[webkit-changes] [153850] trunk/Source/WebCore

Thu, 08 Aug 2013 15:00:04 -0700

Title: [153850] trunk/Source/WebCore
Revision
153850
Author
wei...@apple.com
Date
2013-08-08 15:01:05 -0700 (Thu, 08 Aug 2013)

Log Message

Hashing SecurityOrigin's can lead to trouble if you mutate them :(
https://bugs.webkit.org/show_bug.cgi?id=119533
<rdar://problem/12978338>

Reviewed by Andreas Kling.

We are getting into trouble in the following circumstance:
- You have a HashMap<RefPtr<SecurityOrigin>, Value> map.
- You add security origin A (http, www.webkit.org, 80) to the map.
- You mutate security origin A by domain relaxation, so that it has the domain webkit.org.
- You add security origin B (http, www.webkit.org, 80) to the map.
- You mutate security origin B by domain relaxation, so that it has the domain webkit.org.
    You now have two identical keys in the map.
- Add few more items to the map causing a rehash.
- When you try to add A and B back into the map, you will have a collision, because they now equal each other.

We should probably stop using SecurityOrigins as keys in HashMaps (and move to using a non-mutable SecurityOriginTuple,
or something), but for now, we can just only use the scheme / host / port part for equality, which is what all the users
really want.

* page/SecurityOriginHash.h:
(WebCore::SecurityOriginHash::equal):
Switch to using isSameSchemeHostPort() for SecurityOriginHash::equal().

Modified Paths

Diff

Modified: trunk/Source/WebCore/ChangeLog (153849 => 153850)


--- trunk/Source/WebCore/ChangeLog	2013-08-08 21:37:14 UTC (rev 153849)
+++ trunk/Source/WebCore/ChangeLog	2013-08-08 22:01:05 UTC (rev 153850)
@@ -1,3 +1,29 @@
+2013-08-06  Sam Weinig  <s...@webkit.org>
+
+        Hashing SecurityOrigin's can lead to trouble if you mutate them :(
+        https://bugs.webkit.org/show_bug.cgi?id=119533
+        <rdar://problem/12978338>
+
+        Reviewed by Andreas Kling.
+
+        We are getting into trouble in the following circumstance:
+        - You have a HashMap<RefPtr<SecurityOrigin>, Value> map.
+        - You add security origin A (http, www.webkit.org, 80) to the map.
+        - You mutate security origin A by domain relaxation, so that it has the domain webkit.org.
+        - You add security origin B (http, www.webkit.org, 80) to the map.
+        - You mutate security origin B by domain relaxation, so that it has the domain webkit.org.
+            You now have two identical keys in the map.
+        - Add few more items to the map causing a rehash.
+        - When you try to add A and B back into the map, you will have a collision, because they now equal each other.
+
+        We should probably stop using SecurityOrigins as keys in HashMaps (and move to using a non-mutable SecurityOriginTuple,
+        or something), but for now, we can just only use the scheme / host / port part for equality, which is what all the users
+        really want.
+
+        * page/SecurityOriginHash.h:
+        (WebCore::SecurityOriginHash::equal):
+        Switch to using isSameSchemeHostPort() for SecurityOriginHash::equal().
+
 2013-08-08  Rob Buis  <rwlb...@webkit.org>
 
         ASSERT_NOT_REACHED() touched in WebCore::SVGAnimatedStringAnimator::addAnimatedTypes

Modified: trunk/Source/WebCore/WebCore.exp.in (153849 => 153850)


--- trunk/Source/WebCore/WebCore.exp.in	2013-08-08 21:37:14 UTC (rev 153849)
+++ trunk/Source/WebCore/WebCore.exp.in	2013-08-08 22:01:05 UTC (rev 153850)
@@ -1444,6 +1444,7 @@
 __ZNK7WebCore14SecurityOrigin12isolatedCopyEv
 __ZNK7WebCore14SecurityOrigin16canAccessStorageEPKS0_NS0_25ShouldAllowFromThirdPartyE
 __ZNK7WebCore14SecurityOrigin18databaseIdentifierEv
+__ZNK7WebCore14SecurityOrigin20isSameSchemeHostPortEPKS0_
 __ZNK7WebCore14SecurityOrigin5equalEPKS0_
 __ZNK7WebCore14SecurityOrigin8toStringEv
 __ZNK7WebCore15AffineTransform10isIdentityEv

Modified: trunk/Source/WebCore/page/SecurityOriginHash.h (153849 => 153850)


--- trunk/Source/WebCore/page/SecurityOriginHash.h	2013-08-08 21:37:14 UTC (rev 153849)
+++ trunk/Source/WebCore/page/SecurityOriginHash.h	2013-08-08 22:01:05 UTC (rev 153850)
@@ -52,13 +52,9 @@
 
     static bool equal(SecurityOrigin* a, SecurityOrigin* b)
     {
-        // FIXME: The hash function above compares three specific fields.
-        // This code to compare those three specific fields should be moved here from
-        // SecurityOrigin as mentioned in SecurityOrigin.h so we don't accidentally change
-        // equal without changing hash to match it.
         if (!a || !b)
             return a == b;
-        return a->equal(b);
+        return a->isSameSchemeHostPort(b);
     }
     static bool equal(SecurityOrigin* a, const RefPtr<SecurityOrigin>& b)
     {

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to