264372 – Crash under ContentSecurityPolicy::reportViolation()

Bug 264372 - Crash under ContentSecurityPolicy::reportViolation()

Summary: Crash under ContentSecurityPolicy::reportViolation()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Service Workers (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2023-11-07 15:52 PST by Chris Dumez
Modified:	2023-11-08 08:36 PST (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2023-11-07 15:52:48 PST

Crash under ContentSecurityPolicy::reportViolation():
```
 9 WebCore::LocalFrame::WeakValueType* WTF::WeakPtrImplBase<WTF::DefaultWeakPtrImpl>::get<WebCore::LocalFrame>()
        9 WTF::WeakPtr<WebCore::LocalFrame, WTF::DefaultWeakPtrImpl>::get() const
          9 WebCore::FrameDestructionObserver::frame() const
     ==> 9 WebCore::ContentSecurityPolicy::reportViolation(WTF::String const&, WebCore::ContentSecurityPolicyDirectiveList const&, WTF::String const&, WTF::String const&, WTF::String const&, WTF::StringView const&, WTF::TextPosition const&, JSC::JSGlobalObject*, WTF::URL const&, WebCore::Element*) const <==
              7 WTF::String::startsWith(WTF::StringView) const
              | 7 WebCore::ContentSecurityPolicyDirectiveList::shouldReportSample(WTF::String const&) const
              |   7 WebCore::ContentSecurityPolicy::reportViolation(WTF::String const&, WebCore::ContentSecurityPolicyDirectiveList const&, WTF::String const&, WTF::String const&, WTF::String const&, WTF::StringView const&, WTF::TextPosition const&, JSC::JSGlobalObject*, WTF::URL const&, WebCore::Element*) const
              |     7 WebCore::ContentSecurityPolicy::reportViolation(WebCore::ContentSecurityPolicyDirective const&, WTF::String const&, WTF::String const&, WTF::String const&, WTF::StringView const&, WTF::TextPosition const&, WTF::URL const&, JSC::JSGlobalObject*, WebCore::Element*) const
              |       7 WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20::operator()(WebCore::ContentSecurityPolicyDirective const&) const
              |         7 decltype(std::declval<WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20&>()(std::declval<WebCore::ContentSecurityPolicyDirective const&>())) std::__1::__invoke[abi:v160006]<WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20&, WebCore::ContentSecurityPolicyDirective const&>(WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20&, WebCore::ContentSecurityPolicyDirective const&)
              |           7 void std::__1::__invoke_void_return_wrapper<void, true>::__call<WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20&, WebCore::ContentSecurityPolicyDirective const&>(WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20&, WebCore::ContentSecurityPolicyDirective const&)
              |             7 std::__1::__function::__alloc_func<WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20, std::__1::allocator<WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20>, void (WebCore::ContentSecurityPolicyDirective const&)>::operator()[abi:v160006](WebCore::ContentSecurityPolicyDirective const&)
              |               7 std::__1::__function::__func<WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20, std::__1::allocator<WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const::$_20>, void (WebCore::ContentSecurityPolicyDirective const&)>::operator()(WebCore::ContentSecurityPolicyDirective const&)
              |                 7 std::__1::__function::__value_func<void (WebCore::ContentSecurityPolicyDirective const&)>::operator()[abi:v160006](WebCore::ContentSecurityPolicyDirective const&) const
              |                   7 std::__1::function<void (WebCore::ContentSecurityPolicyDirective const&)>::operator()(WebCore::ContentSecurityPolicyDirective const&) const
              |                     7 bool WebCore::ContentSecurityPolicy::allPoliciesAllow<WebCore::ContentSecurityPolicyDirective const* (WebCore::ContentSecurityPolicyDirectiveList::*)(WTF::URL const&, bool) const, WTF::URL const&, bool>(std::__1::function<void (WebCore::ContentSecurityPolicyDirective const&)>&&, WebCore::ContentSecurityPolicyDirective const* (WebCore::ContentSecurityPolicyDirectiveList::*&&)(WTF::URL const&, bool) const, WTF::URL const&, bool&&) const
              |                       7 WebCore::ContentSecurityPolicy::allowConnectToSource(WTF::URL const&, WebCore::ContentSecurityPolicy::RedirectResponseReceived, WTF::URL const&) const
              |                         5 WebCore::FetchLoader::start(WebCore::ScriptExecutionContext&, WebCore::FetchRequest const&, WTF::String const&)
              |                         | 5 WebCore::FetchResponse::Loader::start(WebCore::ScriptExecutionContext&, WebCore::FetchRequest const&, WTF::String const&)
              |                         |   5 WebCore::FetchResponse::startLoader(WebCore::ScriptExecutionContext&, WebCore::FetchRequest&, WTF::String const&)
              |                         |     5 WebCore::FetchResponse::fetch(WebCore::ScriptExecutionContext&, WebCore::FetchRequest&, WTF::Function<void (WebCore::ExceptionOr<WTF::Ref<WebCore::FetchResponse, WTF::RawPtrTraits<WebCore::FetchResponse>>>&&)>&&, WTF::String const&)
              |                         |       5 WebCore::doFetch(WebCore::ScriptExecutionContext&, std::__1::variant<WTF::RefPtr<WebCore::FetchRequest, WTF::RawPtrTraits<WebCore::FetchRequest>, WTF::DefaultRefDerefTraits<WebCore::FetchRequest>>, WTF::String>&&, WebCore::FetchRequestInit&&, WebCore::DOMPromiseDeferred<WebCore::IDLInterface<WebCore::FetchResponse>>&&)
              |                         |         5 WebCore::WindowOrWorkerGlobalScopeFetch::fetch(WebCore::WorkerGlobalScope&, std::__1::variant<WTF::RefPtr<WebCore::FetchRequest, WTF::RawPtrTraits<WebCore::FetchRequest>, WTF::DefaultRefDerefTraits<WebCore::FetchRequest>>, WTF::String>&&, WebCore::FetchRequestInit&&, WTF::Ref<WebCore::DeferredPromise, WTF::RawPtrTraits<WebC
```

Comment 1 Chris Dumez 2023-11-07 15:52:59 PST

<rdar://117727308>

Comment 2 Chris Dumez 2023-11-07 16:03:24 PST

Pull request: https://github.com/WebKit/WebKit/pull/20136

Comment 3 EWS 2023-11-08 08:36:21 PST

Committed 270393@main (de7073050171): <https://commits.webkit.org/270393@main>

Reviewed commits have been landed. Closing PR #20136 and removing active labels.