Diff
Modified: trunk/Source/WebKit/ChangeLog (246659 => 246660)
--- trunk/Source/WebKit/ChangeLog 2019-06-20 22:52:03 UTC (rev 246659)
+++ trunk/Source/WebKit/ChangeLog 2019-06-20 22:52:06 UTC (rev 246660)
@@ -1,3 +1,22 @@
+2019-06-20 Brady Eidson <beid...@apple.com>
+
+ WebURLSchemeHandlerProxy::loadSynchronously crash with sync request.
+ <rdar://problem/51862206> and https://bugs.webkit.org/show_bug.cgi?id=199063
+
+ Reviewed by Geoffrey Garen.
+
+ Don't use a DataReference for the sync reply type.
+
+ * UIProcess/WebPageProxy.messages.in:
+ * UIProcess/WebURLSchemeHandler.h:
+
+ * UIProcess/WebURLSchemeTask.cpp:
+ (WebKit::WebURLSchemeTask::didComplete):
+ * UIProcess/WebURLSchemeTask.h:
+
+ * WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp:
+ (WebKit::WebURLSchemeHandlerProxy::loadSynchronously):
+
2019-06-20 Alex Christensen <achristen...@webkit.org>
Add unit test for UIContextMenuConfiguration API
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in (246659 => 246660)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2019-06-20 22:52:03 UTC (rev 246659)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.messages.in 2019-06-20 22:52:06 UTC (rev 246660)
@@ -536,7 +536,7 @@
StartURLSchemeTask(struct WebKit::URLSchemeTaskParameters parameters)
StopURLSchemeTask(uint64_t handlerIdentifier, uint64_t taskIdentifier)
- LoadSynchronousURLSchemeTask(struct WebKit::URLSchemeTaskParameters parameters) -> (WebCore::ResourceResponse response, WebCore::ResourceError error, IPC::DataReference data) Synchronous
+ LoadSynchronousURLSchemeTask(struct WebKit::URLSchemeTaskParameters parameters) -> (WebCore::ResourceResponse response, WebCore::ResourceError error, Vector<char> data) Synchronous
#if ENABLE(DEVICE_ORIENTATION)
ShouldAllowDeviceOrientationAndMotionAccess(uint64_t frameID, struct WebCore::SecurityOriginData origin, bool mayPrompt) -> (enum:uint8_t WebCore::DeviceOrientationOrMotionPermissionState permissionState) Async
Modified: trunk/Source/WebKit/UIProcess/WebURLSchemeHandler.h (246659 => 246660)
--- trunk/Source/WebKit/UIProcess/WebURLSchemeHandler.h 2019-06-20 22:52:03 UTC (rev 246659)
+++ trunk/Source/WebKit/UIProcess/WebURLSchemeHandler.h 2019-06-20 22:52:06 UTC (rev 246660)
@@ -44,7 +44,7 @@
class WebPageProxy;
class WebProcessProxy;
-using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const IPC::DataReference&)>;
+using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const Vector<char>&)>;
class WebURLSchemeHandler : public RefCounted<WebURLSchemeHandler> {
WTF_MAKE_NONCOPYABLE(WebURLSchemeHandler);
Modified: trunk/Source/WebKit/UIProcess/WebURLSchemeTask.cpp (246659 => 246660)
--- trunk/Source/WebKit/UIProcess/WebURLSchemeTask.cpp 2019-06-20 22:52:03 UTC (rev 246659)
+++ trunk/Source/WebKit/UIProcess/WebURLSchemeTask.cpp 2019-06-20 22:52:06 UTC (rev 246660)
@@ -136,10 +136,13 @@
m_completed = true;
if (isSync()) {
- IPC::DataReference data;
- if (m_syncData)
- data = { reinterpret_cast<const uint8_t*>(m_syncData->data()), m_syncData->size() };
- m_syncCompletionHandler(m_syncResponse, error, data);
+ Vector<char> data;
+ if (m_syncData) {
+ data.resize(m_syncData->size());
+ memcpy(data.data(), reinterpret_cast<const char*>(m_syncData->data()), m_syncData->size());
+ }
+
+ m_syncCompletionHandler(m_syncResponse, error, WTFMove(data));
m_syncData = nullptr;
}
Modified: trunk/Source/WebKit/UIProcess/WebURLSchemeTask.h (246659 => 246660)
--- trunk/Source/WebKit/UIProcess/WebURLSchemeTask.h 2019-06-20 22:52:03 UTC (rev 246659)
+++ trunk/Source/WebKit/UIProcess/WebURLSchemeTask.h 2019-06-20 22:52:06 UTC (rev 246660)
@@ -49,7 +49,7 @@
class WebURLSchemeHandler;
class WebPageProxy;
-using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const IPC::DataReference&)>;
+using SyncLoadCompletionHandler = CompletionHandler<void(const WebCore::ResourceResponse&, const WebCore::ResourceError&, const Vector<char>&)>;
class WebURLSchemeTask : public RefCounted<WebURLSchemeTask>, public InstanceCounted<WebURLSchemeTask> {
WTF_MAKE_NONCOPYABLE(WebURLSchemeTask);
Modified: trunk/Source/WebKit/WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp (246659 => 246660)
--- trunk/Source/WebKit/WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp 2019-06-20 22:52:03 UTC (rev 246659)
+++ trunk/Source/WebKit/WebProcess/WebPage/WebURLSchemeHandlerProxy.cpp 2019-06-20 22:52:06 UTC (rev 246660)
@@ -64,14 +64,11 @@
void WebURLSchemeHandlerProxy::loadSynchronously(ResourceLoadIdentifier loadIdentifier, const ResourceRequest& request, ResourceResponse& response, ResourceError& error, Vector<char>& data)
{
- IPC::DataReference dataReference;
- if (!m_webPage.sendSync(Messages::WebPageProxy::LoadSynchronousURLSchemeTask(URLSchemeTaskParameters { m_identifier, loadIdentifier, request }), Messages::WebPageProxy::LoadSynchronousURLSchemeTask::Reply(response, error, dataReference))) {
+ data.shrink(0);
+ if (!m_webPage.sendSync(Messages::WebPageProxy::LoadSynchronousURLSchemeTask(URLSchemeTaskParameters { m_identifier, loadIdentifier, request }), Messages::WebPageProxy::LoadSynchronousURLSchemeTask::Reply(response, error, data))) {
error = failedCustomProtocolSyncLoad(request);
return;
}
-
- data.resize(dataReference.size());
- memcpy(data.data(), dataReference.data(), dataReference.size());
}
void WebURLSchemeHandlerProxy::stopAllTasks()
