Bug 200897

Summary:

NetworkDataTask is being ref'd / deref'd from several threads and is not ThreadSafeRefCounted

Product:

WebKit

Reporter:

Chris Dumez <cdumez>

Component:

WebKit2

Assignee:

Chris Dumez <cdumez>

Status:

RESOLVED FIXED

Severity:

Normal

CC:

achristensen, commit-queue, ggaren, rniwa, thorton, webkit-bug-importer, youennf

Priority:

Keywords:

InRadar

Version:

WebKit Nightly Build

Hardware:

Unspecified

OS:

Unspecified

Bug Depends on:

Bug Blocks:

198318

Attachments:

Description	Flags
Patch	none

Chris Dumez

Reported 2019-08-19 13:57:41 PDT

NetworkDataTask is being ref'd / deref'd from several threads and is not ThreadSafeRefCounted. See the makeRef() calls below: void NetworkDataTaskCocoa::resume() { if (m_scheduledFailureType != NoFailure) m_failureTimer.startOneShot(0_s); auto& cocoaSession = static_cast<NetworkSessionCocoa&>(*m_session); if (cocoaSession.deviceManagementRestrictionsEnabled() && m_isForMainResourceNavigationForAnyFrame) { auto didDetermineDeviceRestrictionPolicyForURL = makeBlockPtr([this, protectedThis = makeRef(*this)](BOOL isBlocked) { callOnMainThread([this, protectedThis = makeRef(*this), isBlocked] { if (isBlocked) { scheduleFailure(RestrictedURLFailure); return; } [m_task resume]; }); });

Attachments
Patch (3.32 KB, patch) 2019-08-19 15:17 PDT, Chris Dumez	no flags	Details Formatted Diff Diff
View All Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2019-08-19 14:41:00 PDT

cc'ing Tim as he added this code. I am still confirming if this can really get called on a background thread or if the callOnMainThread() call is merely to make things asynchronous.

Chris Dumez

Comment 2 2019-08-19 15:14:01 PDT

(In reply to Chris Dumez from comment #1) > cc'ing Tim as he added this code. I am still confirming if this can really > get called on a background thread or if the callOnMainThread() call is > merely to make things asynchronous. Ouch, definitely not called on the main thread. There is indeed a bug here.

Chris Dumez

Comment 3 2019-08-19 15:17:56 PDT

Created attachment 376712 [details] Patch

Geoffrey Garen

Comment 4 2019-08-19 15:23:02 PDT

Comment on attachment 376712 [details] Patch r=me

WebKit Commit Bot

Comment 5 2019-08-19 15:50:47 PDT

Comment on attachment 376712 [details] Patch Clearing flags on attachment: 376712 Committed r248874: <https://trac.webkit.org/changeset/248874>

WebKit Commit Bot

Comment 6 2019-08-19 15:50:50 PDT

All reviewed patches have been landed. Closing bug.

Radar WebKit Bug Importer

Comment 7 2019-08-19 15:51:19 PDT

<rdar://problem/54487810>

Note You need to log in before you can comment on or make changes to this bug.