Bug 249062

Summary: Fix use-after-move in WebCore::WorkerScriptLoader::loadAsynchronously()
Product: WebKit Reporter: David Kilzer (:ddkilzer) <ddkilzer>
Component: Service WorkersAssignee: David Kilzer (:ddkilzer) <ddkilzer>
Status: RESOLVED FIXED    
Severity: Normal CC: webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: WebKit Nightly Build   
Hardware: Unspecified   
OS: Unspecified   

Description David Kilzer (:ddkilzer) 2022-12-09 19:12:50 PST 
Fix use-after-move in WebCore::WorkerScriptLoader::loadAsynchronously() in Source/WebCore/workers/WorkerScriptLoader.cpp.

There is a use-after-move of `scriptRequest` where `scriptRequest.url()` is called later in the method, but `m_url` may be used instead.

```
void WorkerScriptLoader::loadAsynchronously(ScriptExecutionContext& scriptExecutionContext, ResourceRequest&& scriptRequest, Source source, FetchOptions&& fetchOptions, ContentSecurityPolicyEnforcement contentSecurityPolicyEnforcement, ServiceWorkersMode serviceWorkerMode, WorkerScriptLoaderClient& client, String&& taskMode, ScriptExecutionContextIdentifier clientIdentifier)
{
    m_client = &client;
    m_url = scriptRequest.url();
    m_source = source;
    m_destination = fetchOptions.destination;
    m_isCOEPEnabled = scriptExecutionContext.settingsValues().crossOriginEmbedderPolicyEnabled;
    m_clientIdentifier = clientIdentifier;

    ASSERT(scriptRequest.httpMethod() == "GET"_s);

    auto request = makeUnique<ResourceRequest>(WTFMove(scriptRequest));
    if (!request)
        return;
    [...]
    if (m_destination == FetchOptions::Destination::Sharedworker)
        m_userAgentForSharedWorker = scriptExecutionContext.userAgent(scriptRequest.url());  // Use-after-move of `scriptRequest`.

    // During create, callbacks may happen which remove the last reference to this object.
    Ref<WorkerScriptLoader> protectedThis(*this);
    m_threadableLoader = ThreadableLoader::create(scriptExecutionContext, *this, WTFMove(*request), options, { }, WTFMove(taskMode));
}
```
Comment 1 Radar WebKit Bug Importer 2022-12-09 19:13:04 PST 
<rdar://problem/103203412>
Comment 2 David Kilzer (:ddkilzer) 2022-12-09 19:18:10 PST 
Pull request: https://github.com/WebKit/WebKit/pull/7428
Comment 3 EWS 2022-12-12 11:38:26 PST 
Committed 257748@main (3a91df74661a): <https://commits.webkit.org/257748@main>

Reviewed commits have been landed. Closing PR #7428 and removing active labels.