RESOLVED FIXED 182861
Use ResourceLoader to load appcache manifest 
https://bugs.webkit.org/show_bug.cgi?id=182861
Summary Use ResourceLoader to load appcache manifest
youenn fablet
Reported 2018-02-15 21:58:38 PST
Use ResourceLoader to load apache manifest
Attachments
Patch (34.11 KB, patch)
2018-02-15 22:13 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (34.40 KB, patch)
2018-02-15 22:30 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (34.41 KB, patch)
2018-02-15 22:33 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Archive of layout-test-results from ews101 for mac-sierra (2.48 MB, application/zip)
2018-02-15 23:33 PST, EWS Watchlist 		no flags
Details
Archive of layout-test-results from ews115 for mac-sierra (3.04 MB, application/zip)
2018-02-16 00:07 PST, EWS Watchlist 		no flags
Details
Patch (34.54 KB, patch)
2018-02-16 08:36 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (34.84 KB, patch)
2018-02-16 10:58 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch (34.85 KB, patch)
2018-02-16 11:05 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Changes to fix guard malloc crashes (2.55 KB, text/plain)
2018-02-21 09:30 PST, youenn fablet 		no flags
Details
Fixing guard malloc crashes (35.05 KB, patch)
2018-02-21 09:31 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Patch for landing (35.05 KB, patch)
2018-02-21 11:44 PST, youenn fablet 		no flags
DetailsFormatted DiffDiff
Show Obsolete (9) View All Add attachment proposed patch, testcase, etc.
youenn fablet
Comment 1 2018-02-15 22:13:56 PST
Created attachment 334001 [details] Patch
youenn fablet
Comment 2 2018-02-15 22:30:26 PST
Created attachment 334003 [details] Patch
youenn fablet
Comment 3 2018-02-15 22:33:53 PST
Created attachment 334005 [details] Patch
EWS Watchlist
Comment 4 2018-02-15 23:33:39 PST
Comment on attachment 334005 [details] Patch Attachment 334005 [details] did not pass mac-ews (mac): Output: http://webkit-queues.webkit.org/results/6530809 New failing tests: http/tests/appcache/auth.html
EWS Watchlist
Comment 5 2018-02-15 23:33:41 PST
Created attachment 334012 [details] Archive of layout-test-results from ews101 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-ews. Bot: ews101 Port: mac-sierra Platform: Mac OS X 10.12.6
EWS Watchlist
Comment 6 2018-02-16 00:07:05 PST
Comment on attachment 334005 [details] Patch Attachment 334005 [details] did not pass mac-debug-ews (mac): Output: http://webkit-queues.webkit.org/results/6530807 New failing tests: http/tests/appcache/auth.html
EWS Watchlist
Comment 7 2018-02-16 00:07:06 PST
Created attachment 334014 [details] Archive of layout-test-results from ews115 for mac-sierra The attached test failures were seen while running run-webkit-tests on the mac-debug-ews. Bot: ews115 Port: mac-sierra Platform: Mac OS X 10.12.6
youenn fablet
Comment 8 2018-02-16 08:36:07 PST
Created attachment 334044 [details] Patch
Alex Christensen
Comment 9 2018-02-16 09:50:04 PST
Comment on attachment 334044 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=334044&action=review This is exciting! Do you want it reviewed? > Source/WebCore/loader/appcache/ApplicationCacheResourceLoader.cpp:14 > + * * Neither the name of Google Inc. nor the names of its This copyright should be the two-clause copyright used in new files now. > LayoutTests/http/tests/appcache/manifest-redirect-2-expected.txt:2 > +CONSOLE MESSAGE: Application Cache manifest could not be fetched, because a redirection was attempted. Is not supporting redirection in the manifest a new thing, or is this just a new message?
youenn fablet
Comment 10 2018-02-16 10:51:53 PST
(In reply to Alex Christensen from comment #9) > Comment on attachment 334044 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=334044&action=review > > This is exciting! Do you want it reviewed? > > > Source/WebCore/loader/appcache/ApplicationCacheResourceLoader.cpp:14 > > + * * Neither the name of Google Inc. nor the names of its > > This copyright should be the two-clause copyright used in new files now. Will fix. > > LayoutTests/http/tests/appcache/manifest-redirect-2-expected.txt:2 > > +CONSOLE MESSAGE: Application Cache manifest could not be fetched, because a redirection was attempted. > > Is not supporting redirection in the manifest a new thing, or is this just a > new message? It is part of preexisting code checks, in ApplicationCacheGroup::didReceiveManifestResponse (removed in this patch).
youenn fablet
Comment 11 2018-02-16 10:58:34 PST
Created attachment 334053 [details] Patch
youenn fablet
Comment 12 2018-02-16 11:05:09 PST
Created attachment 334054 [details] Patch
WebKit Commit Bot
Comment 13 2018-02-16 13:31:46 PST
Comment on attachment 334054 [details] Patch Clearing flags on attachment: 334054 Committed r228575: <https://trac.webkit.org/changeset/228575>
WebKit Commit Bot
Comment 14 2018-02-16 13:31:48 PST
All reviewed patches have been landed. Closing bug.
Radar WebKit Bug Importer
Comment 15 2018-02-16 13:33:32 PST
<rdar://problem/37616550>
Ryan Haddad
Comment 16 2018-02-16 17:43:37 PST
Reverted r228575 for reason: Introduced LayoutTest crashes under GuardMalloc. Committed r228591: <https://trac.webkit.org/changeset/228591>
Alex Christensen
Comment 17 2018-02-19 10:24:43 PST
Comment on attachment 334054 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=334054&action=review > Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp:448 > + m_loader = ApplicationCacheResourceLoader::create(documentLoader.cachedResourceLoader(), WTFMove(request), [this] (auto&& resourceOrError) { I'll bet you need to protect something here to make it not UAF.
youenn fablet
Comment 18 2018-02-21 09:19:38 PST
(In reply to Alex Christensen from comment #17) > Comment on attachment 334054 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=334054&action=review > > > Source/WebCore/loader/appcache/ApplicationCacheGroup.cpp:448 > > + m_loader = ApplicationCacheResourceLoader::create(documentLoader.cachedResourceLoader(), WTFMove(request), [this] (auto&& resourceOrError) { > > I'll bet you need to protect something here to make it not UAF. I am not sure. In ApplicationCacheGroup destructor, we are stopping the loads, triggering the callback with an abort error.
Chris Dumez
Comment 19 2018-02-21 09:23:21 PST
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread 0 com.apple.WebCore 0x000000010f1db231 WebCore::ApplicationCacheResourceLoader::cancel(WebCore::ApplicationCacheResourceLoader::Error) + 145 1 com.apple.WebCore 0x000000010e2887b4 WebCore::CachedRawResource::responseReceived(WebCore::ResourceResponse const&) + 308 2 com.apple.WebCore 0x000000010e28825a WebCore::SubresourceLoader::didReceiveResponse(WebCore::ResourceResponse const&) + 1130 3 com.apple.WebCore 0x000000010f1ca7a9 WebCore::ResourceLoader::didReceiveResponseAsync(WebCore::ResourceHandle*, WebCore::ResourceResponse&&, WTF::CompletionHandler<void ()>&&) + 57 4 com.apple.WebCore 0x000000010f40e91a WebCore::ResourceHandle::didReceiveResponse(WebCore::ResourceResponse&&, WTF::CompletionHandler<void ()>&&) + 346 5 com.apple.WebCore 0x000000010e8340f1 WTF::Function<void ()>::CallableWrapper<-[WebCoreResourceHandleAsOperationQueueDelegate connection:didReceiveResponse:]::$_4>::call() + 449 6 com.apple.JavaScriptCore 0x000000010ae2dd00 WTF::dispatchFunctionsFromMainThread() + 176 7 com.apple.Foundation 0x00007fff31ed7e75 __NSThreadPerformPerform + 334 8 com.apple.CoreFoundation 0x00007fff2fcf5611 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17 9 com.apple.CoreFoundation 0x00007fff2fdacecc __CFRunLoopDoSource0 + 108 10 com.apple.CoreFoundation 0x00007fff2fcd86a0 __CFRunLoopDoSources0 + 208 11 com.apple.CoreFoundation 0x00007fff2fcd7b1d __CFRunLoopRun + 1293 12 com.apple.CoreFoundation 0x00007fff2fcd7377 CFRunLoopRunSpecific + 487 13 DumpRenderTree 0x000000010ac541b2 0x10ac41000 + 78258 14 DumpRenderTree 0x000000010ac53508 0x10ac41000 + 75016 15 DumpRenderTree 0x000000010ac54c8c 0x10ac41000 + 81036 16 libdyld.dylib 0x00007fff58581015 start + 1
youenn fablet
Comment 20 2018-02-21 09:25:03 PST
Ok, so I probably need to protect 'this' in cancel. And there is apparently no guarantee that an ApplicationCacheGroup stays alive after didFailLoadingManifest/didFinishLoadingManifest, making the assertions I added bad.
Chris Dumez
Comment 21 2018-02-21 09:26:38 PST
(In reply to youenn fablet from comment #20) > Ok, so I probably need to protect 'this' in cancel. > And there is apparently no guarantee that an ApplicationCacheGroup stays > alive after didFailLoadingManifest/didFinishLoadingManifest, making the > assertions I added bad. You can validate by running tests in the http/tests/appcache folder with -g.
youenn fablet
Comment 22 2018-02-21 09:30:06 PST
Created attachment 334387 [details] Changes to fix guard malloc crashes
youenn fablet
Comment 23 2018-02-21 09:31:50 PST
Created attachment 334388 [details] Fixing guard malloc crashes
WebKit Commit Bot
Comment 24 2018-02-21 11:38:08 PST
Comment on attachment 334388 [details] Fixing guard malloc crashes Rejecting attachment 334388 [details] from commit-queue. Failed to run "['/Volumes/Data/EWS/WebKit/Tools/Scripts/webkit-patch', '--status-host=webkit-queues.webkit.org', '--bot-id=webkit-cq-02', 'validate-changelog', '--check-oops', '--non-interactive', 334388, '--port=mac']" exit_code: 1 cwd: /Volumes/Data/EWS/WebKit ChangeLog entry in LayoutTests/ChangeLog contains OOPS!. Full output: http://webkit-queues.webkit.org/results/6611674
youenn fablet
Comment 25 2018-02-21 11:44:07 PST
Created attachment 334397 [details] Patch for landing
WebKit Commit Bot
Comment 26 2018-02-21 12:22:04 PST
Comment on attachment 334397 [details] Patch for landing Clearing flags on attachment: 334397 Committed r228892: <https://trac.webkit.org/changeset/228892>
WebKit Commit Bot
Comment 27 2018-02-21 12:22:06 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.