Changeset 71119 in webkit

Timestamp:

Nov 2, 2010 8:52:36 AM (13 years ago)

Author:

Martin Robinson

Message:

2010-11-01 Martin Robinson <​mrobinson@igalia.com>

Reviewed by Xan Lopez.

[Soup] Random crashes in http/tests/websocket/tests/workers/worker-handshake-challenge-randomness.html
​https://bugs.webkit.org/show_bug.cgi?id=48805

Track active WebSocket handles via a sequential id. This ensures
that when a handle is reallocated into a recently used segment of
memory, it doesn't trigger a false positive in the code which ensures
the original handle is active.

No new tests. This test should stop crashing on the bots, proving the fix.

• platform/network/soup/SocketStreamHandle.h: (WebCore::SocketStreamHandle::id): Added an m_id member and accessor to SocketStreamHandle.
• platform/network/soup/SocketStreamHandleSoup.cpp: (WebCore::getHandleFromId): Updated to work with HashMap of handle ids to SocketStreamHandle*. (WebCore::deactivateHandle): Ditto. (WebCore::activateHandle): Ditto. (WebCore::SocketStreamHandle::SocketStreamHandle): Ditto. (WebCore::SocketStreamHandle::connected): Ditto. (WebCore::SocketStreamHandle::readBytes): Ditto. (WebCore::SocketStreamHandle::beginWaitingForSocketWritability): Ditto. (WebCore::connectedCallback): Ditto. (WebCore::readReadyCallback): Ditto. (WebCore::writeReadyCallback): Ditto.

Location:

trunk/WebCore

Files:

• ChangeLog (modified) (1 diff)
• platform/network/soup/SocketStreamHandle.h (modified) (2 diffs)
• platform/network/soup/SocketStreamHandleSoup.cpp (modified) (10 diffs)

trunk/WebCore/ChangeLog

@@ +1 @@
+2010-11-01  Martin Robinson  <mrobinson@igalia.com>
+
+        Reviewed by Xan Lopez.
+
+        [Soup] Random crashes in http/tests/websocket/tests/workers/worker-handshake-challenge-randomness.html
+        https://bugs.webkit.org/show_bug.cgi?id=48805
+
+        Track active WebSocket handles via a sequential id. This ensures
+        that when a handle is reallocated into a recently used segment of
+        memory, it doesn't trigger a false positive in the code which ensures
+        the original handle is active.
+
+        No new tests. This test should stop crashing on the bots, proving the fix.
+
+        * platform/network/soup/SocketStreamHandle.h:
+        (WebCore::SocketStreamHandle::id): Added an m_id member and accessor
+        to SocketStreamHandle.
+        * platform/network/soup/SocketStreamHandleSoup.cpp:
+        (WebCore::getHandleFromId): Updated to work with HashMap of handle ids to
+        SocketStreamHandle*.
+        (WebCore::deactivateHandle): Ditto.
+        (WebCore::activateHandle): Ditto.
+        (WebCore::SocketStreamHandle::SocketStreamHandle): Ditto.
+        (WebCore::SocketStreamHandle::connected): Ditto.
+        (WebCore::SocketStreamHandle::readBytes): Ditto.
+        (WebCore::SocketStreamHandle::beginWaitingForSocketWritability): Ditto.
+        (WebCore::connectedCallback): Ditto.
+        (WebCore::readReadyCallback): Ditto.
+        (WebCore::writeReadyCallback): Ditto.
+
 2010-11-02  Csaba Osztrogonác  <ossy@webkit.org>
 

trunk/WebCore/platform/network/soup/SocketStreamHandle.h

@@ -52 +52 @@
         void readBytes(signed long, GError*);
         void writeReady();
+        void* id() { return m_id; }
 
     protected:
@@ -63 +64 @@
         PlatformRefPtr<GSource> m_writeReadySource;
         char* m_readBuffer;
+        void* m_id;
 
         SocketStreamHandle(const KURL&, SocketStreamHandleClient*);

trunk/WebCore/platform/network/soup/SocketStreamHandleSoup.cpp

@@ -49 +49 @@
 
 // These functions immediately call the similarly named SocketStreamHandle methods.
-static void connectedCallback(GSocketClient*, GAsyncResult*, SocketStreamHandle*);
-static void readReadyCallback(GInputStream*, GAsyncResult*, SocketStreamHandle*);
-static gboolean writeReadyCallback(GSocket*, GIOCondition, SocketStreamHandle*);
+static void connectedCallback(GSocketClient*, GAsyncResult*, void*);
+static void readReadyCallback(GInputStream*, GAsyncResult*, void*);
+static gboolean writeReadyCallback(GSocket*, GIOCondition, void*);
 
 // Having a list of active handles means that we do not have to worry about WebCore
@@ -57 +57 @@
 // we just ignore it in the callback. We avoid a lot of extra checks and tricky
 // situations this way.
-static Vector<SocketStreamHandle*> gActiveHandles;
-bool isActiveHandle(SocketStreamHandle* handle)
-{
-    return gActiveHandles.find(handle) != notFound;
-}
-
-void deactivateHandle(SocketStreamHandle* handle)
-{
-    size_t handleIndex = gActiveHandles.find(handle);
-    if (handleIndex != notFound)
-        gActiveHandles.remove(handleIndex);
+static HashMap<void*, SocketStreamHandle*> gActiveHandles;
+static SocketStreamHandle* getHandleFromId(void* id)
+{
+    if (!gActiveHandles.contains(id))
+        return 0;
+    return gActiveHandles.get(id);
+}
+
+static void deactivateHandle(SocketStreamHandle* handle)
+{
+    gActiveHandles.remove(handle->id());
+}
+
+static void* activateHandle(SocketStreamHandle* handle)
+{
+    // The first id cannot be 0, because it conflicts with the HashMap emptyValue.
+    static gint currentHandleId = 1;
+    void* id = GINT_TO_POINTER(currentHandleId++);
+    gActiveHandles.set(id, handle);
+    return id;
 }
 
@@ -79 +88 @@
     unsigned int port = url.hasPort() ? url.port() : 80;
 
-    gActiveHandles.append(this);
+    m_id = activateHandle(this);
     PlatformRefPtr<GSocketClient> socketClient = adoptPlatformRef(g_socket_client_new());
     g_socket_client_connect_to_host_async(socketClient.get(), url.host().utf8().data(), port, 0,
-        reinterpret_cast<GAsyncReadyCallback>(connectedCallback), this);
+        reinterpret_cast<GAsyncReadyCallback>(connectedCallback), m_id);
 }
 
@@ -105 +114 @@
     m_readBuffer = new char[READ_BUFFER_SIZE];
     g_input_stream_read_async(m_inputStream.get(), m_readBuffer, READ_BUFFER_SIZE, G_PRIORITY_DEFAULT, 0,
-        reinterpret_cast<GAsyncReadyCallback>(readReadyCallback), this);
+        reinterpret_cast<GAsyncReadyCallback>(readReadyCallback), m_id);
 
     // The client can close the handle, potentially removing the last reference.
@@ -132 +141 @@
     if (m_inputStream) // The client may have closed the connection.
         g_input_stream_read_async(m_inputStream.get(), m_readBuffer, READ_BUFFER_SIZE, G_PRIORITY_DEFAULT, 0,
-            reinterpret_cast<GAsyncReadyCallback>(readReadyCallback), this);
+            reinterpret_cast<GAsyncReadyCallback>(readReadyCallback), m_id);
 }
 
@@ -216 +225 @@
     m_writeReadySource = adoptPlatformRef(g_socket_create_source(
         g_socket_connection_get_socket(m_socketConnection.get()), static_cast<GIOCondition>(G_IO_OUT), 0));
-    g_source_set_callback(m_writeReadySource.get(), reinterpret_cast<GSourceFunc>(writeReadyCallback), this, 0);
+    g_source_set_callback(m_writeReadySource.get(), reinterpret_cast<GSourceFunc>(writeReadyCallback), m_id, 0);
     g_source_attach(m_writeReadySource.get(), 0);
 }
@@ -229 +238 @@
 }
 
-static void connectedCallback(GSocketClient* client, GAsyncResult* result, SocketStreamHandle* handle)
+static void connectedCallback(GSocketClient* client, GAsyncResult* result, void* id)
 {
     // Always finish the connection, even if this SocketStreamHandle was deactivated earlier.
@@ -236 +245 @@
 
     // The SocketStreamHandle has been deactivated, so just close the connection, ignoring errors.
-    if (!isActiveHandle(handle)) {
+    SocketStreamHandle* handle = getHandleFromId(id);
+    if (!handle) {
         g_io_stream_close(G_IO_STREAM(socketConnection), 0, &error.outPtr());
         return;
@@ -244 +254 @@
 }
 
-static void readReadyCallback(GInputStream* stream, GAsyncResult* result, SocketStreamHandle* handle)
+static void readReadyCallback(GInputStream* stream, GAsyncResult* result, void* id)
 {
     // Always finish the read, even if this SocketStreamHandle was deactivated earlier.
@@ -250 +260 @@
     gssize bytesRead = g_input_stream_read_finish(stream, result, &error.outPtr());
 
-    if (!isActiveHandle(handle))
-        return;
+    SocketStreamHandle* handle = getHandleFromId(id);
+    if (!handle)
+        return;
+
     handle->readBytes(bytesRead, error.get());
 }
 
-static gboolean writeReadyCallback(GSocket*, GIOCondition condition, SocketStreamHandle* handle)
-{
-    if (!isActiveHandle(handle))
+static gboolean writeReadyCallback(GSocket*, GIOCondition condition, void* id)
+{
+    SocketStreamHandle* handle = getHandleFromId(id);
+    if (!handle)
         return FALSE;