Bug 197399

Summary: Protect against null crash in fetchDiskCacheEntries
Product: WebKit Reporter: Alex Christensen <achristensen>
Component: New BugsAssignee: Alex Christensen <achristensen>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, cgarcia, ews-watchlist, koivisto, rniwa, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
Patch
none
Patch none

Alex Christensen
Reported 2019-04-29 18:02:20 PDT
Protect against null crash in fetchDiskCacheEntries
Attachments
Patch (7.50 KB, patch)
2019-04-29 19:12 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (7.97 KB, patch)
2019-04-29 21:22 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Patch (1.51 KB, patch)
2019-05-01 14:11 PDT, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (2) View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2019-04-29 19:12:32 PDT
Created attachment 368530 [details] Patch
Alex Christensen
Comment 2 2019-04-29 19:12:35 PDT
<rdar://problem/47759337>
EWS Watchlist
Comment 3 2019-04-29 19:14:28 PDT
Attachment 368530 [details] did not pass style-queue: ERROR: Source/WebKit/NetworkProcess/NetworkProcess.cpp:1275: Missing space before ( in switch( [whitespace/parens] [5] Total errors found: 1 in 4 files If any of these errors are false positives, please file a bug against check-webkit-style.
Alex Christensen
Comment 4 2019-04-29 21:22:17 PDT
Created attachment 368537 [details] Patch
Antti Koivisto
Comment 5 2019-04-30 14:26:13 PDT
Comment on attachment 368537 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368537&action=review > Source/WebKit/NetworkProcess/NetworkProcess.cpp:1277 > + case NetworkCache::Cache::TraversalResult::DecodeError: > + ASSERT_NOT_REACHED(); This shouldn't assert. The design is to handle serialization format changes (and corruption for any reason) silently. > Source/WebKit/NetworkProcess/NetworkProcess.cpp:1461 > + ASSERT_NOT_REACHED(); Same here.
Antti Koivisto
Comment 6 2019-04-30 14:29:02 PDT
Comment on attachment 368537 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368537&action=review > Source/WebKit/NetworkProcess/cache/NetworkCache.h:124 > - void traverse(Function<void(const TraversalEntry*)>&&); > + enum class TraversalResult : bool { FinishedTraversing, DecodeError }; > + void traverse(Function<void(Expected<std::reference_wrapper<const TraversalEntry>, TraversalResult>&&)>&&); How about simply having a separate 'finished' bit ? All this seems bit too much.
Alex Christensen
Comment 7 2019-04-30 17:28:53 PDT
Comment on attachment 368537 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368537&action=review >> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1277 >> + ASSERT_NOT_REACHED(); > > This shouldn't assert. The design is to handle serialization format changes (and corruption for any reason) silently. Ok. >> Source/WebKit/NetworkProcess/cache/NetworkCache.h:124 >> + void traverse(Function<void(Expected<std::reference_wrapper<const TraversalEntry>, TraversalResult>&&)>&&); > > How about simply having a separate 'finished' bit ? All this seems bit too much. That would make it so the function signature expresses that there is a state where the TraversalEntry could be non null and finished could be true, which is not the case. This way expresses that we either have a valid TraversalEntry or one of two other states. I think this is better unless you feel strongly.
Antti Koivisto
Comment 8 2019-05-01 00:28:07 PDT
Comment on attachment 368537 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368537&action=review > Source/WebKit/NetworkProcess/cache/NetworkCache.cpp:484 > if (!entry) { > - traverseHandler(nullptr); > + traverseHandler(makeUnexpected(TraversalResult::DecodeError)); > return; > } Actually, can't we simply remove the traverseHandler() call here? There is nothing useful a client can do there.
Alex Christensen
Comment 9 2019-05-01 14:03:43 PDT
Comment on attachment 368537 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=368537&action=review >> Source/WebKit/NetworkProcess/cache/NetworkCache.cpp:484 >> } > > Actually, can't we simply remove the traverseHandler() call here? There is nothing useful a client can do there. Wow, that's so elegant. That makes this whole patch a 1 line change.
Alex Christensen
Comment 10 2019-05-01 14:11:04 PDT
Created attachment 368707 [details] Patch
Alex Christensen
Comment 11 2019-05-01 14:19:39 PDT
http://trac.webkit.org/r244850
Note You need to log in before you can comment on or make changes to this bug.