Changeset 263695 in webkit


Ignore:
Timestamp:
Jun 29, 2020 2:39:07 PM (4 years ago)
Author:
ddkilzer@apple.com
Message:

Crash in NetworkProcessProxy::getNetworkProcessConnection() lambda due to missing Optional<> value check
<https://webkit.org/b/213700>
<rdar://problem/64852903>

Reviewed by Darin Adler.

  • UIProcess/GPU/GPUProcessProxy.cpp:

(WebKit::GPUProcessProxy::getGPUProcessConnection):

  • Rename connectionIdentifier to identifier.
  • Return early from the lamba if identifier does not contain a value.
  • UIProcess/Network/NetworkProcessProxy.cpp:

(WebKit::NetworkProcessProxy::getNetworkProcessConnection):

  • Ditto.
Location:
trunk/Source/WebKit
Files:
3 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r263693 r263695  
     12020-06-29  David Kilzer  <ddkilzer@apple.com>
     2
     3        Crash in NetworkProcessProxy::getNetworkProcessConnection() lambda due to missing Optional<> value check
     4        <https://webkit.org/b/213700>
     5        <rdar://problem/64852903>
     6
     7        Reviewed by Darin Adler.
     8
     9        * UIProcess/GPU/GPUProcessProxy.cpp:
     10        (WebKit::GPUProcessProxy::getGPUProcessConnection):
     11        - Rename `connectionIdentifier` to `identifier`.
     12        - Return early from the lamba if `identifier` does not contain a
     13          value.
     14        * UIProcess/Network/NetworkProcessProxy.cpp:
     15        (WebKit::NetworkProcessProxy::getNetworkProcessConnection):
     16        - Ditto.
     17
    1182020-06-29  Wenson Hsieh  <wenson_hsieh@apple.com>
    219

  • trunk/Source/WebKit/UIProcess/GPU/GPUProcessProxy.cpp

    r263288 r263695  
    184184
    185185    RELEASE_LOG(ProcessSuspension, "%p - GPUProcessProxy is taking a background assertion because a web process is requesting a connection", this);
    186     sendWithAsyncReply(Messages::GPUProcess::CreateGPUConnectionToWebProcess { webProcessProxy.coreProcessIdentifier(), webProcessProxy.sessionID() }, [this, weakThis = makeWeakPtr(*this), reply = WTFMove(reply)](auto&& connectionIdentifier) mutable {
     186    sendWithAsyncReply(Messages::GPUProcess::CreateGPUConnectionToWebProcess { webProcessProxy.coreProcessIdentifier(), webProcessProxy.sessionID() }, [this, weakThis = makeWeakPtr(*this), reply = WTFMove(reply)](auto&& identifier) mutable {
    187187        if (!weakThis) {
    188188            RELEASE_LOG_ERROR(Process, "GPUProcessProxy::getGPUProcessConnection: GPUProcessProxy deallocated during connection establishment");
    189189            return reply({ });
    190190        }
     191
     192        if (!identifier) {
     193            RELEASE_LOG_ERROR(Process, "GPUProcessProxy::getGPUProcessConnection: connection identifier is empty");
     194            return reply({ });
     195        }
     196
    191197#if USE(UNIX_DOMAIN_SOCKETS) || OS(WINDOWS)
    192         reply(GPUProcessConnectionInfo { WTFMove(*connectionIdentifier) });
     198        reply(GPUProcessConnectionInfo { WTFMove(*identifier) });
    193199        UNUSED_VARIABLE(this);
    194200#elif OS(DARWIN)
    195         MESSAGE_CHECK(MACH_PORT_VALID(connectionIdentifier->port()));
    196         reply(GPUProcessConnectionInfo { IPC::Attachment { connectionIdentifier->port(), MACH_MSG_TYPE_MOVE_SEND }, this->connection()->getAuditToken() });
     201        MESSAGE_CHECK(MACH_PORT_VALID(identifier->port()));
     202        reply(GPUProcessConnectionInfo { IPC::Attachment { identifier->port(), MACH_MSG_TYPE_MOVE_SEND }, this->connection()->getAuditToken() });
    197203#else
    198204        notImplemented();

  • trunk/Source/WebKit/UIProcess/Network/NetworkProcessProxy.cpp

    r263386 r263695  
    134134{
    135135    RELEASE_LOG(ProcessSuspension, "%p - NetworkProcessProxy is taking a background assertion because a web process is requesting a connection", this);
    136     sendWithAsyncReply(Messages::NetworkProcess::CreateNetworkConnectionToWebProcess { webProcessProxy.coreProcessIdentifier(), webProcessProxy.sessionID() }, [this, weakThis = makeWeakPtr(*this), reply = WTFMove(reply)](auto&& connectionIdentifier, auto cookieAcceptPolicy) mutable {
     136    sendWithAsyncReply(Messages::NetworkProcess::CreateNetworkConnectionToWebProcess { webProcessProxy.coreProcessIdentifier(), webProcessProxy.sessionID() }, [this, weakThis = makeWeakPtr(*this), reply = WTFMove(reply)](auto&& identifier, auto cookieAcceptPolicy) mutable {
    137137        if (!weakThis) {
    138138            RELEASE_LOG_ERROR(Process, "NetworkProcessProxy::getNetworkProcessConnection: NetworkProcessProxy deallocated during connection establishment");
     
    140140        }
    141141
     142        if (!identifier) {
     143            RELEASE_LOG_ERROR(Process, "NetworkProcessProxy::getNetworkProcessConnection: connection identifier is empty");
     144            return reply({ });
     145        }
     146
    142147#if USE(UNIX_DOMAIN_SOCKETS) || OS(WINDOWS)
    143         reply(NetworkProcessConnectionInfo { WTFMove(*connectionIdentifier), cookieAcceptPolicy });
     148        reply(NetworkProcessConnectionInfo { WTFMove(*identifier), cookieAcceptPolicy });
    144149        UNUSED_VARIABLE(this);
    145150#elif OS(DARWIN)
    146         MESSAGE_CHECK(MACH_PORT_VALID(connectionIdentifier->port()));
    147         reply(NetworkProcessConnectionInfo { IPC::Attachment { connectionIdentifier->port(), MACH_MSG_TYPE_MOVE_SEND }, cookieAcceptPolicy, connection()->getAuditToken() });
     151        MESSAGE_CHECK(MACH_PORT_VALID(identifier->port()));
     152        reply(NetworkProcessConnectionInfo { IPC::Attachment { identifier->port(), MACH_MSG_TYPE_MOVE_SEND }, cookieAcceptPolicy, connection()->getAuditToken() });
    148153#else
    149154        notImplemented();
Note: See TracChangeset for help on using the changeset viewer.