209710 – REGRESSION (r250728): Use-after-move in NetworkProcess::addServiceWorkerSession()

Bug 209710 - REGRESSION (r250728): Use-after-move in NetworkProcess::addServiceWorkerSession()

Summary: REGRESSION (r250728): Use-after-move in NetworkProcess::addServiceWorkerSessi...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Service Workers (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	David Kilzer (:ddkilzer)

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-03-28 18:23 PDT by David Kilzer (:ddkilzer)
Modified:	2020-03-28 19:50 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Patch v1 (1.85 KB, patch) 2020-03-28 18:56 PDT, David Kilzer (:ddkilzer)	no flags	Details \| Formatted Diff \| Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description David Kilzer (:ddkilzer) 2020-03-28 18:23:28 PDT

Use-after-move in NetworkProcess::addServiceWorkerSession() of `serviceWorkerRegistrationDirectory` parameter:

void NetworkProcess::addServiceWorkerSession(PAL::SessionID sessionID, bool processTerminationDelayEnabled, String&& serviceWorkerRegistrationDirectory, const SandboxExtension::Handle& handle)
{
    ServiceWorkerInfo info {
        WTFMove(serviceWorkerRegistrationDirectory),
        processTerminationDelayEnabled
    };
    auto addResult = m_serviceWorkerInfo.add(sessionID, WTFMove(info));
    if (addResult.isNewEntry) {
        SandboxExtension::consumePermanently(handle);
        if (!serviceWorkerRegistrationDirectory.isEmpty())
            postStorageTask(createCrossThreadTask(*this, &NetworkProcess::ensurePathExists, serviceWorkerRegistrationDirectory));
    }
}

The postStorageTask() will never run because `serviceWorkerRegistrationDirectory.isEmpty()` is always true.

Comment 1 Radar WebKit Bug Importer 2020-03-28 18:23:47 PDT

<rdar://problem/61017857>

Comment 2 David Kilzer (:ddkilzer) 2020-03-28 18:56:08 PDT

Created attachment 394849 [details]
Patch v1

Comment 3 David Kilzer (:ddkilzer) 2020-03-28 19:00:07 PDT

This regressed in:

Bug 202553: Move WKProcessPool._registerURLSchemeServiceWorkersCanHandle to _WKWebsiteDataStoreConfiguration
<https://bugs.webkit.org/show_bug.cgi?id=202553>
<rdar://problem/55985536>
<http://trac.webkit.org/r250728>

Comment 4 EWS 2020-03-28 19:50:24 PDT

Committed r259167: <https://trac.webkit.org/changeset/259167>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 394849 [details].