Changeset 263883 in webkit

Timestamp:

Jul 2, 2020 10:51:58 PM (4 years ago)

Author:

mark.lam@apple.com

Message:

ReadableStream::create() should handle any exceptions that may be thrown during construction.
​https://bugs.webkit.org/show_bug.cgi?id=213819

Reviewed by Youenn Fablet and Yusuke Suzuki.

Win EWS detected that ReadableStream::create() can throw exceptions, and we were
failing to handle it. This patch fixes that.

• Modules/cache/DOMCache.cpp:

(WebCore::DOMCache::put):

• Modules/fetch/FetchBodyOwner.cpp:

(WebCore::FetchBodyOwner::readableStream):
(WebCore::FetchBodyOwner::createReadableStream):

• Modules/fetch/FetchBodyOwner.h:
• Modules/fetch/FetchResponse.cpp:

(WebCore::FetchResponse::clone):

• bindings/js/ReadableStream.cpp:

(WebCore::ReadableStream::create):

• bindings/js/ReadableStream.h:

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• Modules/cache/DOMCache.cpp (modified) (2 diffs)
• Modules/fetch/FetchBodyOwner.cpp (modified) (2 diffs)
• Modules/fetch/FetchBodyOwner.h (modified) (4 diffs)
• Modules/fetch/FetchResponse.cpp (modified) (2 diffs)
• bindings/js/ReadableStream.cpp (modified) (4 diffs)
• bindings/js/ReadableStream.h (modified) (3 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2020-07-02  Mark Lam  <mark.lam@apple.com>
+
+        ReadableStream::create() should handle any exceptions that may be thrown during construction.
+        https://bugs.webkit.org/show_bug.cgi?id=213819
+
+        Reviewed by Youenn Fablet and Yusuke Suzuki.
+
+        Win EWS detected that ReadableStream::create() can throw exceptions, and we were
+        failing to handle it.  This patch fixes that.
+
+        * Modules/cache/DOMCache.cpp:
+        (WebCore::DOMCache::put):
+        * Modules/fetch/FetchBodyOwner.cpp:
+        (WebCore::FetchBodyOwner::readableStream):
+        (WebCore::FetchBodyOwner::createReadableStream):
+        * Modules/fetch/FetchBodyOwner.h:
+        * Modules/fetch/FetchResponse.cpp:
+        (WebCore::FetchResponse::clone):
+        * bindings/js/ReadableStream.cpp:
+        (WebCore::ReadableStream::create):
+        * bindings/js/ReadableStream.h:
+
 2020-07-02  Alex Christensen  <achristensen@webkit.org>
 

trunk/Source/WebCore/Modules/cache/DOMCache.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -366 +366 @@
 
     // FIXME: for efficiency, we should load blobs directly instead of going through the readableStream path.
-    if (response->isBlobBody())
-        response->readableStream(*scriptExecutionContext()->execState());
+    if (response->isBlobBody()) {
+        auto streamOrException = response->readableStream(*scriptExecutionContext()->execState());
+        if (UNLIKELY(streamOrException.hasException())) {
+            promise.reject(streamOrException.releaseException());
+            return;
+        }
+    }
 
     if (response->isBodyReceivedByChunk()) {

trunk/Source/WebCore/Modules/fetch/FetchBodyOwner.cpp

@@ -1 +1 @@
 /*
  * Copyright (C) 2016 Canon Inc.
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -312 +313 @@
 }
 
-RefPtr<ReadableStream> FetchBodyOwner::readableStream(JSC::JSGlobalObject& state)
+ExceptionOr<RefPtr<ReadableStream>> FetchBodyOwner::readableStream(JSC::JSGlobalObject& state)
 {
     if (isBodyNullOrOpaque())
         return nullptr;
 
-    if (!m_body->hasReadableStream())
-        createReadableStream(state);
+    if (!m_body->hasReadableStream()) {
+        auto voidOrException = createReadableStream(state);
+        if (UNLIKELY(voidOrException.hasException()))
+            return voidOrException.releaseException();
+    }
 
     return m_body->readableStream();
 }
 
-void FetchBodyOwner::createReadableStream(JSC::JSGlobalObject& state)
+ExceptionOr<void> FetchBodyOwner::createReadableStream(JSC::JSGlobalObject& state)
 {
     ASSERT(!m_readableStreamSource);
     if (isDisturbed()) {
-        m_body->setReadableStream(ReadableStream::create(state, nullptr));
+        auto streamOrException = ReadableStream::create(state, nullptr);
+        if (UNLIKELY(streamOrException.hasException()))
+            return streamOrException.releaseException();
+        m_body->setReadableStream(streamOrException.releaseReturnValue());
         m_body->readableStream()->lock();
-    } else {
-        m_readableStreamSource = adoptRef(*new FetchBodySource(*this));
-        m_body->setReadableStream(ReadableStream::create(state, m_readableStreamSource));
-    }
+        return { };
+    }
+
+    m_readableStreamSource = adoptRef(*new FetchBodySource(*this));
+    auto streamOrException = ReadableStream::create(state, m_readableStreamSource);
+    if (UNLIKELY(streamOrException.hasException())) {
+        m_readableStreamSource = nullptr;
+        return streamOrException.releaseException();
+    }
+    m_body->setReadableStream(streamOrException.releaseReturnValue());
+    return { };
 }
 

trunk/Source/WebCore/Modules/fetch/FetchBodyOwner.h

@@ -1 +1 @@
 /*
  * Copyright (C) 2016 Canon Inc.
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -30 +31 @@
 
 #include "ActiveDOMObject.h"
+#include "ExceptionOr.h"
 #include "FetchBody.h"
 #include "FetchBodySource.h"
@@ -58 +60 @@
     bool isActive() const { return !!m_blobLoader; }
 
-    RefPtr<ReadableStream> readableStream(JSC::JSGlobalObject&);
+    ExceptionOr<RefPtr<ReadableStream>> readableStream(JSC::JSGlobalObject&);
     bool hasReadableStreamBody() const { return m_body && m_body->hasReadableStream(); }
 
@@ -81 +83 @@
 
     void setBody(FetchBody&& body) { m_body = WTFMove(body); }
-    void createReadableStream(JSC::JSGlobalObject&);
+    ExceptionOr<void> createReadableStream(JSC::JSGlobalObject&);
 
     // ActiveDOMObject API

trunk/Source/WebCore/Modules/fetch/FetchResponse.cpp

@@ -1 +1 @@
 /*
  * Copyright (C) 2016 Canon Inc.
+ * Copyright (C) 2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -177 +178 @@
 
     // If loading, let's create a stream so that data is teed on both clones.
-    if (isLoading() && !m_readableStreamSource)
-        createReadableStream(*context.execState());
+    if (isLoading() && !m_readableStreamSource) {
+        auto voidOrException = createReadableStream(*context.execState());
+        if (UNLIKELY(voidOrException.hasException()))
+            return voidOrException.releaseException();
+    }
 
     // Synthetic responses do not store headers in m_internalResponse.

trunk/Source/WebCore/bindings/js/ReadableStream.cpp

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -27 +27 @@
 #include "ReadableStream.h"
 
+#include "Exception.h"
+#include "ExceptionCode.h"
 #include "JSDOMConvertSequences.h"
 #include "JSReadableStreamSink.h"
@@ -36 +38 @@
 using namespace JSC;
 
-Ref<ReadableStream> ReadableStream::create(JSC::JSGlobalObject& lexicalGlobalObject, RefPtr<ReadableStreamSource>&& source)
+ExceptionOr<Ref<ReadableStream>> ReadableStream::create(JSC::JSGlobalObject& lexicalGlobalObject, RefPtr<ReadableStreamSource>&& source)
 {
     VM& vm = lexicalGlobalObject.vm();
-    auto scope = DECLARE_CATCH_SCOPE(vm);
+    auto scope = DECLARE_THROW_SCOPE(vm);
 
     auto& clientData = *static_cast<JSVMClientData*>(vm.clientData);
@@ -53 +55 @@
     ASSERT(!args.hasOverflowed());
 
-    auto newReadableStream = jsDynamicCast<JSReadableStream*>(vm, JSC::construct(&lexicalGlobalObject, constructor, constructData, args));
-    scope.assertNoException();
+    JSObject* object = JSC::construct(&lexicalGlobalObject, constructor, constructData, args);
+    ASSERT(!!scope.exception() == !object);
+    RETURN_IF_EXCEPTION(scope, Exception { ExistingExceptionError });
 
-    return create(globalObject, *newReadableStream);
+    return create(globalObject, *jsCast<JSReadableStream*>(object));
 }
 

trunk/Source/WebCore/bindings/js/ReadableStream.h

@@ -1 +1 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26 +26 @@
 #pragma once
 
+#include "ExceptionOr.h"
 #include "JSDOMBinding.h"
 #include "JSDOMConvert.h"
@@ -40 +41 @@
     static Ref<ReadableStream> create(JSDOMGlobalObject& globalObject, JSReadableStream& readableStream) { return adoptRef(*new ReadableStream(globalObject, readableStream)); }
 
-    static Ref<ReadableStream> create(JSC::JSGlobalObject&, RefPtr<ReadableStreamSource>&&);
+    static ExceptionOr<Ref<ReadableStream>> create(JSC::JSGlobalObject&, RefPtr<ReadableStreamSource>&&);
 
     WEBCORE_EXPORT static bool isDisturbed(JSC::JSGlobalObject&, JSC::JSValue);