Bug 218626

Summary: Fix crashes around NetworkStorageSession::registerCookieChangeListenersIfNecessary
Product: WebKit Reporter: Alex Christensen <achristensen>
Component: New BugsAssignee: Alex Christensen <achristensen>
Status: RESOLVED FIXED    
Severity: Normal CC: cdumez, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   
Attachments:
Description Flags
Patch
none
patch none

Alex Christensen
Reported 2020-11-05 11:02:19 PST
Fix crashes around NetworkStorageSession::registerCookieChangeListenersIfNecessary
Attachments
Patch (5.27 KB, patch)
2020-11-05 11:05 PST, Alex Christensen 		no flags
DetailsFormatted DiffDiff
patch (4.23 KB, patch)
2020-11-05 17:41 PST, Alex Christensen 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Alex Christensen
Comment 1 2020-11-05 11:05:01 PST
Created attachment 413326 [details] Patch
Chris Dumez
Comment 2 2020-11-05 11:29:42 PST
Comment on attachment 413326 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=413326&action=review > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:671 > + [nsCookieStorage() _setCookiesChangedHandler:^(NSArray<NSHTTPCookie *> *, NSString *) { } onQueue:dispatch_get_main_queue()]; Why these changes? > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:674 > + [nsCookieStorage() _setSubscribedDomainsForCookieChanges:[NSSet set]]; ditto.
Alex Christensen
Comment 3 2020-11-05 14:41:24 PST
(In reply to Chris Dumez from comment #2) > Comment on attachment 413326 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=413326&action=review > > > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:671 > > + [nsCookieStorage() _setCookiesChangedHandler:^(NSArray<NSHTTPCookie *> *, NSString *) { } onQueue:dispatch_get_main_queue()]; > > Why these changes? CFNetwork calls the block without checking if it is nil. This will cause it to call a block that does nothing instead of dereferencing null and crashing. > > > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:674 > > + [nsCookieStorage() _setSubscribedDomainsForCookieChanges:[NSSet set]]; > > ditto. This one is probably not necessary, but I thought it wouldn't hurt to go along with the non-null theme of the other changes.
Chris Dumez
Comment 4 2020-11-05 16:35:46 PST
Jiten tells me this is very related to rdar://64024242. Do we still need a WebKit change or is that fix at rdar://64024242 sufficient?
Alex Christensen
Comment 5 2020-11-05 17:38:05 PST
Comment on attachment 413326 [details] Patch He definitely fixed at least part of the problem, but the weakThis check might still be necessary. There's no reason to not take this change to be as safe as possible.
Alex Christensen
Comment 6 2020-11-05 17:41:51 PST
Created attachment 413380 [details] patch
EWS
Comment 7 2020-11-06 08:01:36 PST
Committed r269512: <https://trac.webkit.org/changeset/269512> All reviewed patches have been landed. Closing bug and clearing flags on attachment 413380 [details].
Radar WebKit Bug Importer
Comment 8 2020-11-06 08:02:36 PST
<rdar://problem/71119360>
Note You need to log in before you can comment on or make changes to this bug.