Changeset 246660 in webkit


Ignore:
Timestamp:
Jun 20, 2019 3:52:06 PM (5 years ago)
Author:
beidson@apple.com
Message:

WebURLSchemeHandlerProxy::loadSynchronously crash with sync request.
<rdar://problem/51862206> and https://bugs.webkit.org/show_bug.cgi?id=199063

Reviewed by Geoffrey Garen.

Don't use a DataReference for the sync reply type.

  • UIProcess/WebPageProxy.messages.in:
  • UIProcess/WebURLSchemeHandler.h:
  • UIProcess/WebURLSchemeTask.cpp:

(WebKit::WebURLSchemeTask::didComplete):

  • UIProcess/WebURLSchemeTask.h:
  • WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp:

(WebKit::WebURLSchemeHandlerProxy::loadSynchronously):

Location:
trunk/Source/WebKit
Files:
6 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r246657 r246660  
     12019-06-20  Brady Eidson  <beidson@apple.com>
     2
     3        WebURLSchemeHandlerProxy::loadSynchronously crash with sync request.
     4        <rdar://problem/51862206> and https://bugs.webkit.org/show_bug.cgi?id=199063
     5
     6        Reviewed by Geoffrey Garen.
     7
     8        Don't use a DataReference for the sync reply type.
     9
     10        * UIProcess/WebPageProxy.messages.in:
     11        * UIProcess/WebURLSchemeHandler.h:
     12
     13        * UIProcess/WebURLSchemeTask.cpp:
     14        (WebKit::WebURLSchemeTask::didComplete):
     15        * UIProcess/WebURLSchemeTask.h:
     16
     17        * WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp:
     18        (WebKit::WebURLSchemeHandlerProxy::loadSynchronously):
     19
    1202019-06-20  Alex Christensen  <achristensen@webkit.org>
    221

  • trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in

    r246413 r246660  
    537537    StartURLSchemeTask(struct WebKit::URLSchemeTaskParameters parameters)
    538538    StopURLSchemeTask(uint64_t handlerIdentifier, uint64_t taskIdentifier)
    539     LoadSynchronousURLSchemeTask(struct WebKit::URLSchemeTaskParameters parameters) -> (WebCore::ResourceResponse response, WebCore::ResourceError error, IPC::DataReference data) Synchronous
     539    LoadSynchronousURLSchemeTask(struct WebKit::URLSchemeTaskParameters parameters) -> (WebCore::ResourceResponse response, WebCore::ResourceError error, Vector<char> data) Synchronous
    540540
    541541#if ENABLE(DEVICE_ORIENTATION)

  • trunk/Source/WebKit/UIProcess/WebURLSchemeHandler.h

    r245796 r246660  
    4545class WebProcessProxy;
    4646
    47 using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const IPC::DataReference&)>;
     47using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const Vector<char>&)>;
    4848
    4949class WebURLSchemeHandler : public RefCounted<WebURLSchemeHandler> {

  • trunk/Source/WebKit/UIProcess/WebURLSchemeTask.cpp

    r240046 r246660  
    137137   
    138138    if (isSync()) {
    139         IPC::DataReference data;
    140         if (m_syncData)
    141             data = { reinterpret_cast<const uint8_t*>(m_syncData->data()), m_syncData->size() };
    142         m_syncCompletionHandler(m_syncResponse, error, data);
     139        Vector<char> data;
     140        if (m_syncData) {
     141            data.resize(m_syncData->size());
     142            memcpy(data.data(), reinterpret_cast<const char*>(m_syncData->data()), m_syncData->size());
     143        }
     144
     145        m_syncCompletionHandler(m_syncResponse, error, WTFMove(data));
    143146        m_syncData = nullptr;
    144147    }

  • trunk/Source/WebKit/UIProcess/WebURLSchemeTask.h

    r245796 r246660  
    5050class WebPageProxy;
    5151
    52 using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const IPC::DataReference&)>;
     52using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const Vector<char>&)>;
    5353
    5454class WebURLSchemeTask : public RefCounted<WebURLSchemeTask>, public InstanceCounted<WebURLSchemeTask> {

  • trunk/Source/WebKit/WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp

    r235205 r246660  
    6565void WebURLSchemeHandlerProxy::loadSynchronously(ResourceLoadIdentifier loadIdentifier, const ResourceRequest& request, ResourceResponse& response, ResourceError& error, Vector<char>& data)
    6666{
    67     IPC::DataReference dataReference;
    68     if (!m_webPage.sendSync(Messages::WebPageProxy::LoadSynchronousURLSchemeTask(URLSchemeTaskParameters { m_identifier, loadIdentifier, request }), Messages::WebPageProxy::LoadSynchronousURLSchemeTask::Reply(response, error, dataReference))) {
     67    data.shrink(0);
     68    if (!m_webPage.sendSync(Messages::WebPageProxy::LoadSynchronousURLSchemeTask(URLSchemeTaskParameters { m_identifier, loadIdentifier, request }), Messages::WebPageProxy::LoadSynchronousURLSchemeTask::Reply(response, error, data))) {
    6969        error = failedCustomProtocolSyncLoad(request);
    7070        return;
    7171    }
    72    
    73     data.resize(dataReference.size());
    74     memcpy(data.data(), dataReference.data(), dataReference.size());
    7572}
    7673
Note: See TracChangeset for help on using the changeset viewer.