Skip to site navigation (Press enter)

[webkit-changes] [260137] trunk/Source/WebKit

pvollan Wed, 15 Apr 2020 10:23:25 -0700

Title: [260137] trunk/Source/WebKit

Revision: 260137
Author: [email protected]
Date: 2020-04-15 10:22:00 -0700 (Wed, 15 Apr 2020)

Log Message

[iOS] Potential crash under WebProcess::platformInitializeWebProcess
https://bugs.webkit.org/show_bug.cgi?id=210547


Reviewed by Brent Fulgham.

If the UI process fails to issue an extension to the runningboard service, the WebContent process will crash
while trying to consume this extension.

No new tests, since the test runners are unsandboxed, so issuing the extension will always succeed.

* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm

Diff

Modified: trunk/Source/WebKit/ChangeLog (260136 => 260137)


--- trunk/Source/WebKit/ChangeLog	2020-04-15 16:39:34 UTC (rev 260136)
+++ trunk/Source/WebKit/ChangeLog	2020-04-15 17:22:00 UTC (rev 260137)
@@ -1,3 +1,20 @@
+2020-04-15  Per Arne Vollan  <[email protected]>
+
+        [iOS] Potential crash under WebProcess::platformInitializeWebProcess
+        https://bugs.webkit.org/show_bug.cgi?id=210547
+
+        Reviewed by Brent Fulgham.
+
+        If the UI process fails to issue an extension to the runningboard service, the WebContent process will crash
+        while trying to consume this extension.
+
+        No new tests, since the test runners are unsandboxed, so issuing the extension will always succeed.
+
+        * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+        (WebKit::WebProcessPool::platformInitializeWebProcess):
+        * WebProcess/cocoa/WebProcessCocoa.mm:
+        (WebKit::WebProcess::platformInitializeWebProcess):
+
 2020-04-15  Brent Fulgham  <[email protected]>
 
         [Cocoa] Remove generic parameter serialization fallback

Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (260136 => 260137)


--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-04-15 16:39:34 UTC (rev 260136)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-04-15 17:22:00 UTC (rev 260137)
@@ -390,8 +390,8 @@
     }
 
     SandboxExtension::Handle runningboardExtensionHandle;
-    SandboxExtension::createHandleForMachLookup("com.apple.runningboard", WTF::nullopt, runningboardExtensionHandle, SandboxExtension::Flags::NoReport);
-    parameters.runningboardExtensionHandle = WTFMove(runningboardExtensionHandle);
+    if (SandboxExtension::createHandleForMachLookup("com.apple.runningboard", WTF::nullopt, runningboardExtensionHandle, SandboxExtension::Flags::NoReport))
+        parameters.runningboardExtensionHandle = WTFMove(runningboardExtensionHandle);
 #endif
     
 #if PLATFORM(COCOA)

Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (260136 => 260137)


--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm	2020-04-15 16:39:34 UTC (rev 260136)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm	2020-04-15 17:22:00 UTC (rev 260137)
@@ -178,18 +178,20 @@
 
 
 #if PLATFORM(IOS_FAMILY)
-    auto extension = SandboxExtension::create(WTFMove(*parameters.runningboardExtensionHandle));
-    bool consumed = extension->consume();
-    ASSERT_UNUSED(consumed, consumed);
+    if (parameters.runningboardExtensionHandle) {
+        auto extension = SandboxExtension::create(WTFMove(*parameters.runningboardExtensionHandle));
+        bool consumed = extension->consume();
+        ASSERT_UNUSED(consumed, consumed);
 
-    ASSERT(!m_uiProcessDependencyProcessAssertion);
-    if (auto remoteProcessID = parentProcessConnection()->remoteProcessID())
-        m_uiProcessDependencyProcessAssertion = makeUnique<ProcessAssertion>(remoteProcessID, "WebContent process dependency on UIProcess"_s, ProcessAssertionType::DependentProcessLink);
-    else
-        RELEASE_LOG_ERROR_IF_ALLOWED(ProcessSuspension, "Unable to create a process dependency assertion on UIProcess because remoteProcessID is 0");
+        ASSERT(!m_uiProcessDependencyProcessAssertion);
+        if (auto remoteProcessID = parentProcessConnection()->remoteProcessID())
+            m_uiProcessDependencyProcessAssertion = makeUnique<ProcessAssertion>(remoteProcessID, "WebContent process dependency on UIProcess"_s, ProcessAssertionType::DependentProcessLink);
+        else
+            RELEASE_LOG_ERROR_IF_ALLOWED(ProcessSuspension, "Unable to create a process dependency assertion on UIProcess because remoteProcessID is 0");
 
-    bool revoked = extension->revoke();
-    ASSERT_UNUSED(revoked, revoked);
+        bool revoked = extension->revoke();
+        ASSERT_UNUSED(revoked, revoked);
+    }
 #endif
 
 #if !LOG_DISABLED || !RELEASE_LOG_DISABLED

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes