Changeset 252849 in webkit


Ignore:
Timestamp:
Nov 25, 2019 1:15:15 AM (4 years ago)
Author:
youenn@apple.com
Message:

Crash in WebCore::ServiceWorkerRegistrationKey::hash() const
https://bugs.webkit.org/show_bug.cgi?id=204497
<rdar://problem/57348603>

Reviewed by Alex Christensen.

Source/WebCore:

Update ServiceWorkerContainer::jobResolvedWithRegistration to handle the case of a
ServiceWorkerContainer that might have a job whose promise is not related to the same context.
In that case, the ServiceWorkerContainer might get stopped, thus its m_ongoingSettledRegistrations be cleared.
But the promise may get settled shortly after since its context is not stopped and will then retrieve an empty registration data key.
This is difficult to test given we do not control when the resolvedWithRegistration task is posted to the client.

  • workers/service/ServiceWorkerContainer.cpp:

(WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):

  • workers/service/ServiceWorkerRegistrationKey.h:

(WebCore::ServiceWorkerRegistrationKey::encode const):
Add release asserts to make sure we do not store/transfer empty registration keys.

Source/WebKit:

  • WebProcess/Storage/WebSWClientConnection.cpp:

(WebKit::WebSWClientConnection::scheduleJobInServer):
Add a release assert to be able to further debug the crash.

Location:
trunk/Source
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • trunk/Source/WebCore/ChangeLog

    r252848 r252849  
     12019-11-25  Youenn Fablet  <youenn@apple.com>
     2
     3        Crash in WebCore::ServiceWorkerRegistrationKey::hash() const
     4        https://bugs.webkit.org/show_bug.cgi?id=204497
     5        <rdar://problem/57348603>
     6
     7        Reviewed by Alex Christensen.
     8
     9        Update ServiceWorkerContainer::jobResolvedWithRegistration to handle the case of a
     10        ServiceWorkerContainer that might have a job whose promise is not related to the same context.
     11        In that case, the ServiceWorkerContainer might get stopped, thus its m_ongoingSettledRegistrations be cleared.
     12        But the promise may get settled shortly after since its context is not stopped and will then retrieve an empty registration data key.
     13        This is difficult to test given we do not control when the resolvedWithRegistration task is posted to the client.
     14
     15        * workers/service/ServiceWorkerContainer.cpp:
     16        (WebCore::ServiceWorkerContainer::jobResolvedWithRegistration):
     17        * workers/service/ServiceWorkerRegistrationKey.h:
     18        (WebCore::ServiceWorkerRegistrationKey::encode const):
     19        Add release asserts to make sure we do not store/transfer empty registration keys.
     20
    1212019-11-25  Youenn Fablet  <youenn@apple.com>
    222
  • trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp

    r252848 r252849  
    393393            m_ongoingSettledRegistrations.add(++m_lastOngoingSettledRegistrationIdentifier, registration->data().key);
    394394            promise->whenSettled([this, protectedThis = WTFMove(protectedThis), identifier = m_lastOngoingSettledRegistrationIdentifier] {
    395                 notifyRegistrationIsSettled(m_ongoingSettledRegistrations.take(identifier));
     395                auto iterator = m_ongoingSettledRegistrations.find(identifier);
     396                if (iterator == m_ongoingSettledRegistrations.end())
     397                    return;
     398                notifyRegistrationIsSettled(iterator->value);
     399                m_ongoingSettledRegistrations.remove(iterator);
    396400            });
    397401        }
  • trunk/Source/WebCore/workers/service/ServiceWorkerRegistrationKey.h

    r247104 r252849  
    7474void ServiceWorkerRegistrationKey::encode(Encoder& encoder) const
    7575{
     76    RELEASE_ASSERT(!m_topOrigin.isEmpty());
     77    RELEASE_ASSERT(!m_scope.isNull());
    7678    encoder << m_topOrigin << m_scope;
    7779}
  • trunk/Source/WebKit/ChangeLog

    r252840 r252849  
     12019-11-25  Youenn Fablet  <youenn@apple.com>
     2
     3        Crash in WebCore::ServiceWorkerRegistrationKey::hash() const
     4        https://bugs.webkit.org/show_bug.cgi?id=204497
     5        <rdar://problem/57348603>
     6
     7        Reviewed by Alex Christensen.
     8
     9        * WebProcess/Storage/WebSWClientConnection.cpp:
     10        (WebKit::WebSWClientConnection::scheduleJobInServer):
     11        Add a release assert to be able to further debug the crash.
     12
    1132019-11-23  John Wilander  <wilander@apple.com>
    214
  • trunk/Source/WebKit/WebProcess/Storage/WebSWClientConnection.cpp

    r251598 r252849  
    7474void WebSWClientConnection::scheduleJobInServer(const ServiceWorkerJobData& jobData)
    7575{
     76    RELEASE_ASSERT(!jobData.scopeURL.isNull());
    7677    runOrDelayTaskForImport([this, jobData] {
    7778        send(Messages::WebSWServerConnection::ScheduleJobInServer { jobData });
Note: See TracChangeset for help on using the changeset viewer.