[Webkit-unassigned] [Bug 209710] New: Use-after-move in NetworkProcess::addServiceWorkerSession()
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Mar 28 18:23:28 PDT 2020
https://bugs.webkit.org/show_bug.cgi?id=209710
Bug ID: 209710
Summary: Use-after-move in
NetworkProcess::addServiceWorkerSession()
Product: WebKit
Version: WebKit Nightly Build
Hardware: Unspecified
OS: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: Service Workers
Assignee: webkit-unassigned at lists.webkit.org
Reporter: ddkilzer at webkit.org
CC: youennf at gmail.com
Use-after-move in NetworkProcess::addServiceWorkerSession() of `serviceWorkerRegistrationDirectory` parameter:
void NetworkProcess::addServiceWorkerSession(PAL::SessionID sessionID, bool processTerminationDelayEnabled, String&& serviceWorkerRegistrationDirectory, const SandboxExtension::Handle& handle)
{
ServiceWorkerInfo info {
WTFMove(serviceWorkerRegistrationDirectory),
processTerminationDelayEnabled
};
auto addResult = m_serviceWorkerInfo.add(sessionID, WTFMove(info));
if (addResult.isNewEntry) {
SandboxExtension::consumePermanently(handle);
if (!serviceWorkerRegistrationDirectory.isEmpty())
postStorageTask(createCrossThreadTask(*this, &NetworkProcess::ensurePathExists, serviceWorkerRegistrationDirectory));
}
}
The postStorageTask() will never run because `serviceWorkerRegistrationDirectory.isEmpty()` is always true.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20200329/8c134e82/attachment-0001.htm>
More information about the webkit-unassigned
mailing list