[webkit-changes] [WebKit/WebKit] 4522d4: ASSERT when calling browser.storageArea.get()

kiaraarose noreply at github.com
Wed Jan 24 15:06:40 PST 2024 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 4522d41c15c5272d1a47017cd6c5fd1bb1dcf0a8
      https://github.com/WebKit/WebKit/commit/4522d41c15c5272d1a47017cd6c5fd1bb1dcf0a8
  Author: Kiara Rose <kiara_rose at apple.com>
  Date:   2024-01-24 (Wed, 24 Jan 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIStorageCocoa.mm
    M Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm
    M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h

  Log Message:
  -----------
  ASSERT when calling browser.storageArea.get()
https://bugs.webkit.org/show_bug.cgi?id=268020
rdar://121538792

Reviewed by Timothy Hatcher.

Issues with how ErrorString was being used in WebKit::WebExtensionContext::extensionCanAccessWebPage
caused the crash. However, since a failure in this method would indicate a security issue, we should
remove this error message and instead add a RELEASE_ASSERT_NOT_REACHED().

The reason why we're hitting this failure currently is because we return false when the tab
for the web page is not found. This is an internal bug and is being tracked in
https://bugs.webkit.org/show_bug.cgi?id=268030, rdar://121550605.

* Source/WebKit/UIProcess/Extensions/Cocoa/API/WebExtensionContextAPIStorageCocoa.mm:
(WebKit::WebExtensionContext::storageGet):
(WebKit::WebExtensionContext::storageGetBytesInUse):
(WebKit::WebExtensionContext::storageSet):
(WebKit::WebExtensionContext::storageRemove):
(WebKit::WebExtensionContext::storageClear):
(WebKit::WebExtensionContext::storageSetAccessLevel):
* Source/WebKit/UIProcess/Extensions/Cocoa/WebExtensionContextCocoa.mm:
(WebKit::WebExtensionContext::extensionCanAccessWebPage):
A failure in this function would indicate a security bug as this case should never be hit.
Add a RELEASE_ASSERT_NOT_REACHED() for this.

* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:

Canonical link: https://commits.webkit.org/273448@main

More information about the webkit-changes mailing list