| Summary: | REGRESSION (r250728): Use-after-move in NetworkProcess::addServiceWorkerSession() | ||||||
|---|---|---|---|---|---|---|---|
| Product: | WebKit | Reporter: | David Kilzer (:ddkilzer) <ddkilzer> | ||||
| Component: | Service Workers | Assignee: | David Kilzer (:ddkilzer) <ddkilzer> | ||||
| Status: | RESOLVED FIXED | ||||||
| Severity: | Normal | CC: | achristensen, darin, webkit-bug-importer, youennf | ||||
| Priority: | P2 | Keywords: | InRadar | ||||
| Version: | WebKit Nightly Build | ||||||
| Hardware: | Unspecified | ||||||
| OS: | Unspecified | ||||||
| Attachments: |
|
||||||
Created attachment 394849 [details]
Patch v1
This regressed in: Bug 202553: Move WKProcessPool._registerURLSchemeServiceWorkersCanHandle to _WKWebsiteDataStoreConfiguration <https://bugs.webkit.org/show_bug.cgi?id=202553> <rdar://problem/55985536> <http://trac.webkit.org/r250728> Committed r259167: <https://trac.webkit.org/changeset/259167> All reviewed patches have been landed. Closing bug and clearing flags on attachment 394849 [details]. |
Use-after-move in NetworkProcess::addServiceWorkerSession() of `serviceWorkerRegistrationDirectory` parameter: void NetworkProcess::addServiceWorkerSession(PAL::SessionID sessionID, bool processTerminationDelayEnabled, String&& serviceWorkerRegistrationDirectory, const SandboxExtension::Handle& handle) { ServiceWorkerInfo info { WTFMove(serviceWorkerRegistrationDirectory), processTerminationDelayEnabled }; auto addResult = m_serviceWorkerInfo.add(sessionID, WTFMove(info)); if (addResult.isNewEntry) { SandboxExtension::consumePermanently(handle); if (!serviceWorkerRegistrationDirectory.isEmpty()) postStorageTask(createCrossThreadTask(*this, &NetworkProcess::ensurePathExists, serviceWorkerRegistrationDirectory)); } } The postStorageTask() will never run because `serviceWorkerRegistrationDirectory.isEmpty()` is always true.