214222 – ASSERT([filteredCookies.get() count] <= 1) on imported/w3c/web-platform-tests/websockets/cookies/third-party-cookie-accepted.https.html

Bug 214222 - ASSERT([filteredCookies.get() count] <= 1) on imported/w3c/web-platform-tests/websockets/cookies/third-party-cookie-accepted.https.html

Summary: ASSERT([filteredCookies.get() count] <= 1) on imported/w3c/web-platform-test...

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Page Loading (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2020-07-11 10:19 PDT by Chris Dumez
Modified:	2020-07-28 10:00 PDT (History)
CC List:	8 users (show)

See Also:	214880

Attachments
Patch (14.24 KB, patch) 2020-07-22 16:47 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (14.24 KB, patch) 2020-07-22 16:51 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Patch (14.15 KB, patch) 2020-07-23 08:47 PDT, Chris Dumez	no flags	Details \| Formatted Diff \| Diff
Show Obsolete (2) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2020-07-11 10:19:03 PDT

imported/w3c/web-platform-tests/websockets/cookies/third-party-cookie-accepted.https.html is crashing consistently on iOS WK2 Debug configuration:
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0   com.apple.JavaScriptCore      	0x000000011d578d0e WTFCrash + 14 (Assertions.cpp:295)
1   com.apple.WebCore             	0x0000000122d552eb WTFCrashWithInfo(int, char const*, char const*, int) + 27
2   com.apple.WebCore             	0x0000000124aa42a0 WebCore::NetworkStorageSession::setCookiesFromDOM(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::Optional<WTF::ObjectIdentifier<WebCore::FrameIdentifierType> >, WTF::Optional<WTF::ObjectIdentifier<WebCore::PageIdentifierType> >, WebCore::ShouldAskITP, WTF::String const&, WebCore::ShouldRelaxThirdPartyCookieBlocking) const + 1136 (NetworkStorageSessionCocoa.mm:467)
3   com.apple.WebKit              	0x000000010cb40b1b WebKit::NetworkConnectionToWebProcess::setCookiesFromDOM(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String const&, WebCore::ShouldRelaxThirdPartyCookieBlocking) + 299 (NetworkConnectionToWebProcess.cpp:655)
4   com.apple.WebKit              	0x000000010c697615 void IPC::callMemberFunctionImpl<WebKit::NetworkConnectionToWebProcess, void (WebKit::NetworkConnectionToWebProcess::*)(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String const&, WebCore::ShouldRelaxThirdPartyCookieBlocking), std::__1::tuple<WTF::URL, WebCore::SameSiteInfo, WTF::URL, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String, WebCore::ShouldRelaxThirdPartyCookieBlocking>, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul, 6ul, 7ul>(WebKit::NetworkConnectionToWebProcess*, void (WebKit::NetworkConnectionToWebProcess::*)(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String const&, WebCore::ShouldRelaxThirdPartyCookieBlocking), std::__1::tuple<WTF::URL, WebCore::SameSiteInfo, WTF::URL, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String, WebCore::ShouldRelaxThirdPartyCookieBlocking>&&, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul, 6ul, 7ul>) + 437 (HandleMessage.h:42)
5   com.apple.WebKit              	0x000000010c690580 void IPC::callMemberFunction<WebKit::NetworkConnectionToWebProcess, void (WebKit::NetworkConnectionToWebProcess::*)(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String const&, WebCore::ShouldRelaxThirdPartyCookieBlocking), std::__1::tuple<WTF::URL, WebCore::SameSiteInfo, WTF::URL, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String, WebCore::ShouldRelaxThirdPartyCookieBlocking>, std::__1::integer_sequence<unsigned long, 0ul, 1ul, 2ul, 3ul, 4ul, 5ul, 6ul, 7ul> >(std::__1::tuple<WTF::URL, WebCore::SameSiteInfo, WTF::URL, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String, WebCore::ShouldRelaxThirdPartyCookieBlocking>&&, WebKit::NetworkConnectionToWebProcess*, void (WebKit::NetworkConnectionToWebProcess::*)(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String const&, WebCore::ShouldRelaxThirdPartyCookieBlocking)) + 112 (HandleMessage.h:48)
6   com.apple.WebKit              	0x000000010c66496e void IPC::handleMessage<Messages::NetworkConnectionToWebProcess::SetCookiesFromDOM, WebKit::NetworkConnectionToWebProcess, void (WebKit::NetworkConnectionToWebProcess::*)(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String const&, WebCore::ShouldRelaxThirdPartyCookieBlocking)>(IPC::Decoder&, WebKit::NetworkConnectionToWebProcess*, void (WebKit::NetworkConnectionToWebProcess::*)(WTF::URL const&, WebCore::SameSiteInfo const&, WTF::URL const&, WTF::ObjectIdentifier<WebCore::FrameIdentifierType>, WTF::ObjectIdentifier<WebCore::PageIdentifierType>, WebCore::ShouldAskITP, WTF::String const&, WebCore::ShouldRelaxThirdPartyCookieBlocking)) + 190 (HandleMessage.h:115)
7   com.apple.WebKit              	0x000000010c6630dc WebKit::NetworkConnectionToWebProcess::didReceiveNetworkConnectionToWebProcessMessage(IPC::Connection&, IPC::Decoder&) + 1116 (NetworkConnectionToWebProcessMessageReceiver.cpp:365)
8   com.apple.WebKit              	0x000000010cb3bd63 WebKit::NetworkConnectionToWebProcess::didReceiveMessage(IPC::Connection&, IPC::Decoder&) + 179 (NetworkConnectionToWebProcess.cpp:191)
9   com.apple.WebKit              	0x000000010c5a54ff IPC::Connection::dispatchMessage(IPC::Decoder&) + 431 (Connection.cpp:1002)
10  com.apple.WebKit              	0x000000010c5a5e30 IPC::Connection::dispatchMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >) + 528
11  com.apple.WebKit              	0x000000010c5a64c0 IPC::Connection::dispatchOneIncomingMessage() + 208 (Connection.cpp:1139)
12  com.apple.WebKit              	0x000000010c5c5278 IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7::operator()() + 88 (Connection.cpp:979)
13  com.apple.WebKit              	0x000000010c5c518e WTF::Detail::CallableWrapper<IPC::Connection::enqueueIncomingMessage(std::__1::unique_ptr<IPC::Decoder, std::__1::default_delete<IPC::Decoder> >)::$_7, void>::call() + 30 (Function.h:52)
14  com.apple.JavaScriptCore      	0x000000011d5a4b02 WTF::Function<void ()>::operator()() const + 130 (Function.h:84)
15  com.apple.JavaScriptCore      	0x000000011d61d015 WTF::RunLoop::performWork() + 341 (RunLoop.cpp:120)
16  com.apple.JavaScriptCore      	0x000000011d6205b1 WTF::RunLoop::performWork(void*) + 33 (RunLoopCF.cpp:39)
17  com.apple.CoreFoundation      	0x0000000108189c71 __CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION__ + 17
18  com.apple.CoreFoundation      	0x0000000108189b9c __CFRunLoopDoSource0 + 76
19  com.apple.CoreFoundation      	0x0000000108189374 __CFRunLoopDoSources0 + 180
20  com.apple.CoreFoundation      	0x0000000108183f6e __CFRunLoopRun + 974
21  com.apple.CoreFoundation      	0x0000000108183884 CFRunLoopRunSpecific + 404
22  com.apple.Foundation          	0x0000000107a49831 -[NSRunLoop(NSRunLoop) runMode:beforeDate:] + 211
23  com.apple.Foundation          	0x0000000107a49a45 -[NSRunLoop(NSRunLoop) run] + 76
24  libxpc.dylib                  	0x0000000109dd65ae _xpc_objc_main + 297
25  libxpc.dylib                  	0x0000000109dd8976 xpc_main + 132
26  com.apple.WebKit              	0x000000010cce509b WebKit::XPCServiceMain(int, char const**) + 1067 (XPCServiceMain.mm:171)
27  com.apple.WebKit              	0x000000010e20758b WKXPCServiceMain + 27 (WKMain.mm:33)
28  com.apple.WebKit.Networking   	0x00000001078e9da2 main + 34 (AuxiliaryProcessMain.cpp:30)
29  libdyld.dylib                 	0x0000000109aa210d start + 1

Comment 1 Chris Dumez 2020-07-11 10:21:16 PDT

Updated expectations in <https://trac.webkit.org/changeset/264268>.

Comment 2 Alexey Proskuryakov 2020-07-14 23:01:15 PDT

Line 467 is this, which is a bit surprising.

    ASSERT([filteredCookies.get() count] <= 1);

Comment 3 Radar WebKit Bug Importer 2020-07-14 23:01:23 PDT

<rdar://problem/65587120>

Comment 4 Chris Dumez 2020-07-22 15:04:21 PDT

Looks like we use a different API for parsing cookies on macOS and iOS:
#if PLATFORM(MAC)
    NSArray *unfilteredCookies = [NSHTTPCookie _parsedCookiesWithResponseHeaderFields:headerFields forURL:cookieURL];
#else
    NSArray *unfilteredCookies = [NSHTTPCookie cookiesWithResponseHeaderFields:headerFields forURL:cookieURL];
#endif

Comment 5 Chris Dumez 2020-07-22 15:18:32 PDT

The cookie string is:

samesite-unspecified=0.2755897489430851; Path=/, samesite-lax=0.2755897489430851; Path=/; SameSite=Lax, samesite-strict=0.2755897489430851; Path=/; SameSite=Strict, samesite-none=0.2755897489430851; Path=/; SameSite=None; Secure

Comment 6 Chris Dumez 2020-07-22 15:24:23 PDT

(In reply to Chris Dumez from comment #5)
> The cookie string is:
> 
> samesite-unspecified=0.2755897489430851; Path=/,
> samesite-lax=0.2755897489430851; Path=/; SameSite=Lax,
> samesite-strict=0.2755897489430851; Path=/; SameSite=Strict,
> samesite-none=0.2755897489430851; Path=/; SameSite=None; Secure

the HTML spec says to treat the string set to document.cookie as a Set-Cookie header. Set-Cookie header is defined here:
https://tools.ietf.org/html/rfc6265#section-4.1

It should only support one cookie indeed.

Comment 7 Chris Dumez 2020-07-22 16:47:46 PDT

Created attachment 404995 [details]
Patch

Comment 8 Chris Dumez 2020-07-22 16:51:11 PDT

Created attachment 404996 [details]
Patch

Comment 9 Alex Christensen 2020-07-22 20:27:41 PDT

Comment on attachment 404996 [details]
Patch

View in context: https://bugs.webkit.org/attachment.cgi?id=404996&action=review

I think this is good, but this is a bad time to make a change like this.  Could this wait until after the next branch?

> Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:424
> +            RetainPtr<NSDate> dateInAWeek = adoptNS([[NSDate alloc] initWithTimeIntervalSinceNow:cappedLifetime->seconds()]);

auto

> Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:459
> +    setHTTPCookiesForURL(cookieStorage().get(), [NSArray arrayWithObject:cookie], cookieURL, firstParty, sameSiteInfo);

@[cookie]

Comment 10 Chris Dumez 2020-07-23 08:35:22 PDT

(In reply to Alex Christensen from comment #9)
> Comment on attachment 404996 [details]
> Patch
> 
> View in context:
> https://bugs.webkit.org/attachment.cgi?id=404996&action=review
> 
> I think this is good, but this is a bad time to make a change like this. 
> Could this wait until after the next branch?

I guess it can but it is merely aligning iOS with shipping macOS. 

> 
> > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:424
> > +            RetainPtr<NSDate> dateInAWeek = adoptNS([[NSDate alloc] initWithTimeIntervalSinceNow:cappedLifetime->seconds()]);
> 
> auto
> 
> > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:459
> > +    setHTTPCookiesForURL(cookieStorage().get(), [NSArray arrayWithObject:cookie], cookieURL, firstParty, sameSiteInfo);
> 
> @[cookie]

Comment 11 Chris Dumez 2020-07-23 08:37:58 PDT

(In reply to Chris Dumez from comment #10)
> (In reply to Alex Christensen from comment #9)
> > Comment on attachment 404996 [details]
> > Patch
> > 
> > View in context:
> > https://bugs.webkit.org/attachment.cgi?id=404996&action=review
> > 
> > I think this is good, but this is a bad time to make a change like this. 
> > Could this wait until after the next branch?
> 
> I guess it can but it is merely aligning iOS with shipping macOS. 

It also only impact document.cookie setting.

> 
> > 
> > > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:424
> > > +            RetainPtr<NSDate> dateInAWeek = adoptNS([[NSDate alloc] initWithTimeIntervalSinceNow:cappedLifetime->seconds()]);
> > 
> > auto
> > 
> > > Source/WebCore/platform/network/cocoa/NetworkStorageSessionCocoa.mm:459
> > > +    setHTTPCookiesForURL(cookieStorage().get(), [NSArray arrayWithObject:cookie], cookieURL, firstParty, sameSiteInfo);
> > 
> > @[cookie]

Comment 12 Chris Dumez 2020-07-23 08:47:46 PDT

Created attachment 405042 [details]
Patch

Comment 13 EWS 2020-07-27 13:58:19 PDT

Committed r264943: <https://trac.webkit.org/changeset/264943>

All reviewed patches have been landed. Closing bug and clearing flags on attachment 405042 [details].

Comment 14 Aakash Jain 2020-07-28 04:12:35 PDT

(In reply to EWS from comment #13)
> Committed r264943: <https://trac.webkit.org/changeset/264943>
http/tests/cookies/document-cookie-multiple-cookies.html is failing consistently since this commit, as also warned by EWS.

History: https://results.webkit.org/?suite=layout-tests&test=http%2Ftests%2Fcookies%2Fdocument-cookie-multiple-cookies.html

Comment 15 Aakash Jain 2020-07-28 04:13:01 PDT

e.g.: https://ews-build.s3-us-west-2.amazonaws.com/Windows-EWS/r405345-31731-clean-tree/results.html

-PASS document.cookie is "samesite-unspecified=0"
+FAIL document.cookie should be samesite-unspecified=0. Was samesite-lax=1; samesite-strict=2; samesite-unspecified=0.

Comment 16 Chris Dumez 2020-07-28 09:41:03 PDT

(In reply to Aakash Jain from comment #15)
> e.g.:
> https://ews-build.s3-us-west-2.amazonaws.com/Windows-EWS/r405345-31731-clean-
> tree/results.html
> 
> -PASS document.cookie is "samesite-unspecified=0"
> +FAIL document.cookie should be samesite-unspecified=0. Was samesite-lax=1;
> samesite-strict=2; samesite-unspecified=0.

Ok. Windows still has the bug. I only fixed it for iOS.

Comment 17 Chris Dumez 2020-07-28 10:00:34 PDT

(In reply to Chris Dumez from comment #16)
> (In reply to Aakash Jain from comment #15)
> > e.g.:
> > https://ews-build.s3-us-west-2.amazonaws.com/Windows-EWS/r405345-31731-clean-
> > tree/results.html
> > 
> > -PASS document.cookie is "samesite-unspecified=0"
> > +FAIL document.cookie should be samesite-unspecified=0. Was samesite-lax=1;
> > samesite-strict=2; samesite-unspecified=0.
> 
> Ok. Windows still has the bug. I only fixed it for iOS.

Fixing the same bug on Windows via Bug 214880.