Bug 211253 - REGRESSION (r260932): ASSERTION FAILED: ok in webkit::SandboxExtension::consumePermanently for 3 tests
Summary: REGRESSION (r260932): ASSERTION FAILED: ok in webkit::SandboxExtension::consu...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: WebKit2 (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Brent Fulgham
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-04-30 14:16 PDT by Truitt Savell
Modified: 2020-04-30 16:46 PDT (History)
4 users (show)

See Also:

Attachments
Patch (2.21 KB, patch)
2020-04-30 16:08 PDT, Brent Fulgham 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Truitt Savell 2020-04-30 14:16:42 PDT 
This API test:
TestWebKitAPI.WebKit.UploadDirectory

and these two Layout Tests:
http/tests/misc/form-submit-file-cross-site-redirect.html
http/tests/misc/form-submit-file-cross-site.html

are all crashing after the changes in https://trac.webkit.org/changeset/260932/webkit

History:
https://results.webkit.org/?suite=layout-tests&suite=layout-tests&suite=api-tests&test=http%2Ftests%2Fmisc%2Fform-submit-file-cross-site-redirect.html&test=http%2Ftests%2Fmisc%2Fform-submit-file-cross-site.html&test=TestWebKitAPI.WebKit.UploadDirectory

Logs:
https://build.webkit.org/results/Apple-Catalina-Debug-WK2-Tests/r260952%20(3943)/results.html

Crashed

    TestWebKitAPI.WebKit.UploadDirectory
        ASSERTION FAILED: ok
        /Volumes/Data/slave/catalina-debug/build/Source/WebKit/Shared/Cocoa/SandboxExtensionCocoa.mm(506) : static bool WebKit::SandboxExtension::consumePermanently(const WebKit::SandboxExtension::HandleArray &)
        1   0x108267609 WTFCrash
        2   0x11147aeeb WTFCrashWithInfo(int, char const*, char const*, int)
        3   0x111c649ac WebKit::SandboxExtension::consumePermanently(WebKit::SandboxExtension::HandleArray const&)
        4   0x11171c71b IPC::FormDataReference::decode(IPC::Decoder&)
        5   0x11171c49c WTF::Optional<IPC::FormDataReference> IPC::ArgumentCoder<IPC::FormDataReference>::decode<IPC::FormDataReference, (void*)0>(IPC::Decoder&)
[tag] [reply] [−] Comment 14
Comment 1 Radar WebKit Bug Importer 2020-04-30 14:17:07 PDT 
<rdar://problem/62673727>
Comment 2 Brent Fulgham 2020-04-30 15:35:10 PDT 
This test uncovered a bug in our handling of Sandbox extensions that only occurs with our test infrastructure.

The TestWebKitAPI (and WKTR) processes are not sandboxed, and it is possible that WebKit clients might themselves be unsandboxed.

When WebKit code linked into an unsandboxed process attempts to consume a sandbox extension, we get a null handle and no error code.

We should treat this as a valid and expected result. I.e., we attempted to consume a valid sandbox extension supplied by a sandboxed helper process, and the Sandbox framework says "I didn't do anything since you are not sandboxed."
Comment 3 Brent Fulgham 2020-04-30 16:08:49 PDT 
Created attachment 398113 [details]
Patch
Comment 4 Per Arne Vollan 2020-04-30 16:21:09 PDT 
Comment on attachment 398113 [details]
Patch

R=me.
Comment 5 EWS 2020-04-30 16:46:43 PDT 
Committed r260974: <https://trac.webkit.org/changeset/260974>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 398113 [details].