Title: [198429] trunk/Source/WebKit2
- Revision
- 198429
- Author
- an...@apple.com
- Date
- 2016-03-18 10:58:45 -0700 (Fri, 18 Mar 2016)
Log Message
Protect against excessive cache traversal
https://bugs.webkit.org/show_bug.cgi?id=155635
rdar://problem/24241008
Reviewed by Darin Adler.
We can't handle unlimited number of parallel cache traversal requests from the client.
We'll run out of dispatch queues and other system resources. CPU will spin.
* NetworkProcess/cache/NetworkCache.cpp:
(WebKit::NetworkCache::Cache::traverse):
Add limit of maximum 3 traversals. When exceeded return nothing and log an error.
* NetworkProcess/cache/NetworkCache.h:
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (198428 => 198429)
--- trunk/Source/WebKit2/ChangeLog 2016-03-18 17:58:11 UTC (rev 198428)
+++ trunk/Source/WebKit2/ChangeLog 2016-03-18 17:58:45 UTC (rev 198429)
@@ -1,3 +1,21 @@
+2016-03-18 Antti Koivisto <an...@apple.com>
+
+ Protect against excessive cache traversal
+ https://bugs.webkit.org/show_bug.cgi?id=155635
+ rdar://problem/24241008
+
+ Reviewed by Darin Adler.
+
+ We can't handle unlimited number of parallel cache traversal requests from the client.
+ We'll run out of dispatch queues and other system resources. CPU will spin.
+
+ * NetworkProcess/cache/NetworkCache.cpp:
+ (WebKit::NetworkCache::Cache::traverse):
+
+ Add limit of maximum 3 traversals. When exceeded return nothing and log an error.
+
+ * NetworkProcess/cache/NetworkCache.h:
+
2016-03-18 Darin Adler <da...@apple.com>
Disable Caches in Safari's Develop menu does not disable caches.
Modified: trunk/Source/WebKit2/NetworkProcess/cache/NetworkCache.cpp (198428 => 198429)
--- trunk/Source/WebKit2/NetworkProcess/cache/NetworkCache.cpp 2016-03-18 17:58:11 UTC (rev 198428)
+++ trunk/Source/WebKit2/NetworkProcess/cache/NetworkCache.cpp 2016-03-18 17:58:45 UTC (rev 198429)
@@ -521,8 +521,22 @@
{
ASSERT(isEnabled());
- m_storage->traverse(resourceType(), 0, [traverseHandler](const Storage::Record* record, const Storage::RecordInfo& recordInfo) {
+ // Protect against clients making excessive traversal requests.
+ const unsigned maximumTraverseCount = 3;
+ if (m_traverseCount >= maximumTraverseCount) {
+ WTFLogAlways("Maximum parallel cache traverse count exceeded. Ignoring traversal request.");
+
+ RunLoop::main().dispatch([traverseHandler] {
+ traverseHandler(nullptr);
+ });
+ return;
+ }
+
+ ++m_traverseCount;
+
+ m_storage->traverse(resourceType(), 0, [this, traverseHandler](const Storage::Record* record, const Storage::RecordInfo& recordInfo) {
if (!record) {
+ --m_traverseCount;
traverseHandler(nullptr);
return;
}
Modified: trunk/Source/WebKit2/NetworkProcess/cache/NetworkCache.h (198428 => 198429)
--- trunk/Source/WebKit2/NetworkProcess/cache/NetworkCache.h 2016-03-18 17:58:11 UTC (rev 198428)
+++ trunk/Source/WebKit2/NetworkProcess/cache/NetworkCache.h 2016-03-18 17:58:45 UTC (rev 198429)
@@ -135,6 +135,8 @@
std::unique_ptr<SpeculativeLoadManager> m_speculativeLoadManager;
#endif
std::unique_ptr<Statistics> m_statistics;
+
+ unsigned m_traverseCount { 0 };
};
}
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
