinatorProxy = nullptr;
-
     if (m_state != State::Idle)
         hidePaymentUI();
@@ -59 +60 @@
 }
 
-void WebPaymentCoordinatorProxy::availablePaymentNetworks(Vector<String>& networks)
-{
-    networks = platformAvailablePaymentNetworks();
-}
-
-void WebPaymentCoordinatorProxy::canMakePayments(bool& reply)
-{
-    reply = platformCanMakePayments();
+void WebPaymentCoordinatorProxy::availablePaymentNetworks(CompletionHandler<void(Vector<String>&&)>&& completionHandler)
+{
+    completionHandler(platformAvailablePaymentNetworks());
+}
+
+void WebPaymentCoordinatorProxy::canMakePayments(CompletionHandler<void(bool)>&& reply)
+{
+    reply(platformCanMakePayments());
 }
 
@@ -93 +94 @@
 }
 
-void WebPaymentCoordinatorProxy::showPaymentUI(const String& originatingURLString, const Vector<String>& linkIconURLStrings, const WebCore::ApplePaySessionPaymentRequest& paymentRequest, bool& result)
+void WebPaymentCoordinatorProxy::showPaymentUI(const String& originatingURLString, const Vector<String>& linkIconURLStrings, const WebCore::ApplePaySessionPaymentRequest& paymentRequest, CompletionHandler<void(bool)>&& completionHandler)
 {
     // FIXME: Make this a message check.
     ASSERT(canBegin());
 
-    if (activePaymentCoordinatorProxy) {
-        activePaymentCoordinatorProxy->hidePaymentUI();
-        activePaymentCoordinatorProxy->didCancelPaymentSession();
-    }
-
-    activePaymentCoordinatorProxy = this;
+    if (auto& coordinator = activePaymentCoordinatorProxy()) {
+        coordinator->hidePaymentUI();
+        coordinator->didCancelPaymentSession();
+    }
+
+    activePaymentCoordinatorProxy() = makeWeakPtr(this);
 
     m_state = State::Activating;
@@ -113 +114 @@
         linkIconURLs.append(URL(URL(), linkIconURLString));
 
-    platformShowPaymentUI(originatingURL, linkIconURLs, paymentRequest, [this](bool result) {
-        ASSERT(m_state == State::Activating);
+    platformShowPaymentUI(originatingURL, linkIconURLs, paymentRequest, [weakThis = makeWeakPtr(*this)](bool result) {
+        if (!weakThis)
+            return;
+
+        ASSERT(weakThis->m_state == State::Activating);
         if (!result) {
-            didCancelPaymentSession();
+            weakThis->didCancelPaymentSession();
             return;
         }
 
-        m_state = State::Active;
+        weakThis->m_state = State::Active;
     });
 
-    result = true;
+    completionHandler(true);
 }
 
@@ -333 +337 @@
     m_merchantValidationState = MerchantValidationState::Idle;
 
-    ASSERT(activePaymentCoordinatorProxy == this);
-    activePaymentCoordinatorProxy = nullptr;
+    ASSERT(activePaymentCoordinatorProxy() == this);
+    activePaymentCoordinatorProxy() = nullptr;
 }
 

trunk/Source/WebKit/UIProcess/ApplePay/WebPaymentCoordinatorProxy.h

@@ -79 +79 @@
 
     // Message handlers.
-    void availablePaymentNetworks(Vector<String>&);
-    void canMakePayments(bool& reply);
+    void availablePaymentNetworks(CompletionHandler<void(Vector<String>&&)>&&);
+    void canMakePayments(CompletionHandler<void(bool)>&&);
     void canMakePaymentsWithActiveCard(const String& merchantIdentifier, const String& domainName, uint64_t requestID);
     void openPaymentSetup(const String& merchantIdentifier, const String& domainName, uint64_t requestID);
-    void showPaymentUI(const String& originatingURLString, const Vector<String>& linkIconURLStrings, const WebCore::ApplePaySessionPaymentRequest&, bool& result);
+    void showPaymentUI(const String& originatingURLString, const Vector<String>& linkIconURLStrings, const WebCore::ApplePaySessionPaymentRequest&, CompletionHandler<void(bool)>&&);
     void completeMerchantValidation(const WebCore::PaymentMerchantSession&);
     void completeShippingMethodSelection(const Optional<WebCore::ShippingMethodUpdate>&);
@@ -103 +103 @@
     void platformCanMakePaymentsWithActiveCard(const String& merchantIdentifier, const String& domainName, WTF::Function<void (bool)>&& completionHandler);
     void platformOpenPaymentSetup(const String& merchantIdentifier, const String& domainName, WTF::Function<void (bool)>&& completionHandler);
-    void platformShowPaymentUI(const URL& originatingURL, const Vector<URL>& linkIconURLs, const WebCore::ApplePaySessionPaymentRequest&, WTF::Function<void(bool)>&& completionHandler);
+    void platformShowPaymentUI(const URL& originatingURL, const Vector<URL>& linkIconURLs, const WebCore::ApplePaySessionPaymentRequest&, CompletionHandler<void(bool)>&&);
     void platformCompleteMerchantValidation(const WebCore::PaymentMerchantSession&);
     void platformCompleteShippingMethodSelection(const Optional<WebCore::ShippingMethodUpdate>&);

trunk/Source/WebKit/UIProcess/ApplePay/WebPaymentCoordinatorProxy.messages.in

@@ -27 +27 @@
 messages -> WebPaymentCoordinatorProxy {
 
-    AvailablePaymentNetworks() -> (Vector<String> availablePaymentNetworks) LegacySync
-    CanMakePayments() -> (bool result) LegacySync
+    AvailablePaymentNetworks() -> (Vector<String> availablePaymentNetworks) Delayed
+    CanMakePayments() -> (bool result) Delayed
     CanMakePaymentsWithActiveCard(String merchantIdentifier, String domainName, uint64_t requestID)
     OpenPaymentSetup(String merchantIdentifier, String domainName, uint64_t requestID)
 
-    ShowPaymentUI(String originatingURLString, Vector<String> linkIconURLStrings, WebCore::ApplePaySessionPaymentRequest paymentRequest) -> (bool result) LegacySync
+    ShowPaymentUI(String originatingURLString, Vector<String> linkIconURLStrings, WebCore::ApplePaySessionPaymentRequest paymentRequest) -> (bool result) Delayed
     CompleteMerchantValidation(WebCore::PaymentMerchantSession paymentMerchantSession)
     CompleteShippingMethodSelection(Optional<WebCore::ShippingMethodUpdate> update)

trunk/Source/WebKit/UIProcess/ApplePay/ios/WebPaymentCoordinatorProxyIOS.mm

@@ -39 +39 @@
 namespace WebKit {
 
-void WebPaymentCoordinatorProxy::platformShowPaymentUI(const URL& originatingURL, const Vector<URL>& linkIconURLStrings, const WebCore::ApplePaySessionPaymentRequest& request, WTF::Function<void(bool)>&& completionHandler)
+void WebPaymentCoordinatorProxy::platformShowPaymentUI(const URL& originatingURL, const Vector<URL>& linkIconURLStrings, const WebCore::ApplePaySessionPaymentRequest& request, CompletionHandler<void(bool)>&& completionHandler)
 {
     UIViewController *presentingViewController = m_webPageProxy.uiClient().presentingViewController();

trunk/Source/WebKit/UIProcess/ApplePay/mac/WebPaymentCoordinatorProxyMac.mm

@@ -36 +36 @@
 namespace WebKit {
 
-void WebPaymentCoordinatorProxy::platformShowPaymentUI(const URL& originatingURL, const Vector<URL>& linkIconURLStrings, const WebCore::ApplePaySessionPaymentRequest& request, WTF::Function<void(bool)>&& completionHandler)
+void WebPaymentCoordinatorProxy::platformShowPaymentUI(const URL& originatingURL, const Vector<URL>& linkIconURLStrings, const WebCore::ApplePaySessionPaymentRequest& request, CompletionHandler<void(bool)>&& completionHandler)
 {
     auto paymentRequest = toPKPaymentRequest(m_webPageProxy, originatingURL, linkIconURLStrings, request);
@@ -42 +42 @@
     auto showPaymentUIRequestSeed = m_showPaymentUIRequestSeed;
     auto weakThis = makeWeakPtr(*this);
-    [PAL::getPKPaymentAuthorizationViewControllerClass() requestViewControllerWithPaymentRequest:paymentRequest.get() completion:makeBlockPtr([paymentRequest, showPaymentUIRequestSeed, weakThis, completionHandler = WTFMove(completionHandler)](PKPaymentAuthorizationViewController *viewController, NSError *error) {
+    [PAL::getPKPaymentAuthorizationViewControllerClass() requestViewControllerWithPaymentRequest:paymentRequest.get() completion:makeBlockPtr([paymentRequest, showPaymentUIRequestSeed, weakThis, completionHandler = WTFMove(completionHandler)](PKPaymentAuthorizationViewController *viewController, NSError *error) mutable {
         auto paymentCoordinatorProxy = weakThis.get();
         if (!paymentCoordinatorProxy)
-            return;
+            return completionHandler(false);
 
         if (error) {
@@ -56 +56 @@
         if (showPaymentUIRequestSeed != paymentCoordinatorProxy->m_showPaymentUIRequestSeed) {
             // We've already been asked to hide the payment UI. Don't attempt to show it.
-            return;
+            return completionHandler(false);
         }