Changeset 107356 in webkit
- Timestamp:
- Feb 9, 2012 9:45:10 PM (12 years ago)
- Location:
- trunk/Source/WebKit2
- Files:
-
- 10 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit2/ChangeLog
r107307 r107356 1 2012-02-09 Alexey Proskuryakov <ap@apple.com> 2 3 ASSERTION FAILED: checkURLReceivedFromWebProcess(originalURL) loading a local file, if the WebProcess crashed 4 https://bugs.webkit.org/show_bug.cgi?id=70845 5 <rdar://problem/10269985> 6 7 Reviewed by Anders Carlsson. 8 9 This also fixes some case where WebProcess did not get a sandbox extension after a crash. 10 11 * UIProcess/WebPageProxy.cpp: 12 (WebKit::WebPageProxy::reattachToWebProcessWithItem): We no longer need to pass a sandbox 13 extension here, we're now passing it at b/f navigation bottleneck. 14 (WebKit::WebPageProxy::reload): Pass a sandbox extension - reload may mean reloading an error 15 page after a crash, so WebProcess may no longer have the extension. 16 (WebKit::WebPageProxy::goForward): We no longer need to pass a sandbox extension here, 17 we're now passing it at b/f navigation bottleneck. Also, fixed a bug where we first null checked 18 a WebBackForwardListItem pointer, and then used it anyway. 19 (WebKit::WebPageProxy::goBack): Ditto. 20 (WebKit::WebPageProxy::goToBackForwardItem): Ditto. 21 (WebKit::WebPageProxy::backForwardGoToItem): This is the bottleneck. We get here both for UI 22 actions like pressing the Back button, and for window.history.go() navigations. JS navigations 23 previously didn't open up the sandbox. URLs in UI process b/f list are trusted, so it's 24 always OK to grant a sandbox extension if one of them is a file: one. 25 26 * UIProcess/WebPageProxy.h: backForwardGoToItem() now returns a sandbox extension handle. 27 28 * UIProcess/WebPageProxy.messages.in: Ditto. 29 30 * UIProcess/WebProcessProxy.cpp: 31 (WebKit::WebProcessProxy::checkURLReceivedFromWebProcess): If a URL is in UI process b/f 32 list, then it has been already vetted as something the Web process knows about. No need to 33 crash if it actually attempts going there. 34 (WebKit::WebProcessProxy::didReceiveInvalidMessage): Removed a useless comment (we have tons 35 of fprintfs besides this one). Fixed log message syntax. 36 37 * UIProcess/cf/WebPageProxyCF.cpp: (WebKit::WebPageProxy::restoreFromSessionStateData): 38 We no longer need to pass a sandbox extension here, we're now passing it at b/f navigation 39 bottleneck. 40 41 * WebProcess/WebPage/WebBackForwardListProxy.cpp: (WebKit::WebBackForwardListProxy::goToItem): 42 We now get an extension here, when telling UI process that we're navigating to a b/f list item. 43 44 * WebProcess/WebPage/WebPage.cpp: 45 (WebKit::WebPage::reload): Use the extension we're getting. 46 (WebKit::WebPage::goForward): Don't use one we're not getting. 47 (WebKit::WebPage::goBack): Ditto. 48 (WebKit::WebPage::goToBackForwardItem): Ditto. 49 (WebKit::WebPage::restoreSessionAndNavigateToCurrentItem): Ditto. 50 51 * WebProcess/WebPage/WebPage.h: Adjusted signatures accordingly. 52 53 * WebProcess/WebPage/WebPage.messages.in: Ditto. 54 1 55 2012-02-09 Matthew Delaney <mdelaney@apple.com> 2 56 -
trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp
r107168 r107356 318 318 return; 319 319 320 SandboxExtension::Handle sandboxExtensionHandle; 321 bool createdExtension = maybeInitializeSandboxExtensionHandle(KURL(KURL(), item->url()), sandboxExtensionHandle); 322 if (createdExtension) 323 process()->willAcquireUniversalFileReadSandboxExtension(); 324 process()->send(Messages::WebPage::GoToBackForwardItem(item->itemID(), sandboxExtensionHandle), m_pageID); 320 process()->send(Messages::WebPage::GoToBackForwardItem(item->itemID()), m_pageID); 325 321 process()->responsivenessTimer()->start(); 326 322 } … … 510 506 void WebPageProxy::reload(bool reloadFromOrigin) 511 507 { 512 if (m_backForwardList->currentItem()) 513 setPendingAPIRequestURL(m_backForwardList->currentItem()->url()); 508 SandboxExtension::Handle sandboxExtensionHandle; 509 510 if (m_backForwardList->currentItem()) { 511 String url = m_backForwardList->currentItem()->url(); 512 setPendingAPIRequestURL(url); 513 514 // We may not have an extension yet if back/forward list was reinstated after a WebProcess crash or a browser relaunch 515 bool createdExtension = maybeInitializeSandboxExtensionHandle(KURL(KURL(), url), sandboxExtensionHandle); 516 if (createdExtension) 517 process()->willAcquireUniversalFileReadSandboxExtension(); 518 } 514 519 515 520 if (!isValid()) { … … 518 523 } 519 524 520 process()->send(Messages::WebPage::Reload(reloadFromOrigin ), m_pageID);525 process()->send(Messages::WebPage::Reload(reloadFromOrigin, sandboxExtensionHandle), m_pageID); 521 526 process()->responsivenessTimer()->start(); 522 527 } … … 528 533 529 534 WebBackForwardListItem* forwardItem = m_backForwardList->forwardItem(); 530 if (forwardItem) 531 setPendingAPIRequestURL(forwardItem->url()); 535 if (!forwardItem) 536 return; 537 538 setPendingAPIRequestURL(forwardItem->url()); 532 539 533 540 if (!isValid()) { … … 536 543 } 537 544 538 SandboxExtension::Handle sandboxExtensionHandle; 539 bool createdExtension = maybeInitializeSandboxExtensionHandle(KURL(KURL(), forwardItem->url()), sandboxExtensionHandle); 540 if (createdExtension) 541 process()->willAcquireUniversalFileReadSandboxExtension(); 542 process()->send(Messages::WebPage::GoForward(forwardItem->itemID(), sandboxExtensionHandle), m_pageID); 545 process()->send(Messages::WebPage::GoForward(forwardItem->itemID()), m_pageID); 543 546 process()->responsivenessTimer()->start(); 544 547 } … … 555 558 556 559 WebBackForwardListItem* backItem = m_backForwardList->backItem(); 557 if (backItem) 558 setPendingAPIRequestURL(backItem->url()); 560 if (!backItem) 561 return; 562 563 setPendingAPIRequestURL(backItem->url()); 559 564 560 565 if (!isValid()) { … … 563 568 } 564 569 565 SandboxExtension::Handle sandboxExtensionHandle; 566 bool createdExtension = maybeInitializeSandboxExtensionHandle(KURL(KURL(), backItem->url()), sandboxExtensionHandle); 567 if (createdExtension) 568 process()->willAcquireUniversalFileReadSandboxExtension(); 569 process()->send(Messages::WebPage::GoBack(backItem->itemID(), sandboxExtensionHandle), m_pageID); 570 process()->send(Messages::WebPage::GoBack(backItem->itemID()), m_pageID); 570 571 process()->responsivenessTimer()->start(); 571 572 } … … 585 586 setPendingAPIRequestURL(item->url()); 586 587 587 SandboxExtension::Handle sandboxExtensionHandle; 588 bool createdExtension = maybeInitializeSandboxExtensionHandle(KURL(KURL(), item->url()), sandboxExtensionHandle); 589 if (createdExtension) 590 process()->willAcquireUniversalFileReadSandboxExtension(); 591 process()->send(Messages::WebPage::GoToBackForwardItem(item->itemID(), sandboxExtensionHandle), m_pageID); 588 process()->send(Messages::WebPage::GoToBackForwardItem(item->itemID()), m_pageID); 592 589 process()->responsivenessTimer()->start(); 593 590 } … … 2449 2446 } 2450 2447 2451 void WebPageProxy::backForwardGoToItem(uint64_t itemID) 2452 { 2453 m_backForwardList->goToItem(process()->webBackForwardItem(itemID)); 2448 void WebPageProxy::backForwardGoToItem(uint64_t itemID, SandboxExtension::Handle& sandboxExtensionHandle) 2449 { 2450 WebBackForwardListItem* item = process()->webBackForwardItem(itemID); 2451 if (!item) 2452 return; 2453 2454 bool createdExtension = maybeInitializeSandboxExtensionHandle(KURL(KURL(), item->url()), sandboxExtensionHandle); 2455 if (createdExtension) 2456 process()->willAcquireUniversalFileReadSandboxExtension(); 2457 m_backForwardList->goToItem(item); 2454 2458 } 2455 2459 -
trunk/Source/WebKit2/UIProcess/WebPageProxy.h
r107168 r107356 744 744 // Back/Forward list management 745 745 void backForwardAddItem(uint64_t itemID); 746 void backForwardGoToItem(uint64_t itemID );746 void backForwardGoToItem(uint64_t itemID, SandboxExtension::Handle&); 747 747 void backForwardItemAtIndex(int32_t index, uint64_t& itemID); 748 748 void backForwardBackListCount(int32_t& count); -
trunk/Source/WebKit2/UIProcess/WebPageProxy.messages.in
r107168 r107356 157 157 # BackForward messages 158 158 BackForwardAddItem(uint64_t itemID) 159 BackForwardGoToItem(uint64_t itemID) 159 BackForwardGoToItem(uint64_t itemID) -> (WebKit::SandboxExtension::Handle sandboxExtensionHandle) 160 160 BackForwardItemAtIndex(int32_t itemIndex) -> (uint64_t itemID) 161 161 BackForwardBackListCount() -> (int32_t count) -
trunk/Source/WebKit2/UIProcess/WebProcessProxy.cpp
r105364 r107356 246 246 } 247 247 248 // Items in back/forward list have been already checked. 249 // One case where we don't have sandbox extensions for file URLs in b/f list is if the list has been reinstated after a crash or a browser restart. 250 for (WebBackForwardListItemMap::iterator iter = m_backForwardListItemMap.begin(), end = m_backForwardListItemMap.end(); iter != end; ++iter) { 251 if (KURL(KURL(), iter->second->url()).fileSystemPath() == path) 252 return true; 253 if (KURL(KURL(), iter->second->originalURL()).fileSystemPath() == path) 254 return true; 255 } 256 248 257 // A Web process that was never asked to load a file URL should not ever ask us to do anything with a file URL. 258 fprintf(stderr, "Received an unexpected URL from the web process: '%s'\n", url.string().utf8().data()); 249 259 return false; 250 260 } … … 369 379 void WebProcessProxy::didReceiveInvalidMessage(CoreIPC::Connection*, CoreIPC::MessageID messageID) 370 380 { 371 // This fprintf is intentionally left because this function should 372 // only be hit in the case of a misbehaving web process. 373 fprintf(stderr, "Receive an invalid message from the web process with message ID %x\n", messageID.toInt()); 381 fprintf(stderr, "Received an invalid message from the web process with message ID %x\n", messageID.toInt()); 374 382 375 383 // Terminate the WebProcesses. -
trunk/Source/WebKit2/UIProcess/cf/WebPageProxyCF.cpp
r105339 r107356 165 165 process()->send(Messages::WebPage::RestoreSession(state), m_pageID); 166 166 else { 167 SandboxExtension::Handle sandboxExtensionHandle; 168 if (WebBackForwardListItem* item = m_backForwardList->currentItem()) { 169 bool createdExtension = maybeInitializeSandboxExtensionHandle(KURL(KURL(), item->url()), sandboxExtensionHandle); 170 if (createdExtension) 171 process()->willAcquireUniversalFileReadSandboxExtension(); 167 if (WebBackForwardListItem* item = m_backForwardList->currentItem()) 172 168 setPendingAPIRequestURL(item->url()); 173 } 174 175 process()->send(Messages::WebPage::RestoreSessionAndNavigateToCurrentItem(state, sandboxExtensionHandle), m_pageID); 169 170 process()->send(Messages::WebPage::RestoreSessionAndNavigateToCurrentItem(state), m_pageID); 176 171 } 177 172 } -
trunk/Source/WebKit2/WebProcess/WebPage/WebBackForwardListProxy.cpp
r95901 r107356 164 164 return; 165 165 166 m_page->send(Messages::WebPageProxy::BackForwardGoToItem(historyItemToIDMap().get(item))); 166 SandboxExtension::Handle sandboxExtensionHandle; 167 m_page->sendSync(Messages::WebPageProxy::BackForwardGoToItem(historyItemToIDMap().get(item)), Messages::WebPageProxy::BackForwardGoToItem::Reply(sandboxExtensionHandle)); 168 m_page->sandboxExtensionTracker().beginLoad(m_page->mainWebFrame(), sandboxExtensionHandle); 167 169 } 168 170 -
trunk/Source/WebKit2/WebProcess/WebPage/WebPage.cpp
r107168 r107356 714 714 } 715 715 716 void WebPage::reload(bool reloadFromOrigin )716 void WebPage::reload(bool reloadFromOrigin, const SandboxExtension::Handle& sandboxExtensionHandle) 717 717 { 718 718 SendStopResponsivenessTimer stopper(this); 719 719 720 m_sandboxExtensionTracker.beginLoad(m_mainFrame.get(), sandboxExtensionHandle); 720 721 m_mainFrame->coreFrame()->loader()->reload(reloadFromOrigin); 721 722 } 722 723 723 void WebPage::goForward(uint64_t backForwardItemID , const SandboxExtension::Handle& sandboxExtensionHandle)724 void WebPage::goForward(uint64_t backForwardItemID) 724 725 { 725 726 SendStopResponsivenessTimer stopper(this); … … 730 731 return; 731 732 732 m_sandboxExtensionTracker.beginLoad(m_mainFrame.get(), sandboxExtensionHandle);733 733 m_page->goToItem(item, FrameLoadTypeForward); 734 734 } 735 735 736 void WebPage::goBack(uint64_t backForwardItemID , const SandboxExtension::Handle& sandboxExtensionHandle)736 void WebPage::goBack(uint64_t backForwardItemID) 737 737 { 738 738 SendStopResponsivenessTimer stopper(this); … … 743 743 return; 744 744 745 m_sandboxExtensionTracker.beginLoad(m_mainFrame.get(), sandboxExtensionHandle);746 745 m_page->goToItem(item, FrameLoadTypeBack); 747 746 } 748 747 749 void WebPage::goToBackForwardItem(uint64_t backForwardItemID , const SandboxExtension::Handle& sandboxExtensionHandle)748 void WebPage::goToBackForwardItem(uint64_t backForwardItemID) 750 749 { 751 750 SendStopResponsivenessTimer stopper(this); … … 756 755 return; 757 756 758 m_sandboxExtensionTracker.beginLoad(m_mainFrame.get(), sandboxExtensionHandle);759 757 m_page->goToItem(item, FrameLoadTypeIndexedBackForward); 760 758 } … … 1440 1438 } 1441 1439 1442 void WebPage::restoreSessionAndNavigateToCurrentItem(const SessionState& sessionState , const SandboxExtension::Handle& sandboxExtensionHandle)1440 void WebPage::restoreSessionAndNavigateToCurrentItem(const SessionState& sessionState) 1443 1441 { 1444 1442 if (uint64_t currentItemID = restoreSession(sessionState)) 1445 goToBackForwardItem(currentItemID , sandboxExtensionHandle);1443 goToBackForwardItem(currentItemID); 1446 1444 } 1447 1445 -
trunk/Source/WebKit2/WebProcess/WebPage/WebPage.h
r107168 r107356 537 537 void loadPlainTextString(const String&); 538 538 void linkClicked(const String& url, const WebMouseEvent&); 539 void reload(bool reloadFromOrigin );540 void goForward(uint64_t , const SandboxExtension::Handle&);541 void goBack(uint64_t , const SandboxExtension::Handle&);542 void goToBackForwardItem(uint64_t , const SandboxExtension::Handle&);539 void reload(bool reloadFromOrigin, const SandboxExtension::Handle&); 540 void goForward(uint64_t); 541 void goBack(uint64_t); 542 void goToBackForwardItem(uint64_t); 543 543 void tryRestoreScrollPosition(); 544 544 void setActive(bool); … … 568 568 569 569 uint64_t restoreSession(const SessionState&); 570 void restoreSessionAndNavigateToCurrentItem(const SessionState& , const SandboxExtension::Handle&);570 void restoreSessionAndNavigateToCurrentItem(const SessionState&); 571 571 572 572 void didRemoveBackForwardItem(uint64_t); -
trunk/Source/WebKit2/WebProcess/WebPage/WebPage.messages.in
r106511 r107356 51 51 CenterSelectionInVisibleArea() 52 52 53 GoBack(uint64_t backForwardItemID , WebKit::SandboxExtension::Handle sandboxExtensionHandle)54 GoForward(uint64_t backForwardItemID , WebKit::SandboxExtension::Handle sandboxExtensionHandle)55 GoToBackForwardItem(uint64_t backForwardItemID , WebKit::SandboxExtension::Handle sandboxExtensionHandle)53 GoBack(uint64_t backForwardItemID) 54 GoForward(uint64_t backForwardItemID) 55 GoToBackForwardItem(uint64_t backForwardItemID) 56 56 TryRestoreScrollPosition() 57 57 LoadHTMLString(WTF::String htmlString, WTF::String baseURL) … … 61 61 LoadURLRequest(WebCore::ResourceRequest request, WebKit::SandboxExtension::Handle sandboxExtensionHandle) 62 62 LinkClicked(WTF::String url, WebKit::WebMouseEvent event) 63 Reload(bool reloadFromOrigin )63 Reload(bool reloadFromOrigin, WebKit::SandboxExtension::Handle sandboxExtensionHandle) 64 64 StopLoading() 65 65 … … 72 72 73 73 RestoreSession(WebKit::SessionState state) 74 RestoreSessionAndNavigateToCurrentItem(WebKit::SessionState state , WebKit::SandboxExtension::Handle sandboxExtensionHandle)74 RestoreSessionAndNavigateToCurrentItem(WebKit::SessionState state) 75 75 76 76 DidRemoveBackForwardItem(uint64_t backForwardItemID)
Note: See TracChangeset
for help on using the changeset viewer.