Bug 182861

Summary:

Use ResourceLoader to load appcache manifest

Product:

WebKit

Reporter:

youenn fablet <youennf>

Component:

WebCore Misc.

Assignee:

youenn fablet <youennf>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, bfulgham, cdumez, commit-queue, dbates, ews-watchlist, japhet, rniwa, ryanhaddad, webkit-bug-importer

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

178540

Attachments:

Description	Flags
Patch	none
Patch	none
Patch	none
Archive of layout-test-results from ews101 for mac-sierra	none
Archive of layout-test-results from ews115 for mac-sierra	none
Patch	none
Patch	none
Patch	none
Changes to fix guard malloc crashes	none
Fixing guard malloc crashes	none
Patch for landing	none

youenn fablet

Reported 2018-02-15 21:58:38 PST

Use ResourceLoader to load apache manifest

Attachments
Patch (34.11 KB, patch) 2018-02-15 22:13 PST, youenn fablet	no flags	Details Formatted Diff Diff
Patch (34.40 KB, patch) 2018-02-15 22:30 PST, youenn fablet	no flags	Details Formatted Diff Diff
Patch (34.41 KB, patch) 2018-02-15 22:33 PST, youenn fablet	no flags	Details Formatted Diff Diff
Archive of layout-test-results from ews101 for mac-sierra (2.48 MB, application/zip) 2018-02-15 23:33 PST, EWS Watchlist	no flags	Details
Archive of layout-test-results from ews115 for mac-sierra (3.04 MB, application/zip) 2018-02-16 00:07 PST, EWS Watchlist	no flags	Details
Patch (34.54 KB, patch) 2018-02-16 08:36 PST, youenn fablet	no flags	Details Formatted Diff Diff
Patch (34.84 KB, patch) 2018-02-16 10:58 PST, youenn fablet	no flags	Details Formatted Diff Diff
Patch (34.85 KB, patch) 2018-02-16 11:05 PST, youenn fablet	no flags	Details Formatted Diff Diff
Changes to fix guard malloc crashes (2.55 KB, text/plain) 2018-02-21 09:30 PST, youenn fablet	no flags	Details
Fixing guard malloc crashes (35.05 KB, patch) 2018-02-21 09:31 PST, youenn fablet	no flags	Details Formatted Diff Diff
Patch for landing (35.05 KB, patch) 2018-02-21 11:44 PST, youenn fablet	no flags	Details Formatted Diff Diff
Show Obsolete (9) View All Add attachment proposed patch, testcase, etc.

youenn fablet

Comment 1 2018-02-15 22:13:56 PST

Created attachment 334001 [details] Patch

youenn fablet

Comment 2 2018-02-15 22:30:26 PST

Created attachment 334003 [details] Patch

youenn fablet

Comment 3 2018-02-15 22:33:53 PST

Created attachment 334005 [details] Patch

EWS Watchlist

Comment 4 2018-02-15 23:33:39 PST

Comment on attachment 334005 [details] Patch Attachment 334005 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/6530809 New failing tests: http/tests/appcache/auth.html

EWS Watchlist

Comment 5 2018-02-15 23:33:41 PST

Created attachment 334012 [details] Archive of layout-test-results from ews101 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-sierra Platform: Mac OS X 10.12.6

EWS Watchlist

Comment 6 2018-02-16 00:07:05 PST

Comment on attachment 334005 [details] Patch Attachment 334005 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/6530807 New failing tests: http/tests/appcache/auth.html

EWS Watchlist

Comment 7 2018-02-16 00:07:06 PST

Created attachment 334014 [details] Archive of layout-test-results from ews115 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-sierra Platform: Mac OS X 10.12.6

youenn fablet

Comment 8 2018-02-16 08:36:07 PST

Created attachment 334044 [details] Patch

Alex Christensen

Comment 9 2018-02-16 09:50:04 PST

Comment on attachment 334044 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=334044&action=review This is exciting! Do you want it reviewed? > Source/WebCore/loader/appcache/ApplicationCacheResourceLoader.cpp:14 > + * * Neither the name of Google Inc. nor the names of its This copyright should be the two-clause copyright used in new files now. > LayoutTests/http/tests/appcache/manifest-redirect-2-expected.txt:2 > +CONSOLE MESSAGE: Application Cache manifest could not be fetched, because a redirection was attempted. Is not supporting redirection in the manifest a new thing, or is this just a new message?

youenn fablet

Comment 10 2018-02-16 10:51:53 PST

(In reply to Alex Christensen from comment #9) > Comment on attachment 334044 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=334044&action=review > > This is exciting! Do you want it reviewed? > > > Source/WebCore/loader/appcache/ApplicationCacheResourceLoader.cpp:14 > > + * * Neither the name of Google Inc. nor the names of its > > This copyright should be the two-clause copyright used in new files now. Will fix. > > LayoutTests/http/tests/appcache/manifest-redirect-2-expected.txt:2 > > +CONSOLE MESSAGE: Application Cache manifest could not be fetched, because a redirection was attempted. > > Is not supporting redirection in the manifest a new thing, or is this just a > new message? It is part of preexisting code checks, in ApplicationCacheGroup::didReceiveManifestResponse (removed in this patch).

youenn fablet

Comment 11 2018-02-16 10:58:34 PST

Created attachment 334053 [details] Patch

youenn fablet

Comment 12 2018-02-16 11:05:09 PST

Created attachment 334054 [details] Patch

WebKit Commit Bot

Comment 13 2018-02-16 13:31:46 PST

Comment on attachment 334054 [details] Patch Clearing flags on attachment: 334054 Committed r228575: <https://trac.webkit.org/changeset/228575>

WebKit Commit Bot

Comment 14 2018-02-16 13:31:48 PST

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 15 2018-02-16 13:33:32 PST

<rdar://problem/37616550>

Ryan Haddad

Comment 16 2018-02-16 17:43:37 PST

Reverted r228575 for reason: Introduced LayoutTest crashes under GuardMalloc. Committed r228591: <https://trac.webkit.org/changeset/228591>

Alex Christensen

Comment 17 2018-02-19 10:24:43 PST

Comment on attachment 334054 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=334054&action=review > Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp:448 > + m_loader = ApplicationCacheResourceLoader::create(documentLoader.cachedResourceLoader(), WTFMove(request), [this] (auto&& resourceOrError) { I'll bet you need to protect something here to make it not UAF.

youenn fablet

Comment 18 2018-02-21 09:19:38 PST

(In reply to Alex Christensen from comment #17) > Comment on attachment 334054 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=334054&action=review > > > Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp:448 > > + m_loader = ApplicationCacheResourceLoader::create(documentLoader.cachedResourceLoader(), WTFMove(request), [this] (auto&& resourceOrError) { > > I'll bet you need to protect something here to make it not UAF. I am not sure. In ApplicationCacheGroup destructor, we are stopping the loads, triggering the callback with an abort error.

Chris Dumez

Comment 19 2018-02-21 09:23:21 PST

Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010f1db231 WebCore::ApplicationCacheResourceLoader::cancel(WebCore::ApplicationCacheResourceLoader::Error) + 145 1 com.apple.WebCore 0x000000010e2887b4 WebCore::CachedRawResource::responseReceived(WebCore::ResourceResponse const&) + 308 2 com.apple.WebCore 0x000000010e28825a WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 1130 3 com.apple.WebCore 0x000000010f1ca7a9 WebCore::ResourceLoader::didReceiveResponseAsync(WebCore::ResourceHandle*, WebCore::ResourceResponse&&, WTF::CompletionHandler<void ()>&&) + 57 4 com.apple.WebCore 0x000000010f40e91a WebCore::ResourceHandle::didReceiveResponse(WebCore::ResourceResponse&&, WTF::CompletionHandler<void ()>&&) + 346 5 com.apple.WebCore 0x000000010e8340f1 WTF::Function<void ()>::CallableWrapper<-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]::$_4>::call() + 449 6 com.apple.JavaScriptCore 0x000000010ae2dd00 WTF::dispatchFunctionsFromMainThread() + 176 7 com.apple.Foundation 0x00007fff31ed7e75 __NSThreadPerformPerform + 334 8 com.apple.CoreFoundation 0x00007fff2fcf5611 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 9 com.apple.CoreFoundation 0x00007fff2fdacecc __CFRunLoopDoSource0 + 108 10 com.apple.CoreFoundation 0x00007fff2fcd86a0 __CFRunLoopDoSources0 + 208 11 com.apple.CoreFoundation 0x00007fff2fcd7b1d __CFRunLoopRun + 1293 12 com.apple.CoreFoundation 0x00007fff2fcd7377 CFRunLoopRunSpecific + 487 13 DumpRenderTree 0x000000010ac541b2 0x10ac41000 + 78258 14 DumpRenderTree 0x000000010ac53508 0x10ac41000 + 75016 15 DumpRenderTree 0x000000010ac54c8c 0x10ac41000 + 81036 16 libdyld.dylib 0x00007fff58581015 start + 1

youenn fablet

Comment 20 2018-02-21 09:25:03 PST

Ok, so I probably need to protect 'this' in cancel. And there is apparently no guarantee that an ApplicationCacheGroup stays alive after didFailLoadingManifest/didFinishLoadingManifest, making the assertions I added bad.

Chris Dumez

Comment 21 2018-02-21 09:26:38 PST

(In reply to youenn fablet from comment #20) > Ok, so I probably need to protect 'this' in cancel. > And there is apparently no guarantee that an ApplicationCacheGroup stays > alive after didFailLoadingManifest/didFinishLoadingManifest, making the > assertions I added bad. You can validate by running tests in the http/tests/appcache folder with -g.

youenn fablet

Comment 22 2018-02-21 09:30:06 PST

Created attachment 334387 [details] Changes to fix guard malloc crashes

youenn fablet

Comment 23 2018-02-21 09:31:50 PST

Created attachment 334388 [details] Fixing guard malloc crashes

WebKit Commit Bot

Comment 24 2018-02-21 11:38:08 PST

Comment on attachment 334388 [details] Fixing guard malloc crashes Rejecting attachment 334388 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-02', 'validate-changelog', '--check-oops', '--non-interactive', 334388, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit ChangeLog entry in LayoutTests/ChangeLog contains OOPS!. Full output: http://webkit-queues.webkit.org/results/6611674

youenn fablet

Comment 25 2018-02-21 11:44:07 PST

Created attachment 334397 [details] Patch for landing

WebKit Commit Bot

Comment 26 2018-02-21 12:22:04 PST

Comment on attachment 334397 [details] Patch for landing Clearing flags on attachment: 334397 Committed r228892: <https://trac.webkit.org/changeset/228892>

WebKit Commit Bot

Comment 27 2018-02-21 12:22:06 PST

All reviewed patches have been landed. Closing bug.

Note You need to log in before you can comment on or make changes to this bug.