[webkit-changes] [260137] trunk/Source/WebKit

[pvollan]

Title: [260137] trunk/Source/WebKit

Revision

260137

Author

pvol...@apple.com

Date

2020-04-15 10:22:00 -0700 (Wed, 15 Apr 2020)

Log Message

[iOS] Potential crash under WebProcess::platformInitializeWebProcess
https://bugs.webkit.org/show_bug.cgi?id=210547

Reviewed by Brent Fulgham.

If the UI process fails to issue an extension to the runningboard service, the WebContent process will crash
while trying to consume this extension.

No new tests, since the test runners are unsandboxed, so issuing the extension will always succeed.

* UIProcess/Cocoa/WebProcessPoolCocoa.mm:
(WebKit::WebProcessPool::platformInitializeWebProcess):
* WebProcess/cocoa/WebProcessCocoa.mm:
(WebKit::WebProcess::platformInitializeWebProcess):

Modified Paths

• trunk/Source/WebKit/ChangeLog
• trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm
• trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm

Diff

Modified: trunk/Source/WebKit/ChangeLog (260136 => 260137)

--- trunk/Source/WebKit/ChangeLog	2020-04-15 16:39:34 UTC (rev 260136)
+++ trunk/Source/WebKit/ChangeLog	2020-04-15 17:22:00 UTC (rev 260137)
@@ -1,3 +1,20 @@
+2020-04-15  Per Arne Vollan  <pvol...@apple.com>
+
+        [iOS] Potential crash under WebProcess::platformInitializeWebProcess
+        https://bugs.webkit.org/show_bug.cgi?id=210547
+
+        Reviewed by Brent Fulgham.
+
+        If the UI process fails to issue an extension to the runningboard service, the WebContent process will crash
+        while trying to consume this extension.
+
+        No new tests, since the test runners are unsandboxed, so issuing the extension will always succeed.
+
+        * UIProcess/Cocoa/WebProcessPoolCocoa.mm:
+        (WebKit::WebProcessPool::platformInitializeWebProcess):
+        * WebProcess/cocoa/WebProcessCocoa.mm:
+        (WebKit::WebProcess::platformInitializeWebProcess):
+
 2020-04-15  Brent Fulgham  <bfulg...@apple.com>
 
         [Cocoa] Remove generic parameter serialization fallback

Modified: trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm (260136 => 260137)

--- trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-04-15 16:39:34 UTC (rev 260136)
+++ trunk/Source/WebKit/UIProcess/Cocoa/WebProcessPoolCocoa.mm	2020-04-15 17:22:00 UTC (rev 260137)
@@ -390,8 +390,8 @@
     }
 
     SandboxExtension::Handle runningboardExtensionHandle;
-    SandboxExtension::createHandleForMachLookup("com.apple.runningboard", WTF::nullopt, runningboardExtensionHandle, SandboxExtension::Flags::NoReport);
-    parameters.runningboardExtensionHandle = WTFMove(runningboardExtensionHandle);
+    if (SandboxExtension::createHandleForMachLookup("com.apple.runningboard", WTF::nullopt, runningboardExtensionHandle, SandboxExtension::Flags::NoReport))
+        parameters.runningboardExtensionHandle = WTFMove(runningboardExtensionHandle);
 #endif
     
 #if PLATFORM(COCOA)

Modified: trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm (260136 => 260137)

--- trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm	2020-04-15 16:39:34 UTC (rev 260136)
+++ trunk/Source/WebKit/WebProcess/cocoa/WebProcessCocoa.mm	2020-04-15 17:22:00 UTC (rev 260137)
@@ -178,18 +178,20 @@
 
 
 #if PLATFORM(IOS_FAMILY)
-    auto extension = SandboxExtension::create(WTFMove(*parameters.runningboardExtensionHandle));
-    bool consumed = extension->consume();
-    ASSERT_UNUSED(consumed, consumed);
+    if (parameters.runningboardExtensionHandle) {
+        auto extension = SandboxExtension::create(WTFMove(*parameters.runningboardExtensionHandle));
+        bool consumed = extension->consume();
+        ASSERT_UNUSED(consumed, consumed);
 
-    ASSERT(!m_uiProcessDependencyProcessAssertion);
-    if (auto remoteProcessID = parentProcessConnection()->remoteProcessID())
-        m_uiProcessDependencyProcessAssertion = makeUnique<ProcessAssertion>(remoteProcessID, "WebContent process dependency on UIProcess"_s, ProcessAssertionType::DependentProcessLink);
-    else
-        RELEASE_LOG_ERROR_IF_ALLOWED(ProcessSuspension, "Unable to create a process dependency assertion on UIProcess because remoteProcessID is 0");
+        ASSERT(!m_uiProcessDependencyProcessAssertion);
+        if (auto remoteProcessID = parentProcessConnection()->remoteProcessID())
+            m_uiProcessDependencyProcessAssertion = makeUnique<ProcessAssertion>(remoteProcessID, "WebContent process dependency on UIProcess"_s, ProcessAssertionType::DependentProcessLink);
+        else
+            RELEASE_LOG_ERROR_IF_ALLOWED(ProcessSuspension, "Unable to create a process dependency assertion on UIProcess because remoteProcessID is 0");
 
-    bool revoked = extension->revoke();
-    ASSERT_UNUSED(revoked, revoked);
+        bool revoked = extension->revoke();
+        ASSERT_UNUSED(revoked, revoked);
+    }
 #endif
 
 #if !LOG_DISABLED || !RELEASE_LOG_DISABLED

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes