Title: [153850] trunk/Source/WebCore
- Revision
- 153850
- Author
- wei...@apple.com
- Date
- 2013-08-08 15:01:05 -0700 (Thu, 08 Aug 2013)
Log Message
Hashing SecurityOrigin's can lead to trouble if you mutate them :(
https://bugs.webkit.org/show_bug.cgi?id=119533
<rdar://problem/12978338>
Reviewed by Andreas Kling.
We are getting into trouble in the following circumstance:
- You have a HashMap<RefPtr<SecurityOrigin>, Value> map.
- You add security origin A (http, www.webkit.org, 80) to the map.
- You mutate security origin A by domain relaxation, so that it has the domain webkit.org.
- You add security origin B (http, www.webkit.org, 80) to the map.
- You mutate security origin B by domain relaxation, so that it has the domain webkit.org.
You now have two identical keys in the map.
- Add few more items to the map causing a rehash.
- When you try to add A and B back into the map, you will have a collision, because they now equal each other.
We should probably stop using SecurityOrigins as keys in HashMaps (and move to using a non-mutable SecurityOriginTuple,
or something), but for now, we can just only use the scheme / host / port part for equality, which is what all the users
really want.
* page/SecurityOriginHash.h:
(WebCore::SecurityOriginHash::equal):
Switch to using isSameSchemeHostPort() for SecurityOriginHash::equal().
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (153849 => 153850)
--- trunk/Source/WebCore/ChangeLog 2013-08-08 21:37:14 UTC (rev 153849)
+++ trunk/Source/WebCore/ChangeLog 2013-08-08 22:01:05 UTC (rev 153850)
@@ -1,3 +1,29 @@
+2013-08-06 Sam Weinig <s...@webkit.org>
+
+ Hashing SecurityOrigin's can lead to trouble if you mutate them :(
+ https://bugs.webkit.org/show_bug.cgi?id=119533
+ <rdar://problem/12978338>
+
+ Reviewed by Andreas Kling.
+
+ We are getting into trouble in the following circumstance:
+ - You have a HashMap<RefPtr<SecurityOrigin>, Value> map.
+ - You add security origin A (http, www.webkit.org, 80) to the map.
+ - You mutate security origin A by domain relaxation, so that it has the domain webkit.org.
+ - You add security origin B (http, www.webkit.org, 80) to the map.
+ - You mutate security origin B by domain relaxation, so that it has the domain webkit.org.
+ You now have two identical keys in the map.
+ - Add few more items to the map causing a rehash.
+ - When you try to add A and B back into the map, you will have a collision, because they now equal each other.
+
+ We should probably stop using SecurityOrigins as keys in HashMaps (and move to using a non-mutable SecurityOriginTuple,
+ or something), but for now, we can just only use the scheme / host / port part for equality, which is what all the users
+ really want.
+
+ * page/SecurityOriginHash.h:
+ (WebCore::SecurityOriginHash::equal):
+ Switch to using isSameSchemeHostPort() for SecurityOriginHash::equal().
+
2013-08-08 Rob Buis <rwlb...@webkit.org>
ASSERT_NOT_REACHED() touched in WebCore::SVGAnimatedStringAnimator::addAnimatedTypes
Modified: trunk/Source/WebCore/WebCore.exp.in (153849 => 153850)
--- trunk/Source/WebCore/WebCore.exp.in 2013-08-08 21:37:14 UTC (rev 153849)
+++ trunk/Source/WebCore/WebCore.exp.in 2013-08-08 22:01:05 UTC (rev 153850)
@@ -1444,6 +1444,7 @@
__ZNK7WebCore14SecurityOrigin12isolatedCopyEv
__ZNK7WebCore14SecurityOrigin16canAccessStorageEPKS0_NS0_25ShouldAllowFromThirdPartyE
__ZNK7WebCore14SecurityOrigin18databaseIdentifierEv
+__ZNK7WebCore14SecurityOrigin20isSameSchemeHostPortEPKS0_
__ZNK7WebCore14SecurityOrigin5equalEPKS0_
__ZNK7WebCore14SecurityOrigin8toStringEv
__ZNK7WebCore15AffineTransform10isIdentityEv
Modified: trunk/Source/WebCore/page/SecurityOriginHash.h (153849 => 153850)
--- trunk/Source/WebCore/page/SecurityOriginHash.h 2013-08-08 21:37:14 UTC (rev 153849)
+++ trunk/Source/WebCore/page/SecurityOriginHash.h 2013-08-08 22:01:05 UTC (rev 153850)
@@ -52,13 +52,9 @@
static bool equal(SecurityOrigin* a, SecurityOrigin* b)
{
- // FIXME: The hash function above compares three specific fields.
- // This code to compare those three specific fields should be moved here from
- // SecurityOrigin as mentioned in SecurityOrigin.h so we don't accidentally change
- // equal without changing hash to match it.
if (!a || !b)
return a == b;
- return a->equal(b);
+ return a->isSameSchemeHostPort(b);
}
static bool equal(SecurityOrigin* a, const RefPtr<SecurityOrigin>& b)
{
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes