Changeset 248182 in webkit


Ignore:
Timestamp:
Aug 2, 2019 2:32:09 PM (5 years ago)
Author:
Fujii Hironori
Message:

[Curl] Crash while destructing a URL in ~SocketStreamHandle due to data race
https://bugs.webkit.org/show_bug.cgi?id=200378

Reviewed by Ross Kirsling.

URL::isolatedCopy() is called in the worker thread. URL is using a
thread-unsafe ref-counter. It should be called in the main thread.

Covered by existing tests.

  • platform/network/curl/SocketStreamHandleImpl.h:
  • platform/network/curl/SocketStreamHandleImplCurl.cpp:

(WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl): Call URL::isolatedCopy() in the main thread.
(WebCore::SocketStreamHandleImpl::threadEntryPoint): Added a URL argument.

Location:
trunk/Source/WebCore
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebCore/ChangeLog

    r248181 r248182  
     12019-08-02  Fujii Hironori  <Hironori.Fujii@sony.com>
     2
     3        [Curl] Crash while destructing a URL in ~SocketStreamHandle due to data race
     4        https://bugs.webkit.org/show_bug.cgi?id=200378
     5
     6        Reviewed by Ross Kirsling.
     7
     8        URL::isolatedCopy() is called in the worker thread. URL is using a
     9        thread-unsafe ref-counter. It should be called in the main thread.
     10
     11        Covered by existing tests.
     12
     13        * platform/network/curl/SocketStreamHandleImpl.h:
     14        * platform/network/curl/SocketStreamHandleImplCurl.cpp:
     15        (WebCore::SocketStreamHandleImpl::SocketStreamHandleImpl): Call URL::isolatedCopy() in the main thread.
     16        (WebCore::SocketStreamHandleImpl::threadEntryPoint): Added a URL argument.
     17
    1182019-08-02  Sihui Liu  <sihui_liu@apple.com>
    219

  • trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImpl.h

    r245802 r248182  
    6565    bool sendPendingData();
    6666
    67     void threadEntryPoint();
     67    void threadEntryPoint(const URL&);
    6868    void handleError(CURLcode);
    6969    void stopThread();

  • trunk/Source/WebCore/platform/network/curl/SocketStreamHandleImplCurl.cpp

    r245802 r248182  
    5858        CurlContext::singleton().sslHandle().setIgnoreSSLErrors(true);
    5959
    60     m_workerThread = Thread::create("WebSocket thread", [this, protectedThis = makeRef(*this)] {
    61         threadEntryPoint();
     60    m_workerThread = Thread::create("WebSocket thread", [this, protectedThis = makeRef(*this), url = url.isolatedCopy()] {
     61        threadEntryPoint(url);
    6262    });
    6363}
     
    105105}
    106106
    107 void SocketStreamHandleImpl::threadEntryPoint()
     107void SocketStreamHandleImpl::threadEntryPoint(const URL& url)
    108108{
    109109    ASSERT(!isMainThread());
    110110
    111     CurlSocketHandle socket { m_url.isolatedCopy(), [this](CURLcode errorCode) {
     111    CurlSocketHandle socket { url, [this](CURLcode errorCode) {
    112112        handleError(errorCode);
    113113    }};
Note: See TracChangeset for help on using the changeset viewer.