Title: [273881] trunk
- Revision
- 273881
- Author
- you...@apple.com
- Date
- 2021-03-04 01:39:33 -0800 (Thu, 04 Mar 2021)
Log Message
FileReader::enqueueTask should validate that its context is not stopped before executing the task
https://bugs.webkit.org/show_bug.cgi?id=222472
Source/WebCore:
Reviewed by Alex Christensen.
The event loop might run tasks even though active dom objects are stopped.
Protect from this by adding a check since m_state checks are not sufficient.
A follow-up patch should probably try to neuter FileReader if it is stopped.
Covered by http/wpt/filereader/filereader-stop.html.
* fileapi/FileReader.cpp:
(WebCore::FileReader::fireEvent):
(WebCore::FileReader::enqueueTask):
LayoutTests:
<rdar://problem/74753571>
Reviewed by Alex Christensen.
* http/wpt/filereader/filereader-stop.html: Added.
Modified Paths
Added Paths
Diff
Modified: trunk/LayoutTests/ChangeLog (273880 => 273881)
--- trunk/LayoutTests/ChangeLog 2021-03-04 09:39:03 UTC (rev 273880)
+++ trunk/LayoutTests/ChangeLog 2021-03-04 09:39:33 UTC (rev 273881)
@@ -1,5 +1,15 @@
2021-03-04 Youenn Fablet <you...@apple.com>
+ FileReader::enqueueTask should validate that its context is not stopped before executing the task
+ https://bugs.webkit.org/show_bug.cgi?id=222472
+ <rdar://problem/74753571>
+
+ Reviewed by Alex Christensen.
+
+ * http/wpt/filereader/filereader-stop.html: Added.
+
+2021-03-04 Youenn Fablet <you...@apple.com>
+
Can not read blobs in sandboxed iframes
https://bugs.webkit.org/show_bug.cgi?id=170075
<rdar://problem/31282427>
Added: trunk/LayoutTests/http/wpt/filereader/filereader-stop-expected.txt (0 => 273881)
--- trunk/LayoutTests/http/wpt/filereader/filereader-stop-expected.txt (rev 0)
+++ trunk/LayoutTests/http/wpt/filereader/filereader-stop-expected.txt 2021-03-04 09:39:33 UTC (rev 273881)
@@ -0,0 +1,3 @@
+
+PASS Make sure events are not fired for stopped readers
+
Added: trunk/LayoutTests/http/wpt/filereader/filereader-stop.html (0 => 273881)
--- trunk/LayoutTests/http/wpt/filereader/filereader-stop.html (rev 0)
+++ trunk/LayoutTests/http/wpt/filereader/filereader-stop.html 2021-03-04 09:39:33 UTC (rev 273881)
@@ -0,0 +1,39 @@
+<!doctype html>
+<html>
+ <head>
+ <meta charset="utf-8">
+ <title>Events in stopped file readers</title>
+ <script src=""
+ <script src=""
+ </head>
+ <body>
+ <script>
+function with_iframe(url) {
+ return new Promise(function(resolve) {
+ var frame = document.createElement('iframe');
+ frame.className = 'test-iframe';
+ frame.src = ""
+ frame._onload_ = function() { resolve(frame); };
+ document.body.appendChild(frame);
+ });
+}
+
+promise_test(async t => {
+ const frame = await with_iframe("/");
+ const reader = new frame.contentWindow.FileReader();
+ reader._onload_ = () => assert_unreached("load");
+ reader._onerror_ = () => assert_unreached("error");
+
+ reader.readAsText(new Blob(["123"], {type: "text/plain-specific"}));
+ await new Promise(resolve => setTimeout(resolve, 0));
+
+ frame.remove();
+ try {
+ reader.readAsText(new Blob(["123"], {type: "text/plain-specific"}));
+ } catch (e) {
+ }
+ await new Promise(resolve => setTimeout(resolve, 100));
+}, "Make sure events are not fired for stopped readers");
+ </script>
+ </body>
+</html>
Modified: trunk/Source/WebCore/ChangeLog (273880 => 273881)
--- trunk/Source/WebCore/ChangeLog 2021-03-04 09:39:03 UTC (rev 273880)
+++ trunk/Source/WebCore/ChangeLog 2021-03-04 09:39:33 UTC (rev 273881)
@@ -1,3 +1,20 @@
+2021-03-04 Youenn Fablet <you...@apple.com>
+
+ FileReader::enqueueTask should validate that its context is not stopped before executing the task
+ https://bugs.webkit.org/show_bug.cgi?id=222472
+
+ Reviewed by Alex Christensen.
+
+ The event loop might run tasks even though active dom objects are stopped.
+ Protect from this by adding a check since m_state checks are not sufficient.
+ A follow-up patch should probably try to neuter FileReader if it is stopped.
+
+ Covered by http/wpt/filereader/filereader-stop.html.
+
+ * fileapi/FileReader.cpp:
+ (WebCore::FileReader::fireEvent):
+ (WebCore::FileReader::enqueueTask):
+
2021-03-04 Chris Lord <cl...@igalia.com>
Make the data backing generated global AtomString values accessible
Modified: trunk/Source/WebCore/fileapi/FileReader.cpp (273880 => 273881)
--- trunk/Source/WebCore/fileapi/FileReader.cpp 2021-03-04 09:39:03 UTC (rev 273880)
+++ trunk/Source/WebCore/fileapi/FileReader.cpp 2021-03-04 09:39:33 UTC (rev 273881)
@@ -217,7 +217,7 @@
void FileReader::fireEvent(const AtomString& type)
{
- RELEASE_ASSERT(isAllowedToRunScript());
+ ASSERT(isAllowedToRunScript());
dispatchEvent(ProgressEvent::create(type, true, m_loader ? m_loader->bytesLoaded() : 0, m_loader ? m_loader->totalBytes() : 0));
}
@@ -239,16 +239,15 @@
void FileReader::enqueueTask(Function<void()>&& task)
{
- auto* context = scriptExecutionContext();
- if (!context)
+ if (!scriptExecutionContext())
return;
static uint64_t taskIdentifierSeed = 0;
uint64_t taskIdentifier = ++taskIdentifierSeed;
m_pendingTasks.add(taskIdentifier, WTFMove(task));
- context->eventLoop().queueTask(TaskSource::FileReading, [this, protectedThis = makeRef(*this), pendingActivity = makePendingActivity(*this), taskIdentifier] {
+ queueTaskKeepingObjectAlive(*this, TaskSource::FileReading, [this, pendingActivity = makePendingActivity(*this), taskIdentifier] {
auto task = m_pendingTasks.take(taskIdentifier);
- if (task)
+ if (task && !isContextStopped())
task();
});
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
