249060 – Fix use-after-move in WebCore::SWClientConnection::postMessageToServiceWorkerClient()

RESOLVED FIXED 249060

Fix use-after-move in WebCore::SWClientConnection::postMessageToServiceWorkerClient()

https://bugs.webkit.org/show_bug.cgi?id=249060

Summary Fix use-after-move in WebCore::SWClientConnection::postMessageToServiceWorker...

David Kilzer (:ddkilzer)

Reported 2022-12-09 18:22:15 PST

Fix use-after-move in WebCore::SWClientConnection::postMessageToServiceWorkerClient() from Source/WebCore/workers/service/SWClientConnection.cpp. The `message` variable is involved in a use-after-move when `wasDispatched` returns `false` in the method below. ``` void SWClientConnection::postMessageToServiceWorkerClient(ScriptExecutionContextIdentifier destinationContextIdentifier, MessageWithMessagePorts&& message, ServiceWorkerData&& sourceData, String&& sourceOrigin) { ASSERT(isMainThread()); if (auto* destinationDocument = Document::allDocumentsMap().get(destinationContextIdentifier)) { postMessageToContainer(*destinationDocument, WTFMove(message), WTFMove(sourceData), WTFMove(sourceOrigin)); return; } bool wasDispatched = ScriptExecutionContext::postTaskTo(destinationContextIdentifier, [message = WTFMove(message), sourceData = WTFMove(sourceData).isolatedCopy(), sourceOrigin = WTFMove(sourceOrigin).isolatedCopy()](auto& context) mutable { postMessageToContainer(context, WTFMove(message), WTFMove(sourceData), WTFMove(sourceOrigin)); }); if (wasDispatched) return; if (auto* sharedWorker = SharedWorkerThreadProxy::byIdentifier(destinationContextIdentifier)) { sharedWorker->thread().runLoop().postTask([message = WTFMove(message), sourceData = WTFMove(sourceData).isolatedCopy(), sourceOrigin = WTFMove(sourceOrigin).isolatedCopy()] (auto& context) mutable { postMessageToContainer(context, WTFMove(message), WTFMove(sourceData), WTFMove(sourceOrigin)); }); } } ```

Attachments
Add attachment proposed patch, testcase, etc.

Radar WebKit Bug Importer

Comment 1 2022-12-09 18:22:47 PST

<rdar://problem/103202263>

youenn fablet

Comment 2 2022-12-12 01:24:08 PST

Pull request: https://github.com/WebKit/WebKit/pull/7473

EWS

Comment 3 2022-12-12 06:55:20 PST

Committed 257728@main (34ebbe87e188): <https://commits.webkit.org/257728@main> Reviewed commits have been landed. Closing PR #7473 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.

Status RESOLVED

Resolution FIXED

Priority P2

Severity Normal

Classification Unclassified

Version WebKit Nightly Build

Hardware Unspecified

OS Unspecified

Product WebKit

Component Service Workers

Assignee

youenn fablet

Reported

2022-12-09 18:22 PST

Modified

2022-12-12 06:55 PST History

CC List

2 users Show

URL

Keywords InRadar

Depends on

Blocks