Bug 249060

Summary: Fix use-after-move in WebCore::SWClientConnection::postMessageToServiceWorkerClient()
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: Service WorkersAssignee: youenn fablet <youennf>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer, youennf
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

David Kilzer (:ddkilzer)
Reported 2022-12-09 18:22:15 PST
Fix use-after-move in WebCore::SWClientConnection::postMessageToServiceWorkerClient() from Source/WebCore/workers/service/SWClientConnection.cpp. The `message` variable is involved in a use-after-move when `wasDispatched` returns `false` in the method below. ``` void SWClientConnection::postMessageToServiceWorkerClient(ScriptExecutionContextIdentifier destinationContextIdentifier, MessageWithMessagePorts&& message, ServiceWorkerData&& sourceData, String&& sourceOrigin) { ASSERT(isMainThread()); if (auto* destinationDocument = Document::allDocumentsMap().get(destinationContextIdentifier)) { postMessageToContainer(*destinationDocument, WTFMove(message), WTFMove(sourceData), WTFMove(sourceOrigin)); return; } bool wasDispatched = ScriptExecutionContext::postTaskTo(destinationContextIdentifier, [message = WTFMove(message), sourceData = WTFMove(sourceData).isolatedCopy(), sourceOrigin = WTFMove(sourceOrigin).isolatedCopy()](auto& context) mutable { postMessageToContainer(context, WTFMove(message), WTFMove(sourceData), WTFMove(sourceOrigin)); }); if (wasDispatched) return; if (auto* sharedWorker = SharedWorkerThreadProxy::byIdentifier(destinationContextIdentifier)) { sharedWorker->thread().runLoop().postTask([message = WTFMove(message), sourceData = WTFMove(sourceData).isolatedCopy(), sourceOrigin = WTFMove(sourceOrigin).isolatedCopy()] (auto& context) mutable { postMessageToContainer(context, WTFMove(message), WTFMove(sourceData), WTFMove(sourceOrigin)); }); } } ```
Attachments
Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2022-12-09 18:22:47 PST
<rdar://problem/103202263>
youenn fablet
Comment 2 2022-12-12 01:24:08 PST
Pull request: https://github.com/WebKit/WebKit/pull/7473
EWS
Comment 3 2022-12-12 06:55:20 PST
Committed 257728@main (34ebbe87e188): <https://commits.webkit.org/257728@main> Reviewed commits have been landed. Closing PR #7473 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.