Bug 214050

Summary: Network process crashes in WebKit::StorageManagerSet::deleteSessionStorageForOrigins
Product: WebKit Reporter: Sihui Liu <sihui_liu>
Component: New BugsAssignee: Sihui Liu <sihui_liu>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, webkit-bug-importer, wilander
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch none

Description Sihui Liu 2020-07-07 10:49:06 PDT 
...
Comment 1 Sihui Liu 2020-07-07 10:49:55 PDT Comment hidden (obsolete)
Comment 2 Sihui Liu 2020-07-07 10:52:44 PDT 
Created attachment 403706 [details]
Patch
Comment 3 John Wilander 2020-07-07 10:57:46 PDT 
Comment on attachment 403706 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=403706&action=review

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1929
> +                    return;

I don't think early return is correct here. The fact that the storage manager set doesn't contain the session ID doesn't mean there aren't other means of storage to delete. The function is for deleting all existing and future website data types.

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1939
> +                    return;

Ditto.
Comment 4 Sihui Liu 2020-07-07 11:13:17 PDT 
Comment on attachment 403706 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=403706&action=review

>> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1929
>> +                    return;
> 
> I don't think early return is correct here. The fact that the storage manager set doesn't contain the session ID doesn't mean there aren't other means of storage to delete. The function is for deleting all existing and future website data types.

This early return is in the callback function of getSessionStorageOrigins, so this change only affects deletion of session storage..  DiskCache below does the same thing..
Comment 5 Chris Dumez 2020-07-07 11:46:51 PDT 
Comment on attachment 403706 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=403706&action=review

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1932
>                  m_storageManagerSet->deleteSessionStorageForOrigins(sessionID, originsToDelete, [callbackAggregator] { });

Why are we not doing the sessionID check inside deleteSessionStorageForOrigins() ?

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1942
>                  m_storageManagerSet->deleteLocalStorageForOrigins(sessionID, originsToDelete, [callbackAggregator] { });

ditto.
Comment 6 Sihui Liu 2020-07-07 12:09:46 PDT 
Comment on attachment 403706 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=403706&action=review

>> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1932
>>                  m_storageManagerSet->deleteSessionStorageForOrigins(sessionID, originsToDelete, [callbackAggregator] { });
> 
> Why are we not doing the sessionID check inside deleteSessionStorageForOrigins() ?

Currently all functions in StorageManagerSet asserts session exists when they are called, so it looks more consistent to not change there... And in NetworkProcess, we normally get/delete websitedata only when session exists.
Comment 7 Chris Dumez 2020-07-07 12:16:56 PDT 
Comment on attachment 403706 [details]
Patch

Ok
Comment 8 EWS 2020-07-07 12:45:59 PDT 
Committed r264036: <https://trac.webkit.org/changeset/264036>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 403706 [details].
Comment 9 Sihui Liu 2020-07-07 13:13:35 PDT 
<rdar://problem/64750825>