242208 – Crash under ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()

Bug 242208 - Crash under ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()

Summary: Crash under ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom()

Status:	RESOLVED FIXED

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	WebCore Misc. (show other bugs)
Version:	WebKit Nightly Build
Hardware:	Unspecified Unspecified

Importance:	P2 Normal
Assignee:	Chris Dumez

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-06-30 14:47 PDT by Chris Dumez
Modified:	2022-07-01 08:06 PDT (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Chris Dumez 2022-06-30 14:47:09 PDT

Crash under ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom():

Thread 2 Crashed::  
0   WebCore                       	       0x1c70a7300        void WTF::add<WTF::String, WTF::String, std::__1::optional<unsigned short> >(WTF::Hasher&, WTF::String const&, WTF::String const&, std::__1::optional<unsigned short> const&) + 356 (wtf/text/StringImpl.h:1145)
1   WebCore                       	       0x1c8401c00        WTF::HashTable<WebCore::SecurityOriginData, WebCore::SecurityOriginData, WTF::IdentityExtractor, WTF::DefaultHash<WebCore::SecurityOriginData>, WTF::HashTraits<WebCore::SecurityOriginData>, WTF::HashTraits<WebCore::SecurityOriginData> >::add(WebCore::SecurityOriginData const&) + 128 (Source/WebCore/page/SecurityOriginData.h:103)
2   WebCore                       	       0x1c895c50c        WebCore::ContentSecurityPolicy::copyUpgradeInsecureRequestStateFrom(WebCore::ContentSecurityPolicy const&) + 208 (wtf/HashSet.h:267)
3   WebCore                       	       0x1c87fa534        WebCore::WorkerThreadableLoader::WorkerThreadableLoader(WebCore::WorkerOrWorkletGlobalScope&, WebCore::ThreadableLoaderClient&, WTF::String const&, WebCore::ResourceRequest&&, WebCore::ThreadableLoaderOptions const&, WTF::String const&) + 856 (Source/WebCore/./loader/WorkerThreadableLoader.cpp:128)
4   WebCore                       	       0x1c87f6870        WebCore::ThreadableLoader::create(WebCore::ScriptExecutionContext&, WebCore::ThreadableLoaderClient&, WebCore::ResourceRequest&&, WebCore::ThreadableLoaderOptions const&, WTF::String&&, WTF::String&&) + 396 (Source/WebCore/./loader/WorkerThreadableLoader.cpp:61)
5   WebCore                       	       0x1c7ad1da8        WebCore::FetchResponse::fetch(WebCore::ScriptExecutionContext&, WebCore::FetchRequest&, WTF::Function<void (WebCore::ExceptionOr<WTF::Ref<WebCore::FetchResponse, WTF::RawPtrTraits<WebCore::FetchResponse> > >&&)>&&, WTF::String const&) + 2508 (Source/WebCore/./Modules/fetch/FetchLoader.cpp:120)
6   WebCore                       	       0x1c7ae2e38        WebCore::doFetch(WebCore::ScriptExecutionContext&, std::__1::variant<WTF::RefPtr<WebCore::FetchRequest, WTF::RawPtrTraits<WebCore::FetchRequest>, WTF::DefaultRefDerefTraits<WebCore::FetchRequest> >, WTF::String>&&, WebCore::FetchRequestInit&&, WebCore::DOMPromiseDeferred<WebCore::IDLInterface<WebCore::FetchResponse> >&&) + 396 (Source/WebCore/./Modules/fetch/WindowOrWorkerGlobalScopeFetch.cpp:58)
7   WebCore                       	       0x1c79436ec        WebCore::jsWorkerGlobalScopePrototypeFunction_fetch(JSC::JSGlobalObject*, JSC::CallFrame*) + 540 (Source/WebCore/./Modules/fetch/WindowOrWorkerGlobalScopeFetch.cpp:82)

Comment 1 Chris Dumez 2022-06-30 14:47:19 PDT

<rdar://95846191>

Comment 2 Chris Dumez 2022-06-30 14:53:56 PDT

Pull request: https://github.com/WebKit/WebKit/pull/1965

Comment 3 EWS 2022-07-01 08:06:21 PDT

Committed 252042@main (b26c466a5ac4): <https://commits.webkit.org/252042@main>

Reviewed commits have been landed. Closing PR #1965 and removing active labels.