RESOLVED FIXED 223580
Use frameData instead of scheduleOnNextFrame calls in WebFakeXRDevice 
https://bugs.webkit.org/show_bug.cgi?id=223580
Summary Use frameData instead of scheduleOnNextFrame calls in WebFakeXRDevice
Imanol Fernandez
Reported 2021-03-22 09:06:00 PDT
Follow-up from conversations in https://bugs.webkit.org/show_bug.cgi?id=221225 There are some concerns of potential use-after-free in WebFakeXRDevice. We can make the code more robust by getting rid of the scheduleOnNextFrame calls and use a frameData struct instead.
Attachments
Patch (11.73 KB, patch)
2021-03-22 09:17 PDT, Imanol Fernandez 		no flags
DetailsFormatted DiffDiff
Patch for landing (11.81 KB, patch)
2021-04-07 04:33 PDT, Imanol Fernandez 		no flags
DetailsFormatted DiffDiff
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Imanol Fernandez
Comment 1 2021-03-22 09:17:47 PDT
Created attachment 423896 [details] Patch
Radar WebKit Bug Importer
Comment 2 2021-03-29 09:13:21 PDT
<rdar://problem/75956780>
youenn fablet
Comment 3 2021-04-06 08:20:27 PDT
Comment on attachment 423896 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423896&action=review > Source/WebCore/testing/WebFakeXRDevice.cpp:63 > +void SimulatedXRDevice::setViews(Vector<Ref<FakeXRView>>&& views) Does it need to be a &&? > Source/WebCore/testing/WebFakeXRDevice.cpp:84 > +void SimulatedXRDevice::setViewerOrigin(Optional<FrameData::Pose>&& origin) const Optional<>& > Source/WebCore/testing/WebFakeXRDevice.cpp:89 > + m_frameData.isTrackingValid = true; return here. > Source/WebCore/testing/WebFakeXRDevice.cpp:138 > + FrameData data = m_frameData; Should we do FrameData data = WTFMove(m_frameData)? > Source/WebCore/testing/WebFakeXRDevice.cpp:202 > + deviceViews.append(view.releaseReturnValue()); I would tend to remove the other setViews and create the FrameData::View object here. > Source/WebCore/testing/WebXRTest.cpp:57 > + simulatedDevice.setViews(WTFMove(views)); Cannot we directly call setViews(const Vector<FakeXRViewInit>&)
Imanol Fernandez
Comment 4 2021-04-07 04:32:46 PDT
Comment on attachment 423896 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=423896&action=review >> Source/WebCore/testing/WebFakeXRDevice.cpp:63 >> +void SimulatedXRDevice::setViews(Vector<Ref<FakeXRView>>&& views) > > Does it need to be a &&? I changed it to Vector<FrameData::View>&& >> Source/WebCore/testing/WebFakeXRDevice.cpp:84 >> +void SimulatedXRDevice::setViewerOrigin(Optional<FrameData::Pose>&& origin) > > const Optional<>& done >> Source/WebCore/testing/WebFakeXRDevice.cpp:89 >> + m_frameData.isTrackingValid = true; > > return here. done >> Source/WebCore/testing/WebFakeXRDevice.cpp:138 >> + FrameData data = m_frameData; > > Should we do FrameData data = WTFMove(m_frameData)? No, because we want m_fameData to keep the previous values. >> Source/WebCore/testing/WebFakeXRDevice.cpp:202 >> + deviceViews.append(view.releaseReturnValue()); > > I would tend to remove the other setViews and create the FrameData::View object here. Done >> Source/WebCore/testing/WebXRTest.cpp:57 >> + simulatedDevice.setViews(WTFMove(views)); > > Cannot we directly call setViews(const Vector<FakeXRViewInit>&) yes, done.
Imanol Fernandez
Comment 5 2021-04-07 04:33:26 PDT
Created attachment 425381 [details] Patch for landing
EWS
Comment 6 2021-04-07 05:27:59 PDT
Committed r275603: <https://commits.webkit.org/r275603> All reviewed patches have been landed. Closing bug and clearing flags on attachment 425381 [details].
Note You need to log in before you can comment on or make changes to this bug.