RESOLVED FIXED194144
Network Process crash when resuming downloads: '-[__NSDictionaryI setObject:forKey:]: unrecognized selector sent to instance %p' 
https://bugs.webkit.org/show_bug.cgi?id=194144
Summary Network Process crash when resuming downloads: '-[__NSDictionaryI setObject:f...
David Quesada
Reported 2019-01-31 22:49:27 PST
rdar://problem/47553456
Attachments
Patch (2.62 KB, patch)
2019-02-01 09:39 PST, David Quesada 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
David Quesada
Comment 1 2019-01-31 22:54:59 PST
Resuming a download occasionally causes a Network Process crash due to an uncaught NSInvalidArgumentException. In Download::resume(), we decode the root object from the resume data, assume it's a mutable dictionary (with no type checking), and try to -setObject:forKey: it.
David Quesada
Comment 2 2019-02-01 09:39:16 PST
Created attachment 360866 [details] Patch
Geoffrey Garen
Comment 3 2019-02-01 13:26:55 PST
Comment on attachment 360866 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=360866&action=review > Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm:61 > + auto dictionary = adoptNS(static_cast<NSMutableDictionary *>([[unarchiver decodeObjectOfClasses:plistClasses forKey:@"NSKeyedArchiveRootObjectKey"] mutableCopy])); Why do we pass plistClasses to decodeObjectOfClasses? My reading of this code is that any root object class other than NSDictionary would be an error. Should we just decodeObjectOfClass: [NSDictionary class]?
David Quesada
Comment 4 2019-02-01 13:45:45 PST
(In reply to Geoffrey Garen from comment #3) > Comment on attachment 360866 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=360866&action=review > > > Source/WebKit/NetworkProcess/Downloads/cocoa/DownloadCocoa.mm:61 > > + auto dictionary = adoptNS(static_cast<NSMutableDictionary *>([[unarchiver decodeObjectOfClasses:plistClasses forKey:@"NSKeyedArchiveRootObjectKey"] mutableCopy])); > > Why do we pass plistClasses to decodeObjectOfClasses? My reading of this > code is that any root object class other than NSDictionary would be an error. > > Should we just decodeObjectOfClass: [NSDictionary class]? That won't work. The class whitelist also applies to the objects being decoded by the dictionary. So if we only allow decoding NSDictionary, we wouldn't get any object unless the resume data is a dictionary that only contains other dictionaries as objects (which themselves can only contain dictionaries as objects, recursively).
Geoffrey Garen
Comment 5 2019-02-01 14:31:21 PST
Comment on attachment 360866 [details] Patch r=me
WebKit Commit Bot
Comment 6 2019-02-01 15:08:53 PST
Comment on attachment 360866 [details] Patch Clearing flags on attachment: 360866 Committed r240881: <https://trac.webkit.org/changeset/240881>
WebKit Commit Bot
Comment 7 2019-02-01 15:08:55 PST
All reviewed patches have been landed. Closing bug.
Note You need to log in before you can comment on or make changes to this bug.