Bug 156947

Summary: Networking process crash due to missing -[WebCoreAuthenticationClientAsChallengeSender performDefaultHandlingForAuthenticationChallenge:] implementation
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: Page LoadingAssignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, ap, beidson, commit-queue, dbates, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
See Also: https://bugs.webkit.org/show_bug.cgi?id=160234
https://bugs.webkit.org/show_bug.cgi?id=160235
Attachments:
Description Flags
Patch v1
none
Patch v2
none
Patch none

David Kilzer (:ddkilzer)
Reported 2016-04-22 21:57:21 PDT
com.apple.WebKit.Networking crashes at -[WebCoreAuthenticationClientAsChallengeSender performDefaultHandlingForAuthenticationChallenge:] due to an unrecognized selector sent to instance: Crashed Thread: 0 Dispatch queue: com.apple.main-thread Exception Type: EXC_CRASH (SIGABRT) Exception Codes: 0x0000000000000000, 0x0000000000000000 Exception Note: EXC_CORPSE_NOTIFY Application Specific Information: *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[WebCoreAuthenticationClientAsChallengeSender performDefaultHandlingForAuthenticationChallenge:]: unrecognized selector sent to instance 0x7fbe4ba2c100' abort() called terminating with uncaught exception of type NSException Application Specific Backtrace 1: 0 CoreFoundation 0x00007fff81124e32 __exceptionPreprocess + 178 1 libobjc.A.dylib 0x00007fff8a34f4fa objc_exception_throw + 48 2 CoreFoundation 0x00007fff8118e34d -[NSObject(NSObject) doesNotRecognizeSelector:] + 205 3 CoreFoundation 0x00007fff81095472 ___forwarding___ + 514 4 CoreFoundation 0x00007fff810951e8 _CF_forwarding_prep_0 + 120 5 WebKit 0x00007fff8bf08490 _ZN6WebKit21AuthenticationManager40performDefaultHandlingForSingleChallengeEy + 104 6 WebKit 0x00007fff8bf083d9 _ZN6WebKit21AuthenticationManager22performDefaultHandlingEy + 73 7 WebKit 0x00007fff8bf098ca _ZN6WebKit21AuthenticationManager17didReceiveMessageERN3IPC10ConnectionERNS1_14MessageDecoderE + 196 8 WebKit 0x00007fff8bf44b61 _ZN3IPC18MessageReceiverMap15dispatchMessageERNS_10ConnectionERNS_14MessageDecoderE + 113 9 WebKit 0x00007fff8bf69216 _ZN6WebKit14NetworkProcess17didReceiveMessageERN3IPC10ConnectionERNS1_14MessageDecoderE + 28 10 WebKit 0x00007fff8bf0c602 _ZN3IPC10Connection15dispatchMessageENSt3__110unique_ptrINS_14MessageDecoderENS1_14default_deleteIS3_EEEE + 102 11 WebKit 0x00007fff8bf0eb2e _ZN3IPC10Connection18dispatchOneMessageEv + 114 12 JavaScriptCore 0x00007fff92100d85 _ZN3WTF7RunLoop11performWorkEv + 437 13 JavaScriptCore 0x00007fff92101462 _ZN3WTF7RunLoop11performWorkEPv + 34 14 CoreFoundation 0x00007fff810ba8b1 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 15 CoreFoundation 0x00007fff8109a0ac __CFRunLoopDoSources0 + 556 16 CoreFoundation 0x00007fff810995cf __CFRunLoopRun + 927 17 CoreFoundation 0x00007fff81098fc8 CFRunLoopRunSpecific + 296 18 Foundation 0x00007fff86bcdf59 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 270 19 Foundation 0x00007fff86bcde38 -[NSRunLoop(NSRunLoop) run] + 74 20 libxpc.dylib 0x00007fff8412a4c8 _xpc_objc_main + 751 21 libxpc.dylib 0x00007fff84128f1e xpc_main + 494 22 com.apple.WebKit.Networking 0x10df6db4a main + 16 (Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.mm:89) 23 libdyld.dylib 0x00007fff94b305ad start + 1 Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 libsystem_kernel.dylib 0x00007fff884c60ae __pthread_kill + 10 1 libsystem_pthread.dylib 0x00007fff90a9a500 pthread_kill + 90 2 libsystem_c.dylib 0x00007fff8723137b abort + 129 3 libc++abi.dylib 0x00007fff900baf81 abort_message + 257 4 libc++abi.dylib 0x00007fff900e0a47 default_terminate_handler() + 267 5 libobjc.A.dylib 0x00007fff8a35115e _objc_terminate() + 103 6 libc++abi.dylib 0x00007fff900de19e std::__terminate(void (*)()) + 8 7 libc++abi.dylib 0x00007fff900dde27 __cxa_rethrow + 99 8 libobjc.A.dylib 0x00007fff8a34f998 objc_exception_rethrow + 40 9 com.apple.CoreFoundation 0x00007fff8109905b CFRunLoopRunSpecific + 443 10 com.apple.Foundation 0x00007fff86bcdf59 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 270 11 com.apple.Foundation 0x00007fff86bcde38 -[NSRunLoop(NSRunLoop) run] + 74 12 libxpc.dylib 0x00007fff8412a4c8 _xpc_objc_main + 751 13 libxpc.dylib 0x00007fff84128f1e xpc_main + 494 14 com.apple.WebKit.Networking 0x10df6db4a main + 16 (Shared/EntryPointUtilities/mac/XPCService/XPCServiceMain.mm:89) 15 libdyld.dylib 0x00007fff94b305ad start + 1
Attachments
Patch v1 (21.21 KB, patch)
2016-04-22 22:18 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
Patch v2 (21.95 KB, patch)
2016-04-23 03:30 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
Patch (19.13 KB, patch)
2016-07-26 14:58 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
David Kilzer (:ddkilzer)
Comment 1 2016-04-22 21:58:17 PDT
<rdar://problem/23325160>
David Kilzer (:ddkilzer)
Comment 2 2016-04-22 22:18:58 PDT
Created attachment 277136 [details] Patch v1
WebKit Commit Bot
Comment 3 2016-04-22 22:19:53 PDT
Attachment 277136 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:9: You should remove the 'No new tests' and either add and list tests, or explain why no new tests were possible. [changelog/nonewtests] [5] Total errors found: 1 in 13 files If any of these errors are false positives, please file a bug against check-webkit-style.
David Kilzer (:ddkilzer)
Comment 4 2016-04-22 22:20:30 PDT
(In reply to comment #2) > Created attachment 277136 [details] > Patch v1 Looking for feedback on the approach for the patch, as well as suggestions for how to write a test. (Does this path require SSL certificate authentication? Do changes to Tools projects look like they're reasonable?)
Alexey Proskuryakov
Comment 5 2016-04-22 23:02:38 PDT
Comment on attachment 277136 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=277136&action=review > Does this path require SSL certificate authentication? Unsure. Maybe sending -performDefaultHandlingForAuthenticationChallenge: for a password challenge would result in returning the original 401 response. > Source/WebCore/ChangeLog:24 > + - Add -respondsToSelector: checks since > + -performDefaultHandlingForAuthenticationChallenge: and > + -rejectProtectionSpaceAndContinueWithChallenge: are optional > + by API contract. I'm not sure how this can work. If we don't send the message, then the sender will never know about the decision, and the connection will leak, won't it? > Source/WebCore/platform/network/mac/ResourceHandleMac.mm:571 > - [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()]; > + if ([challenge.sender() respondsToSelector:@selector(performDefaultHandlingForAuthenticationChallenge:)]) > + [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()]; Is the sender here always CFNetwork? It would seem surprising if it's free to decide which methods of the protocol to implement. > Tools/DumpRenderTree/mac/ResourceLoadDelegate.mm:206 > + if (gTestRunner->performsDefaultHandlingForAuthenticationChallenge()) { This is starting to look like we should let tests implement authentication callbacks in JS, instead of controlling client behavior with a set of confusing interdependent booleans.
David Kilzer (:ddkilzer)
Comment 6 2016-04-23 03:30:27 PDT
Created attachment 277147 [details] Patch v2
WebKit Commit Bot
Comment 7 2016-04-23 03:31:41 PDT
Attachment 277147 [details] did not pass style-queue: ERROR: Source/WebCore/ChangeLog:9: You should remove the 'No new tests' and either add and list tests, or explain why no new tests were possible. [changelog/nonewtests] [5] Total errors found: 1 in 14 files If any of these errors are false positives, please file a bug against check-webkit-style.
David Kilzer (:ddkilzer)
Comment 8 2016-04-23 03:46:53 PDT
Comment on attachment 277136 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=277136&action=review >> Source/WebCore/ChangeLog:24 >> + by API contract. > > I'm not sure how this can work. If we don't send the message, then the sender will never know about the decision, and the connection will leak, won't it? The API contract clearly states these methods are optional: <https://developer.apple.com/library/mac/documentation/Cocoa/Reference/Foundation/Protocols/NSURLAuthenticationChallengeSender_Protocol/#//apple_ref/doc/uid/20001706-SW2> >> Source/WebCore/platform/network/mac/ResourceHandleMac.mm:571 >> + [challenge.sender() performDefaultHandlingForAuthenticationChallenge:challenge.nsURLAuthenticationChallenge()]; > > Is the sender here always CFNetwork? It would seem surprising if it's free to decide which methods of the protocol to implement. I'm not sure who the sender is, but why is that relevant. The API contract is very clear that these methods are optional, so why wouldn't we check here?
Alexey Proskuryakov
Comment 9 2016-04-23 08:37:58 PDT
> I'm not sure who the sender is, but why is that relevant. The API contract is very clear that these methods are optional, so why wouldn't we check here? That's not the API contract, that's something that unrelated code using this protocol may choose to do. What matters to us is what CFNetwork does, not what unrelated theoretical class in user code is allowed to do.
Alexey Proskuryakov
Comment 10 2016-04-23 08:51:30 PDT
To put it another way, if CFNetwork ever provides a sender that doesn't implement these methods, we should probably fall back to another method, not just drop the challenge on the floor. My uninformed guess is that CFNetwork always implements these, and we are actually dealing with a use after free.
David Kilzer (:ddkilzer)
Comment 11 2016-06-07 12:28:31 PDT
(In reply to comment #10) > To put it another way, if CFNetwork ever provides a sender that doesn't > implement these methods, we should probably fall back to another method, not > just drop the challenge on the floor. > > My uninformed guess is that CFNetwork always implements these, and we are > actually dealing with a use after free. Moving to RESOLVED/INVALID.
Alex Christensen
Comment 12 2016-07-25 16:49:08 PDT
I think we should at least land the respondsToSelector checks.
Alexey Proskuryakov
Comment 13 2016-07-25 17:43:45 PDT
Is there any evidence that these checks are appropriate? I wouldn't want to confuse the code with unnecessary checks when we expect that there is some other kind of bug in it.
David Kilzer (:ddkilzer)
Comment 14 2016-07-25 22:11:02 PDT
(In reply to comment #13) > Is there any evidence that these checks are appropriate? I wouldn't want to > confuse the code with unnecessary checks when we expect that there is some > other kind of bug in it. Yes. The methods are marked as optional in the NSProtocol, so they should be checked to see if they exist before calling them on an object. Why would it ever be correct to assume that optional methods are always implemented?
Alexey Proskuryakov
Comment 15 2016-07-26 09:33:25 PDT
The methods are optional in protocol, which means that some other code using the protocol is not required to implement them. That is not evidence towards what CFNetwork is required/documented/expected to do.
Alex Christensen
Comment 16 2016-07-26 14:58:31 PDT
Reopening to attach new patch.
Alex Christensen
Comment 17 2016-07-26 14:58:33 PDT
Created attachment 284636 [details] Patch
WebKit Commit Bot
Comment 18 2016-07-26 15:32:37 PDT
Comment on attachment 284636 [details] Patch Clearing flags on attachment: 284636 Committed r203743: <http://trac.webkit.org/changeset/203743>
WebKit Commit Bot
Comment 19 2016-07-26 15:32:42 PDT
All reviewed patches have been landed. Closing bug.
Alex Christensen
Comment 20 2016-07-26 15:36:30 PDT
Landed without respondsToSelector checks. Having missing methods in WebCoreAuthenticationClientAsChallengeSender is demonstrably wrong, so we added them with a test.
Alex Christensen
Comment 21 2016-07-26 16:42:07 PDT
Minor test fix in https://trac.webkit.org/changeset/203755
Alexey Proskuryakov
Comment 22 2016-07-27 16:00:27 PDT
I assume that the INVALID state was accidental, moving to FIXED.
Note You need to log in before you can comment on or make changes to this bug.