Changeset 147508 in webkit


Ignore:
Timestamp:
Apr 2, 2013 4:34:22 PM (11 years ago)
Author:
andersca@apple.com
Message:

Be more robust against empty message receiver names in incoming messages
https://bugs.webkit.org/show_bug.cgi?id=113833
<rdar://problem/13284433>

Reviewed by Beth Dakin.

Turns out that we either send or receive messages whose receiver names are empty. This leads to bad things when we try to look
up the message receiver name in a hash map since the empty name is used to represent an empty hash map value.

  • Platform/CoreIPC/Connection.cpp:

(CoreIPC::Connection::addWorkQueueMessageReceiverOnConnectionWorkQueue):
Sprinkle assertions.

(CoreIPC::Connection::processIncomingMessage):
If the message receiver name is not valid, make sure to call didReceiveInvalidMessage on the client thread.

(CoreIPC::Connection::dispatchDidReceiveInvalidMessage):
Add new helper function.

Location:
trunk/Source/WebKit2
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r147500 r147508  
     12013-04-02  Anders Carlsson  <andersca@apple.com>
     2
     3        Be more robust against empty message receiver names in incoming messages
     4        https://bugs.webkit.org/show_bug.cgi?id=113833
     5        <rdar://problem/13284433>
     6
     7        Reviewed by Beth Dakin.
     8
     9        Turns out that we either send or receive messages whose receiver names are empty. This leads to bad things when we try to look
     10        up the message receiver name in a hash map since the empty name is used to represent an empty hash map value.
     11
     12        * Platform/CoreIPC/Connection.cpp:
     13        (CoreIPC::Connection::addWorkQueueMessageReceiverOnConnectionWorkQueue):
     14        Sprinkle assertions.
     15
     16        (CoreIPC::Connection::processIncomingMessage):
     17        If the message receiver name is not valid, make sure to call didReceiveInvalidMessage on the client thread.
     18
     19        (CoreIPC::Connection::dispatchDidReceiveInvalidMessage):
     20        Add new helper function.
     21
    1222013-04-02  Simon Cooper  <scooper@apple.com>
    223

  • trunk/Source/WebKit2/Platform/CoreIPC/Connection.cpp

    r143052 r147508  
    272272void Connection::addWorkQueueMessageReceiverOnConnectionWorkQueue(StringReference messageReceiverName, WorkQueue* workQueue, WorkQueueMessageReceiver* workQueueMessageReceiver)
    273273{
     274    ASSERT(workQueue);
     275    ASSERT(workQueueMessageReceiver);
    274276    ASSERT(!m_workQueueMessageReceivers.contains(messageReceiverName));
     277
    275278    m_workQueueMessageReceivers.add(messageReceiverName, std::make_pair(workQueue, workQueueMessageReceiver));
    276279}
     
    608611    OwnPtr<MessageDecoder> message = incomingMessage;
    609612
     613    ASSERT(!message->messageReceiverName().isEmpty());
     614    ASSERT(!message->messageName().isEmpty());
     615
    610616    if (message->messageReceiverName() == "IPC" && message->messageName() == "SyncMessageReply") {
    611617        processIncomingSyncReply(message.release());
     
    613619    }
    614620
    615     // Check if any work queue message receivers are interested in this message.
     621    if (!m_workQueueMessageReceivers.isValidKey(message->messageReceiverName())) {
     622        m_clientRunLoop->dispatch(bind(&Connection::dispatchDidReceiveInvalidMessage, this, message->messageReceiverName().toString(), message->messageName().toString()));
     623        return;
     624    }
     625
    616626    HashMap<StringReference, std::pair<RefPtr<WorkQueue>, RefPtr<WorkQueueMessageReceiver> > >::const_iterator it = m_workQueueMessageReceivers.find(message->messageReceiverName());
    617627    if (it != m_workQueueMessageReceivers.end()) {
     
    735745}
    736746
     747void Connection::dispatchDidReceiveInvalidMessage(const CString& messageReceiverNameString, const CString& messageNameString)
     748{
     749    ASSERT(RunLoop::current() == m_clientRunLoop);
     750
     751    if (!m_client)
     752        return;
     753
     754    m_client->didReceiveInvalidMessage(this, StringReference(messageReceiverNameString.data(), messageReceiverNameString.length()), StringReference(messageNameString.data(), messageNameString.length()));
     755}
     756
    737757void Connection::didFailToSendSyncMessage()
    738758{

  • trunk/Source/WebKit2/Platform/CoreIPC/Connection.h

    r142792 r147508  
    217217    void dispatchMessage(MessageDecoder&);
    218218    void dispatchSyncMessage(MessageDecoder&);
     219    void dispatchDidReceiveInvalidMessage(const CString& messageReceiverNameString, const CString& messageNameString);
    219220    void didFailToSendSyncMessage();
    220221
Note: See TracChangeset for help on using the changeset viewer.