Bug 209710

Summary: REGRESSION (r250728): Use-after-move in NetworkProcess::addServiceWorkerSession()
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: Service WorkersAssignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: achristensen, darin, webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch v1 none

David Kilzer (:ddkilzer)
Reported 2020-03-28 18:23:28 PDT
Use-after-move in NetworkProcess::addServiceWorkerSession() of `serviceWorkerRegistrationDirectory` parameter: void NetworkProcess::addServiceWorkerSession(PAL::SessionID sessionID, bool processTerminationDelayEnabled, String&& serviceWorkerRegistrationDirectory, const SandboxExtension::Handle& handle) { ServiceWorkerInfo info { WTFMove(serviceWorkerRegistrationDirectory), processTerminationDelayEnabled }; auto addResult = m_serviceWorkerInfo.add(sessionID, WTFMove(info)); if (addResult.isNewEntry) { SandboxExtension::consumePermanently(handle); if (!serviceWorkerRegistrationDirectory.isEmpty()) postStorageTask(createCrossThreadTask(*this, &NetworkProcess::ensurePathExists, serviceWorkerRegistrationDirectory)); } } The postStorageTask() will never run because `serviceWorkerRegistrationDirectory.isEmpty()` is always true.
Attachments
Patch v1 (1.85 KB, patch)
2020-03-28 18:56 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2020-03-28 18:23:47 PDT
<rdar://problem/61017857>
David Kilzer (:ddkilzer)
Comment 2 2020-03-28 18:56:08 PDT
Created attachment 394849 [details] Patch v1
David Kilzer (:ddkilzer)
Comment 3 2020-03-28 19:00:07 PDT
This regressed in: Bug 202553: Move WKProcessPool._registerURLSchemeServiceWorkersCanHandle to _WKWebsiteDataStoreConfiguration <https://bugs.webkit.org/show_bug.cgi?id=202553> <rdar://problem/55985536> <http://trac.webkit.org/r250728>
EWS
Comment 4 2020-03-28 19:50:24 PDT
Committed r259167: <https://trac.webkit.org/changeset/259167> All reviewed patches have been landed. Closing bug and clearing flags on attachment 394849 [details].
Note You need to log in before you can comment on or make changes to this bug.