169620 2017-03-14 12:12:25 -0700 Add a null check in VMTraps::willDestroyVM() to handle a race condition. 2017-03-14 12:30:06 -0700 1 1 1 Unclassified WebKit JavaScriptCore WebKit Local Build Unspecified Unspecified RESOLVED FIXED InRadar P2 Normal --- 1 mark.lam mark.lam commit-queue keith_miller msaboff saam webkit-bug-importer oldest_to_newest 1287726 0 mark.lam 2017-03-14 12:12:25 -0700 There exists a race between VMTraps::willDestroyVM() (which removed SignalSenders from its m_signalSenders list) and SignalSender::send() (which removes itself from the list). In the event that SignalSender::send() removes itself between the time that VMTraps::willDestroyVM() checks if m_signalSenders is empty and the time it takes a sender from m_signalSenders, VMTraps::willDestroyVM() may end up with a NULL sender pointer. The fix is add the missing null check before using the sender pointer. 1287729 1 mark.lam 2017-03-14 12:16:35 -0700 <rdar://problem/31022072> 1287734 2 304411 mark.lam 2017-03-14 12:19:42 -0700 Created attachment 304411 proposed patch. 1287740 3 304412 mark.lam 2017-03-14 12:22:58 -0700 Created attachment 304412 proposed patch: rebased to ToT. 1287741 4 mark.lam 2017-03-14 12:30:06 -0700 Thanks for the review. Landed in r213930: <http://trac.webkit.org/r213930>. 304411 2017-03-14 12:19:42 -0700 2017-03-14 12:22:58 -0700 proposed patch. bug-169620.patch text/plain 2908 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjEzOTIzKQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIzIEBA CisyMDE3LTAzLTE0ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBB ZGQgYSBudWxsIGNoZWNrIGluIFZNVHJhcHM6OndpbGxEZXN0cm95Vk0oKSB0byBoYW5kbGUgYSBy YWNlIGNvbmRpdGlvbi4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTE2OTYyMAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisg ICAgICAgIFRoZXJlIGV4aXN0cyBhIHJhY2UgYmV0d2VlbiBWTVRyYXBzOjp3aWxsRGVzdHJveVZN KCkgKHdoaWNoIHJlbW92ZWQgU2lnbmFsU2VuZGVycworICAgICAgICBmcm9tIGl0cyBtX3NpZ25h bFNlbmRlcnMgbGlzdCkgYW5kIFNpZ25hbFNlbmRlcjo6c2VuZCgpICh3aGljaCByZW1vdmVzIGl0 c2VsZgorICAgICAgICBmcm9tIHRoZSBsaXN0KS4gIEluIHRoZSBldmVudCB0aGF0IFNpZ25hbFNl bmRlcjo6c2VuZCgpIHJlbW92ZXMgaXRzZWxmIGJldHdlZW4KKyAgICAgICAgdGhlIHRpbWUgdGhh dCBWTVRyYXBzOjp3aWxsRGVzdHJveVZNKCkgY2hlY2tzIGlmIG1fc2lnbmFsU2VuZGVycyBpcyBl bXB0eSBhbmQgdGhlCisgICAgICAgIHRpbWUgaXQgdGFrZXMgYSBzZW5kZXIgZnJvbSBtX3NpZ25h bFNlbmRlcnMsIFZNVHJhcHM6OndpbGxEZXN0cm95Vk0oKSBtYXkgZW5kIHVwCisgICAgICAgIHdp dGggYSBOVUxMIHNlbmRlciBwb2ludGVyLiAgVGhlIGZpeCBpcyBhZGQgdGhlIG1pc3NpbmcgbnVs bCBjaGVjayBiZWZvcmUgdXNpbmcKKyAgICAgICAgdGhlIHNlbmRlciBwb2ludGVyLgorCisgICAg ICAgICogcnVudGltZS9WTVRyYXBzLmNwcDoKKyAgICAgICAgKEpTQzo6Vk1UcmFwczo6d2lsbERl c3Ryb3lWTSk6CisgICAgICAgIChKU0M6OlZNVHJhcHM6OmZpcmVUcmFwKToKKyAgICAgICAgKiBy dW50aW1lL1ZNVHJhcHMuaDoKKwogMjAxNy0wMy0xNCAgTWFyayBMYW0gIDxtYXJrLmxhbUBhcHBs ZS5jb20+CiAKICAgICAgICAgR2FyZGVuaW5nOiBTcGVjdWxhdGl2ZSBidWlsZCBmaXggZm9yIENM b29wIGFmdGVyIHIyMTM4ODYuCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9W TVRyYXBzLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9W TVRyYXBzLmNwcAkocmV2aXNpb24gMjEzODgzKQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1 bnRpbWUvVk1UcmFwcy5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTQ1MCw2ICs0NTAsOCBAQCBWTVRy YXBzOjpWTVRyYXBzKCkKIAogdm9pZCBWTVRyYXBzOjp3aWxsRGVzdHJveVZNKCkKIHsKKyAgICBt X2lzU2h1dHRpbmdEb3duID0gdHJ1ZTsKKyAgICBXVEY6OnN0b3JlU3RvcmVGZW5jZSgpOwogI2lm IEVOQUJMRShTSUdOQUxfQkFTRURfVk1fVFJBUFMpCiAgICAgd2hpbGUgKCFtX3NpZ25hbFNlbmRl cnMuaXNFbXB0eSgpKSB7CiAgICAgICAgIFJlZlB0cjxTaWduYWxTZW5kZXI+IHNlbmRlcjsKQEAg LTQ2MCw5ICs0NjIsMTIgQEAgdm9pZCBWTVRyYXBzOjp3aWxsRGVzdHJveVZNKCkKICAgICAgICAg ICAgIC8vIHRvIGFjcXVpcmUgdGhlc2UgbG9ja3MgaW4gdGhlIG9wcG9zaXRlIG9yZGVyLgogICAg ICAgICAgICAgYXV0byBsb2NrZXIgPSBob2xkTG9jayhtX2xvY2spOwogICAgICAgICAgICAgc2Vu ZGVyID0gbV9zaWduYWxTZW5kZXJzLnRha2VBbnkoKTsKKyAgICAgICAgICAgIGlmICghc2VuZGVy KQorICAgICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICB9CiAgICAgICAgIHNlbmRlci0+d2ls bERlc3Ryb3lWTSgpOwogICAgIH0KKyAgICBBU1NFUlQobV9zaWduYWxTZW5kZXJzLmlzRW1wdHko KSk7CiAjZW5kaWYKIH0KIApAQCAtNTIzLDYgKzUyOCw3IEBAIHZvaWQgVk1UcmFwczo6ZmlyZVRy YXAoVk1UcmFwczo6RXZlbnRUeXAKICAgICBBU1NFUlQoIXZtKCkuY3VycmVudFRocmVhZElzSG9s ZGluZ0FQSUxvY2soKSk7CiAgICAgewogICAgICAgICBhdXRvIGxvY2tlciA9IGhvbGRMb2NrKG1f bG9jayk7CisgICAgICAgIEFTU0VSVCghbV9pc1NodXR0aW5nRG93bik7CiAgICAgICAgIHNldFRy YXBGb3JFdmVudChsb2NrZXIsIGV2ZW50VHlwZSk7CiAgICAgICAgIG1fbmVlZFRvSW52YWxpZGF0 ZWRDb2RlQmxvY2tzID0gdHJ1ZTsKICAgICB9CkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUv cnVudGltZS9WTVRyYXBzLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3J1 bnRpbWUvVk1UcmFwcy5oCShyZXZpc2lvbiAyMTM4ODMpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENv cmUvcnVudGltZS9WTVRyYXBzLmgJKHdvcmtpbmcgY29weSkKQEAgLTE2Nyw2ICsxNjcsNyBAQCBw cml2YXRlOgogICAgICAgICBCaXRGaWVsZCBtX3RyYXBzQml0RmllbGQ7CiAgICAgfTsKICAgICBi b29sIG1fbmVlZFRvSW52YWxpZGF0ZWRDb2RlQmxvY2tzIHsgZmFsc2UgfTsKKyAgICBib29sIG1f aXNTaHV0dGluZ0Rvd24geyBmYWxzZSB9OwogCiAjaWYgRU5BQkxFKFNJR05BTF9CQVNFRF9WTV9U UkFQUykKICAgICBIYXNoU2V0PFJlZlB0cjxTaWduYWxTZW5kZXI+PiBtX3NpZ25hbFNlbmRlcnM7 Cg== 304412 2017-03-14 12:22:58 -0700 2017-03-14 12:24:58 -0700 proposed patch: rebased to ToT. bug-169620.patch text/plain 2908 mark.lam SW5kZXg6IFNvdXJjZS9KYXZhU2NyaXB0Q29yZS9DaGFuZ2VMb2cKPT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291 cmNlL0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkocmV2aXNpb24gMjEzOTI3KQorKysgU291cmNl L0phdmFTY3JpcHRDb3JlL0NoYW5nZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIzIEBA CisyMDE3LTAzLTE0ICBNYXJrIExhbSAgPG1hcmsubGFtQGFwcGxlLmNvbT4KKworICAgICAgICBB ZGQgYSBudWxsIGNoZWNrIGluIFZNVHJhcHM6OndpbGxEZXN0cm95Vk0oKSB0byBoYW5kbGUgYSBy YWNlIGNvbmRpdGlvbi4KKyAgICAgICAgaHR0cHM6Ly9idWdzLndlYmtpdC5vcmcvc2hvd19idWcu Y2dpP2lkPTE2OTYyMAorCisgICAgICAgIFJldmlld2VkIGJ5IE5PQk9EWSAoT09QUyEpLgorCisg ICAgICAgIFRoZXJlIGV4aXN0cyBhIHJhY2UgYmV0d2VlbiBWTVRyYXBzOjp3aWxsRGVzdHJveVZN KCkgKHdoaWNoIHJlbW92ZWQgU2lnbmFsU2VuZGVycworICAgICAgICBmcm9tIGl0cyBtX3NpZ25h bFNlbmRlcnMgbGlzdCkgYW5kIFNpZ25hbFNlbmRlcjo6c2VuZCgpICh3aGljaCByZW1vdmVzIGl0 c2VsZgorICAgICAgICBmcm9tIHRoZSBsaXN0KS4gIEluIHRoZSBldmVudCB0aGF0IFNpZ25hbFNl bmRlcjo6c2VuZCgpIHJlbW92ZXMgaXRzZWxmIGJldHdlZW4KKyAgICAgICAgdGhlIHRpbWUgdGhh dCBWTVRyYXBzOjp3aWxsRGVzdHJveVZNKCkgY2hlY2tzIGlmIG1fc2lnbmFsU2VuZGVycyBpcyBl bXB0eSBhbmQgdGhlCisgICAgICAgIHRpbWUgaXQgdGFrZXMgYSBzZW5kZXIgZnJvbSBtX3NpZ25h bFNlbmRlcnMsIFZNVHJhcHM6OndpbGxEZXN0cm95Vk0oKSBtYXkgZW5kIHVwCisgICAgICAgIHdp dGggYSBOVUxMIHNlbmRlciBwb2ludGVyLiAgVGhlIGZpeCBpcyBhZGQgdGhlIG1pc3NpbmcgbnVs bCBjaGVjayBiZWZvcmUgdXNpbmcKKyAgICAgICAgdGhlIHNlbmRlciBwb2ludGVyLgorCisgICAg ICAgICogcnVudGltZS9WTVRyYXBzLmNwcDoKKyAgICAgICAgKEpTQzo6Vk1UcmFwczo6d2lsbERl c3Ryb3lWTSk6CisgICAgICAgIChKU0M6OlZNVHJhcHM6OmZpcmVUcmFwKToKKyAgICAgICAgKiBy dW50aW1lL1ZNVHJhcHMuaDoKKwogMjAxNy0wMy0xNCAgTWFyayBMYW0gIDxtYXJrLmxhbUBhcHBs ZS5jb20+CiAKICAgICAgICAgR2FyZGVuaW5nOiBTcGVjdWxhdGl2ZSBidWlsZCBmaXggZm9yIENM b29wIGFmdGVyIHIyMTM4ODYuCkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9W TVRyYXBzLmNwcAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvSmF2YVNjcmlwdENvcmUvcnVudGltZS9W TVRyYXBzLmNwcAkocmV2aXNpb24gMjEzOTI3KQorKysgU291cmNlL0phdmFTY3JpcHRDb3JlL3J1 bnRpbWUvVk1UcmFwcy5jcHAJKHdvcmtpbmcgY29weSkKQEAgLTQwMyw2ICs0MDMsOCBAQCBWTVRy YXBzOjpWTVRyYXBzKCkKIAogdm9pZCBWTVRyYXBzOjp3aWxsRGVzdHJveVZNKCkKIHsKKyAgICBt X2lzU2h1dHRpbmdEb3duID0gdHJ1ZTsKKyAgICBXVEY6OnN0b3JlU3RvcmVGZW5jZSgpOwogI2lm IEVOQUJMRShTSUdOQUxfQkFTRURfVk1fVFJBUFMpCiAgICAgd2hpbGUgKCFtX3NpZ25hbFNlbmRl cnMuaXNFbXB0eSgpKSB7CiAgICAgICAgIFJlZlB0cjxTaWduYWxTZW5kZXI+IHNlbmRlcjsKQEAg LTQxMyw5ICs0MTUsMTIgQEAgdm9pZCBWTVRyYXBzOjp3aWxsRGVzdHJveVZNKCkKICAgICAgICAg ICAgIC8vIHRvIGFjcXVpcmUgdGhlc2UgbG9ja3MgaW4gdGhlIG9wcG9zaXRlIG9yZGVyLgogICAg ICAgICAgICAgYXV0byBsb2NrZXIgPSBob2xkTG9jayhtX2xvY2spOwogICAgICAgICAgICAgc2Vu ZGVyID0gbV9zaWduYWxTZW5kZXJzLnRha2VBbnkoKTsKKyAgICAgICAgICAgIGlmICghc2VuZGVy KQorICAgICAgICAgICAgICAgIGJyZWFrOwogICAgICAgICB9CiAgICAgICAgIHNlbmRlci0+d2ls bERlc3Ryb3lWTSgpOwogICAgIH0KKyAgICBBU1NFUlQobV9zaWduYWxTZW5kZXJzLmlzRW1wdHko KSk7CiAjZW5kaWYKIH0KIApAQCAtNDc2LDYgKzQ4MSw3IEBAIHZvaWQgVk1UcmFwczo6ZmlyZVRy YXAoVk1UcmFwczo6RXZlbnRUeXAKICAgICBBU1NFUlQoIXZtKCkuY3VycmVudFRocmVhZElzSG9s ZGluZ0FQSUxvY2soKSk7CiAgICAgewogICAgICAgICBhdXRvIGxvY2tlciA9IGhvbGRMb2NrKG1f bG9jayk7CisgICAgICAgIEFTU0VSVCghbV9pc1NodXR0aW5nRG93bik7CiAgICAgICAgIHNldFRy YXBGb3JFdmVudChsb2NrZXIsIGV2ZW50VHlwZSk7CiAgICAgICAgIG1fbmVlZFRvSW52YWxpZGF0 ZWRDb2RlQmxvY2tzID0gdHJ1ZTsKICAgICB9CkluZGV4OiBTb3VyY2UvSmF2YVNjcmlwdENvcmUv cnVudGltZS9WTVRyYXBzLmgKPT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PQotLS0gU291cmNlL0phdmFTY3JpcHRDb3JlL3J1 bnRpbWUvVk1UcmFwcy5oCShyZXZpc2lvbiAyMTM5MjcpCisrKyBTb3VyY2UvSmF2YVNjcmlwdENv cmUvcnVudGltZS9WTVRyYXBzLmgJKHdvcmtpbmcgY29weSkKQEAgLTE2Nyw2ICsxNjcsNyBAQCBw cml2YXRlOgogICAgICAgICBCaXRGaWVsZCBtX3RyYXBzQml0RmllbGQ7CiAgICAgfTsKICAgICBi b29sIG1fbmVlZFRvSW52YWxpZGF0ZWRDb2RlQmxvY2tzIHsgZmFsc2UgfTsKKyAgICBib29sIG1f aXNTaHV0dGluZ0Rvd24geyBmYWxzZSB9OwogCiAjaWYgRU5BQkxFKFNJR05BTF9CQVNFRF9WTV9U UkFQUykKICAgICBIYXNoU2V0PFJlZlB0cjxTaWduYWxTZW5kZXI+PiBtX3NpZ25hbFNlbmRlcnM7 Cg==