Bug 199380 - FetchResponse::BodyLoader should not be movable
Summary: FetchResponse::BodyLoader should not be movable
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Zan Dobersek
Keywords: InRadar
Depends on:
Reported: 2019-07-01 14:11 PDT by Zan Dobersek
Modified: 2019-07-02 22:44 PDT (History)
4 users (show)

See Also:

Patch (3.40 KB, patch)
2019-07-01 14:22 PDT, Zan Dobersek
no flags Details | Formatted Diff | Diff
Patch (4.13 KB, patch)
2019-07-01 23:51 PDT, Zan Dobersek
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Zan Dobersek 2019-07-01 14:11:53 PDT
FetchResponse::BodyLoader should not be movable
Comment 1 Zan Dobersek 2019-07-01 14:22:01 PDT
This is currently causing a few crashes in fetch-related tests on debug bots using GCC, with "pure virtual method" error being thrown when calling FetchLoaderClient virtual methods on already-freed FetchResponse::BodyLoader objects.
Comment 2 Zan Dobersek 2019-07-01 14:22:30 PDT
Created attachment 373265 [details]
Comment 3 EWS Watchlist 2019-07-01 14:23:55 PDT
Attachment 373265 [details] did not pass style-queue:

ERROR: Source/WebCore/Modules/fetch/FetchResponse.h:37:  Alphabetical sorting problem.  [build/include_order] [4]
ERROR: Source/WebCore/ChangeLog:12:  Please consider whether the use of security-sensitive phrasing could help someone exploit WebKit: use-after-free  [changelog/unwantedsecurityterms] [3]
Total errors found: 2 in 3 files

If any of these errors are false positives, please file a bug against check-webkit-style.
Comment 4 Alex Christensen 2019-07-01 14:54:14 PDT
Comment on attachment 373265 [details]

Classic case of moved-from undefined state bug.  We still need to be careful about std::exchange/WTFMove being used correctly.
Comment 5 youenn fablet 2019-07-01 18:26:58 PDT
I think we should make m_bodyLoader a std::unique_ptr instead of an Optional.
Comment 6 Zan Dobersek 2019-07-01 23:51:52 PDT
Created attachment 373305 [details]

Takes the unique_ptr approach.
Comment 7 Zan Dobersek 2019-07-02 22:43:13 PDT
Comment on attachment 373305 [details]

Clearing flags on attachment: 373305

Committed r247087: <https://trac.webkit.org/changeset/247087>
Comment 8 Zan Dobersek 2019-07-02 22:43:17 PDT
All reviewed patches have been landed.  Closing bug.
Comment 9 Radar WebKit Bug Importer 2019-07-02 22:44:17 PDT