Bug 242208

Summary:	Crash under ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()
Product:	WebKit	Reporter:	Chris Dumez <cdumez>
Component:	WebCore Misc.	Assignee:	Chris Dumez <cdumez>
Status:	RESOLVED FIXED
Severity:	Normal	CC:	webkit-bug-importer
Priority:	P2	Keywords:	InRadar
Version:	WebKit Nightly Build
Hardware:	Unspecified
OS:	Unspecified

Chris Dumez

Reported 2022-06-30 14:47:09 PDT

Crash under ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom(): Thread 2 Crashed:: 0 WebCore 0x1c70a7300 void WTF::add<WTF::String, WTF::String, std::__1::optional<unsigned short> >(WTF::Hasher&, WTF::String const&, WTF::String const&, std::__1::optional<unsigned short> const&) + 356 (wtf/text/StringImpl.h:1145) 1 WebCore 0x1c8401c00 WTF::HashTable<WebCore::SecurityOriginData, WebCore::SecurityOriginData, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::SecurityOriginData>, WTF::HashTraits<WebCore::SecurityOriginData>, WTF::HashTraits<WebCore::SecurityOriginData> >::add(WebCore::SecurityOriginData const&) + 128 (Source/WebCore/page/SecurityOriginData.h:103) 2 WebCore 0x1c895c50c WebCore::ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom(WebCore::ContentSecurityPolicy const&) + 208 (wtf/HashSet.h:267) 3 WebCore 0x1c87fa534 WebCore::WorkerThreadableLoader::WorkerThreadableLoader(WebCore::WorkerOrWorkletGlobalScope&, WebCore::ThreadableLoaderClient&, WTF::String const&, WebCore::ResourceRequest&&, WebCore::ThreadableLoaderOptions const&, WTF::String const&) + 856 (Source/WebCore/./loader/WorkerThreadableLoader.cpp:128) 4 WebCore 0x1c87f6870 WebCore::ThreadableLoader::create(WebCore::ScriptExecutionContext&, WebCore::ThreadableLoaderClient&, WebCore::ResourceRequest&&, WebCore::ThreadableLoaderOptions const&, WTF::String&&, WTF::String&&) + 396 (Source/WebCore/./loader/WorkerThreadableLoader.cpp:61) 5 WebCore 0x1c7ad1da8 WebCore::FetchResponse::fetch(WebCore::ScriptExecutionContext&, WebCore::FetchRequest&, WTF::Function<void (WebCore::ExceptionOr<WTF::Ref<WebCore::FetchResponse, WTF::RawPtrTraits<WebCore::FetchResponse> > >&&)>&&, WTF::String const&) + 2508 (Source/WebCore/./Modules/fetch/FetchLoader.cpp:120) 6 WebCore 0x1c7ae2e38 WebCore::doFetch(WebCore::ScriptExecutionContext&, std::__1::variant<WTF::RefPtr<WebCore::FetchRequest, WTF::RawPtrTraits<WebCore::FetchRequest>, WTF::DefaultRefDerefTraits<WebCore::FetchRequest> >, WTF::String>&&, WebCore::FetchRequestInit&&, WebCore::DOMPromiseDeferred<WebCore::IDLInterface<WebCore::FetchResponse> >&&) + 396 (Source/WebCore/./Modules/fetch/WindowOrWorkerGlobalScopeFetch.cpp:58) 7 WebCore 0x1c79436ec WebCore::jsWorkerGlobalScopePrototypeFunction_fetch(JSC::JSGlobalObject*, JSC::CallFrame*) + 540 (Source/WebCore/./Modules/fetch/WindowOrWorkerGlobalScopeFetch.cpp:82)

Attachments
Add attachment proposed patch, testcase, etc.

Chris Dumez

Comment 1 2022-06-30 14:47:19 PDT

<rdar://95846191>

Chris Dumez

Comment 2 2022-06-30 14:53:56 PDT

Pull request: https://github.com/WebKit/WebKit/pull/1965

EWS

Comment 3 2022-07-01 08:06:21 PDT

Committed 252042@main (b26c466a5ac4): <https://commits.webkit.org/252042@main> Reviewed commits have been landed. Closing PR #1965 and removing active labels.

Note You need to log in before you can comment on or make changes to this bug.