Bug 155401

Summary:

WebKit can easily crash below NetworkSession::dataTaskForIdentifier() with NSURLSession enabled

Product:

WebKit

Reporter:

Sam Weinig <sam>

Component:

New Bugs

Assignee:

Sam Weinig <sam>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

berto, cgarcia, commit-queue, danw, gustavo, mcatanzaro, mrobinson

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	achristensen: review+

Sam Weinig

Reported 2016-03-12 17:41:23 PST

WebKit can easily crash below NetworkSession::dataTaskForIdentifier() with NSURLSession enabled

Attachments
Patch (47.27 KB, patch) 2016-03-12 17:58 PST, Sam Weinig	no flags	Details Formatted Diff Diff
Patch (48.81 KB, patch) 2016-03-12 18:01 PST, Sam Weinig	no flags	Details Formatted Diff Diff
Patch (48.81 KB, patch) 2016-03-12 18:09 PST, Sam Weinig	achristensen: review+	Details Formatted Diff Diff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.

Sam Weinig

Comment 1 2016-03-12 17:41:54 PST

<rdar://problem/25129946>

Sam Weinig

Comment 2 2016-03-12 17:58:11 PST

Created attachment 273861 [details] Patch

Sam Weinig

Comment 3 2016-03-12 18:01:30 PST

Created attachment 273862 [details] Patch

Sam Weinig

Comment 4 2016-03-12 18:09:31 PST

Created attachment 273863 [details] Patch

Alex Christensen

Comment 5 2016-03-12 18:37:34 PST

Comment on attachment 273863 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=273863&action=review This is subtle, but a correct improvement to the NetworkSession lifetime. r=me > Source/WebKit2/ChangeLog:14 > + - Made NetworkSession RefCounted. https://imgflip.com/i/10qt2g > Source/WebKit2/ChangeLog:23 > + Please mention in the changelog that you also changed the SessionTracker to track a NetworkSession which contains a NetworkStorageSession if using NETWORK_SESSION or just a NetworkStorageSession otherwise so that the NetworkSession/NetworkStorageSession management is done automatically. This is an improvement. > Source/WebKit2/NetworkProcess/NetworkDataTask.h:145 > + RefPtr<NetworkSession> m_session; Why not Ref<NetworkSession> ? > Source/WebKit2/NetworkProcess/NetworkLoad.cpp:-61 > - ASSERT_NOT_REACHED(); We may as well keep the ASSERT_NOT_REACHED after the WTFLogAlways. If this ever happens, we want people to not be able to miss it, especially if they're using a debug build. > Source/WebKit2/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:-322 > - } else > - ASSERT_NOT_REACHED(); Yep, this is a better design. Removing these assertions is great. > Source/WebKit2/NetworkProcess/cocoa/NetworkSessionCocoa.mm:336 > + if (!m_networkStorageSession) > + return WebCore::NetworkStorageSession::defaultStorageSession(); > + return *m_networkStorageSession; It would be nice to store the type from the constructor so we can assert m_type is Ephemeral if m_networkStorageSession and m_type is Normal if we are returning the defaultStorageSession. > Source/WebKit2/WebProcess/WebCoreSupport/mac/WebFrameNetworkingContext.mm:77 > + SessionTracker::forEachNetworkStorageSession([&] (const NetworkStorageSession& networkStorageSession) { This is nice, too. No more public map.

Sam Weinig

Comment 6 2016-03-13 13:11:46 PDT

Committed r198083: <http://trac.webkit.org/changeset/198083>

Note You need to log in before you can comment on or make changes to this bug.