Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 38dda747791f37dc504551dcafdeb4b1926f8930
https://github.com/WebKit/WebKit/commit/38dda747791f37dc504551dcafdeb4b1926f8930
Author: Chris Dumez <[email protected]>
Date: 2026-06-10 (Wed, 10 Jun 2026)
Changed paths:
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp
M Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h
Log Message:
-----------
CtapAuthenticator strands an internal continuation handler when restarting
PIN during a silent credential check
https://bugs.webkit.org/show_bug.cgi?id=316752
Reviewed by Pascoe.
continueSilentlyCheckCredentials() takes an internal continuation that, on
success/failure, advances the request via
continueMakeCredentialAfterCheckExcludedCredentials()
or continueGetAssertionAfterCheckAllowCredentials(). When the authenticator
returns a PIN error, the code calls tryRestartPin() and returns early without
invoking that continuation. Because the continuation was typed as a
CompletionHandler -- which asserts in its destructor if never called -- this
path tripped the "Completion handler should always be called" assertion (and
leaked the continuation in release builds). The same strand existed on the
dead-ish kCtap2ErrNoCredentials path.
There are two ways to satisfy CompletionHandler's exactly-once contract, and
only one is correct:
- Calling the continuation here is WRONG: tryRestartPin() restarts the whole
request from scratch by issuing its own driver transaction (getRetries() /
performAuthenticatorSelectionForSetupPin()). The driver processes a single
transaction at a time, so advancing the stale continuation -- which issues
yet another transaction -- would put two transactions in flight at once.
The early return is therefore the intended behavior; the continuation must
be abandoned.
- Abandoning a CompletionHandler is what trips the assertion. The real defect
is the type: a callback that is legitimately not invoked on some paths
should be a Function, not a CompletionHandler.
Change the continuation parameter from CompletionHandler<void(bool)> to
Function<void(bool)>, which carries no exactly-once contract. Behavior on all
paths is unchanged; only the spurious assertion/leak is removed.
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.cpp:
(WebKit::CtapAuthenticator::continueSilentlyCheckCredentials):
* Source/WebKit/UIProcess/WebAuthentication/fido/CtapAuthenticator.h:
Canonical link: https://commits.webkit.org/314962@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
