Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(217)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 2358993003: Service worker creation from <link> leads to nullptr dereference (Closed)

Created:
4 years, 3 months ago by jww
Modified:
4 years, 2 months ago
Reviewers:
falken
CC:
chromium-reviews, michaeln, jsbell+serviceworker_chromium.org, kenjibaheux+watch_chromium.org, shimazu+serviceworker_chromium.org, serviceworker-reviews, nhiroki, falken, haraken, kinuko+serviceworker, blink-reviews, horo+watch_chromium.org, tzik, Mike West, Yoav Weiss
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Service worker creation from <link> leads to nullptr dereference If a sandboxed iframe or a frame in a suborigin attempts to register a service worker with <link rel=serviceworker>, it leads to a nullptr deference. This is because ServiceWorkerLinkResource::process() does not account for the possibility that NavigatorServiceWorker::serviceWorker can return a nullptr. In this case, sandboxed iframes and suborigins are not allowed to register service workers, so they return nullptr. The solution is to check for nullptr and throw an appropriate error. Tests are added to verify as well. BUG=649239 Committed: https://crrev.com/2c0f1f71edd2ae034329ad2617e68fa89dbe536c Cr-Commit-Position: refs/heads/master@{#420853}

Patch Set 1 #

Total comments: 8

Patch Set 2 : Nits from falken@ #

Total comments: 2

Patch Set 3 : Rebase on ToT #

Patch Set 4 : Formatting #

Messages

Total messages: 17 (6 generated)
jww
falken@, can you review this? It turns out I was sort of accounting for suborigins ...
4 years, 3 months ago (2016-09-22 05:44:35 UTC) #2
falken
looks good with nits https://codereview.chromium.org/2358993003/diff/1/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-service-worker-dom-access.php File third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-service-worker-dom-access.php (right): https://codereview.chromium.org/2358993003/diff/1/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-service-worker-dom-access.php#newcode7 third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-service-worker-dom-access.php:7: <title>Service Worker DOM API fails ...
4 years, 3 months ago (2016-09-23 01:22:33 UTC) #3
jww
Thanks, Matt. Let me know if you see anything else! https://codereview.chromium.org/2358993003/diff/1/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-service-worker-dom-access.php File third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-service-worker-dom-access.php (right): https://codereview.chromium.org/2358993003/diff/1/third_party/WebKit/LayoutTests/http/tests/security/suborigins/suborigin-service-worker-dom-access.php#newcode7 ...
4 years, 3 months ago (2016-09-23 04:34:47 UTC) #4
falken
lgtm https://codereview.chromium.org/2358993003/diff/20001/third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html File third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html (right): https://codereview.chromium.org/2358993003/diff/20001/third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html#newcode19 third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html:19: }); almost! lines 9-19 should be indented an ...
4 years, 2 months ago (2016-09-24 15:04:30 UTC) #5
jww
https://codereview.chromium.org/2358993003/diff/20001/third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html File third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html (right): https://codereview.chromium.org/2358993003/diff/20001/third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html#newcode19 third_party/WebKit/LayoutTests/http/tests/serviceworker/sandbox-iframe-register-link-element.html:19: }); On 2016/09/24 15:04:29, falken wrote: > almost! lines ...
4 years, 2 months ago (2016-09-24 16:25:08 UTC) #6
jww
4 years, 2 months ago (2016-09-24 16:25:09 UTC) #7
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2358993003/60001
4 years, 2 months ago (2016-09-24 16:25:24 UTC) #10
commit-bot: I haz the power
Try jobs failed on following builders: linux_chromium_rel_ng on master.tryserver.chromium.linux (JOB_FAILED, http://build.chromium.org/p/tryserver.chromium.linux/builders/linux_chromium_rel_ng/builds/303679)
4 years, 2 months ago (2016-09-24 18:28:38 UTC) #12
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.org/2358993003/60001
4 years, 2 months ago (2016-09-24 22:31:49 UTC) #14
commit-bot: I haz the power
Committed patchset #4 (id:60001)
4 years, 2 months ago (2016-09-24 23:35:55 UTC) #15
commit-bot: I haz the power
4 years, 2 months ago (2016-09-24 23:37:58 UTC) #17
Message was sent while issue was closed. 
Patchset 4 (id:??) landed as
https://crrev.com/2c0f1f71edd2ae034329ad2617e68fa89dbe536c
Cr-Commit-Position: refs/heads/master@{#420853}

Powered by Google App Engine
This is Rietveld 408576698