Changeset 225253 in webkit


Ignore:
Timestamp:
Nov 28, 2017 6:23:38 PM (6 years ago)
Author:
commit-queue@webkit.org
Message:

NetworkCache::Storage should protect itself when removing operations from its maps
https://bugs.webkit.org/show_bug.cgi?id=180118

Patch by Youenn Fablet <youenn@apple.com> on 2017-11-28
Reviewed by Antti Koivisto.

The operations can contain ref to the Storage object and removing them from the map may destroy the Storage object

  • NetworkProcess/cache/NetworkCacheStorage.cpp:

(WebKit::NetworkCache::Storage::remove):
(WebKit::NetworkCache::Storage::finishReadOperation):
(WebKit::NetworkCache::Storage::finishWriteOperation):
(WebKit::NetworkCache::Storage::traverse):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r225251 r225253  
     12017-11-28  Youenn Fablet  <youenn@apple.com>
     2
     3        NetworkCache::Storage should protect itself when removing operations from its maps
     4        https://bugs.webkit.org/show_bug.cgi?id=180118
     5
     6        Reviewed by Antti Koivisto.
     7
     8        The operations can contain ref to the Storage object and removing them from the map may destroy the Storage object
     9
     10        * NetworkProcess/cache/NetworkCacheStorage.cpp:
     11        (WebKit::NetworkCache::Storage::remove):
     12        (WebKit::NetworkCache::Storage::finishReadOperation):
     13        (WebKit::NetworkCache::Storage::finishWriteOperation):
     14        (WebKit::NetworkCache::Storage::traverse):
     15
    1162017-11-28  Youenn Fablet  <youenn@apple.com>
    217

  • trunk/Source/WebKit/NetworkProcess/cache/NetworkCacheStorage.cpp

    r224371 r225253  
    562562        return;
    563563
     564    auto protectedThis = makeRef(*this);
     565
    564566    // We can't remove the key from the Bloom filter (but some false positives are expected anyway).
    565567    // For simplicity we also don't reduce m_approximateSize on removals.
     
    568570    removeFromPendingWriteOperations(key);
    569571
    570     serialBackgroundIOQueue().dispatch([this, protectedThis = makeRef(*this), key] () mutable {
     572    serialBackgroundIOQueue().dispatch([this, protectedThis = WTFMove(protectedThis), key] () mutable {
    571573        deleteFiles(key);
    572574        RunLoop::main().dispatch([protectedThis = WTFMove(protectedThis)] { });
     
    666668        else if (!readOperation.isCanceled)
    667669            remove(readOperation.key);
     670
     671        auto protectedThis = makeRef(*this);
    668672
    669673        ASSERT(m_activeReadOperations.contains(&readOperation));
     
    794798    if (--writeOperation.activeCount)
    795799        return;
     800
     801    auto protectedThis = makeRef(*this);
    796802
    797803    m_activeWriteOperations.remove(&writeOperation);
     
    916922        RunLoop::main().dispatch([this, &traverseOperation] {
    917923            traverseOperation.handler(nullptr, { });
     924
     925            auto protectedThis = makeRef(*this);
     926
    918927            m_activeTraverseOperations.remove(&traverseOperation);
    919928        });
Note: See TracChangeset for help on using the changeset viewer.