RGBCube/serenity
1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-25 23:07:35 +00:00
Code Issues Activity Actions

LibWeb: Protect ourselves during ResourceClient iteration

Browse source 
Notifying a Resource's clients may lead to arbitrary JS execution,
so we can't rely on the ResourceClient pointers remaining valid.
Use WeakPtr to avoid this problem.
This commit is contained in:
Andreas Kling 2020-06-01 22:09:38 +02:00
parent e5ddb76a67
commit 9170edf541
2 changed files with 17 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

13
Libraries/LibWeb/Loader/Resource.cpp
View file

@ -24,6 +24,7 @@
* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*/ */
#include <AK/Function.h>
#include <LibWeb/DOM/HTMLImageElement.h> #include <LibWeb/DOM/HTMLImageElement.h>
#include <LibWeb/Loader/Resource.h> #include <LibWeb/Loader/Resource.h>
@ -43,6 +44,18 @@ Resource::~Resource()
{ {
} }
void Resource::for_each_client(Function<void(ResourceClient&)> callback)
{
Vector<WeakPtr<ResourceClient>, 16> clients_copy;
clients_copy.ensure_capacity(m_clients.size());
for (auto* client : m_clients)
clients_copy.append(client->make_weak_ptr());
for (auto client : clients_copy) {
if (client)
callback(*client);
}
}
void Resource::did_load(Badge<ResourceLoader>, const ByteBuffer& data, const HashMap<String, String, CaseInsensitiveStringTraits>& headers) void Resource::did_load(Badge<ResourceLoader>, const ByteBuffer& data, const HashMap<String, String, CaseInsensitiveStringTraits>& headers)
{ {
ASSERT(!m_loaded); ASSERT(!m_loaded);

16
Libraries/LibWeb/Loader/Resource.h
View file

@ -32,6 +32,8 @@
#include <AK/Noncopyable.h> #include <AK/Noncopyable.h>
#include <AK/RefCounted.h> #include <AK/RefCounted.h>
#include <AK/URL.h> #include <AK/URL.h>
#include <AK/WeakPtr.h>
#include <AK/Weakable.h>
#include <LibWeb/Forward.h> #include <LibWeb/Forward.h>
#include <LibWeb/Loader/LoadRequest.h> #include <LibWeb/Loader/LoadRequest.h>
@ -60,17 +62,7 @@ public:
void register_client(Badge<ResourceClient>, ResourceClient&); void register_client(Badge<ResourceClient>, ResourceClient&);
void unregister_client(Badge<ResourceClient>, ResourceClient&); void unregister_client(Badge<ResourceClient>, ResourceClient&);
template<typename Callback> void for_each_client(Function<void(ResourceClient&)>);
void for_each_client(Callback callback)
{
// FIXME: This should use some kind of smart pointer to ResourceClient!
Vector<ResourceClient*, 16> clients_copy;
clients_copy.ensure_capacity(m_clients.size());
for (auto* client : m_clients)
clients_copy.append(client);
for (auto* client : clients_copy)
callback(*client);
}
void did_load(Badge<ResourceLoader>, const ByteBuffer& data, const HashMap<String, String, CaseInsensitiveStringTraits>& headers); void did_load(Badge<ResourceLoader>, const ByteBuffer& data, const HashMap<String, String, CaseInsensitiveStringTraits>& headers);
void did_fail(Badge<ResourceLoader>, const String& error); void did_fail(Badge<ResourceLoader>, const String& error);
@ -87,7 +79,7 @@ private:
HashTable<ResourceClient*> m_clients; HashTable<ResourceClient*> m_clients;
}; };
class ResourceClient { class ResourceClient : public Weakable<ResourceClient> {
public: public:
virtual ~ResourceClient(); virtual ~ResourceClient();