Bug 214050 - Network process crashes in WebKit::StorageManagerSet::deleteSessionStorageForOrigins
Summary: Network process crashes in WebKit::StorageManagerSet::deleteSessionStorageFor...
Status: RESOLVED FIXED
Alias: None
Product: WebKit
Classification: Unclassified
Component: New Bugs (show other bugs)
Version: WebKit Nightly Build
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Sihui Liu
URL:
Keywords: InRadar
Depends on:
Blocks:
 
Reported: 2020-07-07 10:49 PDT by Sihui Liu
Modified: 2020-07-07 13:13 PDT (History)
3 users (show)

See Also:

Attachments
Patch (2.79 KB, patch)
2020-07-07 10:52 PDT, Sihui Liu 		no flags Details | Formatted Diff | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sihui Liu 2020-07-07 10:49:06 PDT 
...
Comment 1 Sihui Liu 2020-07-07 10:49:55 PDT Comment hidden (obsolete)
Comment 2 Sihui Liu 2020-07-07 10:52:44 PDT 
Created attachment 403706 [details]
Patch
Comment 3 John Wilander 2020-07-07 10:57:46 PDT 
Comment on attachment 403706 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=403706&action=review

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1929
> +                    return;

I don't think early return is correct here. The fact that the storage manager set doesn't contain the session ID doesn't mean there aren't other means of storage to delete. The function is for deleting all existing and future website data types.

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1939
> +                    return;

Ditto.
Comment 4 Sihui Liu 2020-07-07 11:13:17 PDT 
Comment on attachment 403706 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=403706&action=review

>> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1929
>> +                    return;
> 
> I don't think early return is correct here. The fact that the storage manager set doesn't contain the session ID doesn't mean there aren't other means of storage to delete. The function is for deleting all existing and future website data types.

This early return is in the callback function of getSessionStorageOrigins, so this change only affects deletion of session storage..  DiskCache below does the same thing..
Comment 5 Chris Dumez 2020-07-07 11:46:51 PDT 
Comment on attachment 403706 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=403706&action=review

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1932
>                  m_storageManagerSet->deleteSessionStorageForOrigins(sessionID, originsToDelete, [callbackAggregator] { });

Why are we not doing the sessionID check inside deleteSessionStorageForOrigins() ?

> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1942
>                  m_storageManagerSet->deleteLocalStorageForOrigins(sessionID, originsToDelete, [callbackAggregator] { });

ditto.
Comment 6 Sihui Liu 2020-07-07 12:09:46 PDT 
Comment on attachment 403706 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=403706&action=review

>> Source/WebKit/NetworkProcess/NetworkProcess.cpp:1932
>>                  m_storageManagerSet->deleteSessionStorageForOrigins(sessionID, originsToDelete, [callbackAggregator] { });
> 
> Why are we not doing the sessionID check inside deleteSessionStorageForOrigins() ?

Currently all functions in StorageManagerSet asserts session exists when they are called, so it looks more consistent to not change there... And in NetworkProcess, we normally get/delete websitedata only when session exists.
Comment 7 Chris Dumez 2020-07-07 12:16:56 PDT 
Comment on attachment 403706 [details]
Patch

Ok
Comment 8 EWS 2020-07-07 12:45:59 PDT 
Committed r264036: <https://trac.webkit.org/changeset/264036>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 403706 [details].
Comment 9 Sihui Liu 2020-07-07 13:13:35 PDT 
<rdar://problem/64750825>