Changeset 247932 in webkit


Ignore:
Timestamp:
Jul 29, 2019 5:20:11 PM (5 years ago)
Author:
Chris Dumez
Message:

Fix non-thread safe use of WeakPtr under sendSecItemRequest()
https://bugs.webkit.org/show_bug.cgi?id=200249

Reviewed by Alex Christensen.

The function was calling globalNetworkProcess() from a background thread. This is not safe because
globalNetworkProcess() deferences a WeakPtr<NetworkProcess> internally and the NetworkProcess object
gets destroyed on the main thread.

  • Shared/mac/SecItemShim.cpp:

(WebKit::sendSecItemRequest):

Location:
trunk/Source/WebKit
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebKit/ChangeLog

    r247926 r247932  
     12019-07-29  Chris Dumez  <cdumez@apple.com>
     2
     3        Fix non-thread safe use of WeakPtr under sendSecItemRequest()
     4        https://bugs.webkit.org/show_bug.cgi?id=200249
     5
     6        Reviewed by Alex Christensen.
     7
     8        The function was calling globalNetworkProcess() from a background thread. This is not safe because
     9        globalNetworkProcess() deferences a WeakPtr<NetworkProcess> internally and the NetworkProcess object
     10        gets destroyed on the main thread.
     11
     12        * Shared/mac/SecItemShim.cpp:
     13        (WebKit::sendSecItemRequest):
     14
    1152019-07-29  Zalan Bujtas  <zalan@apple.com>
    216
  • trunk/Source/WebKit/Shared/mac/SecItemShim.cpp

    r245164 r247932  
    6565}
    6666
    67 static WorkQueue& workQueue()
    68 {
    69     static WorkQueue* workQueue;
    70     static dispatch_once_t onceToken;
    71     dispatch_once(&onceToken, ^{
    72         workQueue = &WorkQueue::create("com.apple.WebKit.SecItemShim").leakRef();
    73 
    74     });
    75 
    76     return *workQueue;
    77 }
    78 
    7967static Optional<SecItemResponseData> sendSecItemRequest(SecItemRequestData::Type requestType, CFDictionaryRef query, CFDictionaryRef attributesToMatch = 0)
    8068{
    81     if (!globalNetworkProcess())
    82         return WTF::nullopt;
    83 
    8469    Optional<SecItemResponseData> response;
    8570
    8671    BinarySemaphore semaphore;
     72    RunLoop::main().dispatch([&] {
     73        if (!globalNetworkProcess()) {
     74            semaphore.signal();
     75            return;
     76        }
     77        globalNetworkProcess()->parentProcessConnection()->sendWithAsyncReply(Messages::SecItemShimProxy::SecItemRequest(SecItemRequestData(requestType, query, attributesToMatch)), [&](auto reply) {
     78            if (reply)
     79                response = WTFMove(*reply);
    8780
    88     globalNetworkProcess()->parentProcessConnection()->sendWithReply(Messages::SecItemShimProxy::SecItemRequest(SecItemRequestData(requestType, query, attributesToMatch)), 0, workQueue(), [&response, &semaphore](auto reply) {
    89         if (reply)
    90             response = WTFMove(std::get<0>(*reply));
    91 
    92         semaphore.signal();
     81            semaphore.signal();
     82        });
    9383    });
    9484
  • trunk/Source/WebKit/UIProcess/mac/SecItemShimProxy.cpp

    r245911 r247932  
    5757}
    5858
    59 void SecItemShimProxy::didReceiveMessage(IPC::Connection&, IPC::Decoder&)
    60 {
    61 }
    62 
    63 void SecItemShimProxy::secItemRequest(const SecItemRequestData& request, CompletionHandler<void(SecItemResponseData&&)>&& response)
     59void SecItemShimProxy::secItemRequest(const SecItemRequestData& request, CompletionHandler<void(Optional<SecItemResponseData>&&)>&& response)
    6460{
    6561    switch (request.type()) {
  • trunk/Source/WebKit/UIProcess/mac/SecItemShimProxy.h

    r241441 r247932  
    4747    // IPC::Connection::WorkQueueMessageReceiver
    4848    void didReceiveMessage(IPC::Connection&, IPC::Decoder&) override;
    49     void didReceiveSyncMessage(IPC::Connection&, IPC::Decoder&, std::unique_ptr<IPC::Encoder>&) override;
    5049
    51     void secItemRequest(const SecItemRequestData&, CompletionHandler<void(SecItemResponseData&&)>&&);
     50    void secItemRequest(const SecItemRequestData&, CompletionHandler<void(Optional<SecItemResponseData>&&)>&&);
    5251
    5352    Ref<WorkQueue> m_queue;
  • trunk/Source/WebKit/UIProcess/mac/SecItemShimProxy.messages.in

    r243345 r247932  
    2424
    2525#if ENABLE(SEC_ITEM_SHIM)
    26     SecItemRequest(WebKit::SecItemRequestData request) -> (WebKit::SecItemResponseData response) Synchronous
     26    SecItemRequest(WebKit::SecItemRequestData request) -> (Optional<WebKit::SecItemResponseData> response) Async
    2727#endif
    2828
Note: See TracChangeset for help on using the changeset viewer.