RESOLVED FIXED231814
REGRESSION (r277658): WebKit::LocalConnection::createCredentialPrivateKey leaks an NSMutableDictionary 
https://bugs.webkit.org/show_bug.cgi?id=231814
Summary REGRESSION (r277658): WebKit::LocalConnection::createCredentialPrivateKey lea...
David Kilzer (:ddkilzer)
Reported 2021-10-15 10:20:11 PDT
WebKit::LocalConnection::createCredentialPrivateKey leaks an NSMutableDictionary when an LAContext object is passed to the method. found by the clang static analyzer.
Attachments
Patch v1 (2.58 KB, patch)
2021-10-15 10:25 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
Patch for follow-up comments (1.85 KB, patch)
2021-10-17 13:13 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
Patch for follow-up comments #2 (1.92 KB, patch)
2021-10-19 08:23 PDT, David Kilzer (:ddkilzer) 		no flags
DetailsFormatted DiffDiff
View All Add attachment proposed patch, testcase, etc.
Radar WebKit Bug Importer
Comment 1 2021-10-15 10:20:31 PDT
<rdar://problem/84307054>
David Kilzer (:ddkilzer)
Comment 2 2021-10-15 10:25:23 PDT
Created attachment 441397 [details] Patch v1
David Kilzer (:ddkilzer)
Comment 3 2021-10-15 10:29:43 PDT
This regressed here: Add nil checks for LAContexts before inserting them in the dictionaries. <https://bugs.webkit.org/show_bug.cgi?id=225897> <https://trac.webkit.org/r277658>
David Kilzer (:ddkilzer)
Comment 4 2021-10-16 11:13:29 PDT
Comment on attachment 441397 [details] Patch v1 Marking cq+ since: - ios-sim build is complete, but bubble did not turn green. - mac-AS-debug-wk2 is failing due to some unrelated sandbox issue. - api-mac is a day behind, and based on other tests passing, I don't think this patch will cause any issues.
EWS
Comment 5 2021-10-16 11:17:00 PDT
Committed r284319 (243115@main): <https://commits.webkit.org/243115@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 441397 [details].
Darin Adler
Comment 6 2021-10-16 12:53:45 PDT
Comment on attachment 441397 [details] Patch v1 View in context: https://bugs.webkit.org/attachment.cgi?id=441397&action=review > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:180 > + privateKeyAttributes = adoptNS([privateKeyAttributes mutableCopy]); > + ((NSMutableDictionary *)privateKeyAttributes.get())[(id)kSecUseAuthenticationContext] = context; Not important for this patch, but coding style wise, I think we should write this without the NSMutableDictionary cast: auto mutableCopy = adoptNS([privateKeyAttributes mutableCopy]); mutableCopy.get()[(id)kSecUseAuthenticationContext] = context; privateKeyAttributes = WTFMove(mutableCopy); Might have to be more specific about the type somewhere, but something roughly like that should work.
David Kilzer (:ddkilzer)
Comment 7 2021-10-17 13:13:15 PDT
Reopening to attach new patch.
David Kilzer (:ddkilzer)
Comment 8 2021-10-17 13:13:17 PDT
Created attachment 441547 [details] Patch for follow-up comments
David Kilzer (:ddkilzer)
Comment 9 2021-10-17 13:56:03 PDT
Comment on attachment 441547 [details] Patch for follow-up comments Marking cq+ since this compiled on Cocoa platforms.
EWS
Comment 10 2021-10-17 14:19:40 PDT
Committed r284342 (243136@main): <https://commits.webkit.org/243136@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 441547 [details].
Darin Adler
Comment 11 2021-10-17 21:25:08 PDT
Comment on attachment 441547 [details] Patch for follow-up comments View in context: https://bugs.webkit.org/attachment.cgi?id=441547&action=review > Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:181 > + privateKeyAttributes = mutableCopy; No WTFMove? Seems like it would remove one retain/release cycle.
David Kilzer (:ddkilzer)
Comment 12 2021-10-19 08:20:05 PDT
Comment on attachment 441547 [details] Patch for follow-up comments View in context: https://bugs.webkit.org/attachment.cgi?id=441547&action=review >> Source/WebKit/UIProcess/WebAuthentication/Cocoa/LocalConnection.mm:181 >> + privateKeyAttributes = mutableCopy; > > No WTFMove? Seems like it would remove one retain/release cycle. I reimplemented your patch (instead of copy-pasting the code), and simply missed the WTMove(). Filed this bug to track catching that in more places: Bug 231954: clang-tidy checker to find places where WTFMove/std::move are missing with RetainPtr<> Will post a follow-up patch in a bit.
David Kilzer (:ddkilzer)
Comment 13 2021-10-19 08:23:04 PDT
Reopening to attach new patch.
David Kilzer (:ddkilzer)
Comment 14 2021-10-19 08:23:06 PDT
Created attachment 441728 [details] Patch for follow-up comments #2
David Kilzer (:ddkilzer)
Comment 15 2021-10-19 08:28:10 PDT
Comment on attachment 441728 [details] Patch for follow-up comments #2 Adding cq+ since it compiles.
EWS
Comment 16 2021-10-19 09:24:53 PDT
Committed r284458 (243218@main): <https://commits.webkit.org/243218@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 441728 [details].
Note You need to log in before you can comment on or make changes to this bug.