Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Cherry-pick r293736. rdar://80891555
StorageMap::removeItem may fail to remove item from map https://bugs.webkit.org/show_bug.cgi?id=239982 rdar://80891555 Reviewed by Chris Dumez. Source/WebCore: We may have updated m_impl, but we don't update iterator for removal. In this case, item is not removed from map, but currentSize is updated. The mismatch between currentSize and actual size of the map may lead to underflow and overflow in currentSize when item is added or removed later. Test: storage/domstorage/sessionstorage/window-open-remove-item.html * storage/StorageMap.cpp: (WebCore::StorageMap::removeItem): LayoutTests: * storage/domstorage/sessionstorage/resources/window-open-remove-item.html: Added. * storage/domstorage/sessionstorage/window-open-remove-item-expected.txt: Added. * storage/domstorage/sessionstorage/window-open-remove-item.html: Added. Canonical link: https://commits.webkit.org/250224@main git-svn-id: https://svn.webkit.org/repository/webkit/branches/safari-7613.3.1.0-branch@294041 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
Showing
with
80 additions
and 1 deletion.
- +12 −0 LayoutTests/ChangeLog
- +15 −0 LayoutTests/storage/domstorage/sessionstorage/resources/window-open-remove-item.html
- +11 −0 LayoutTests/storage/domstorage/sessionstorage/window-open-remove-item-expected.txt
- +24 −0 LayoutTests/storage/domstorage/sessionstorage/window-open-remove-item.html
- +17 −0 Source/WebCore/ChangeLog
- +1 −1 Source/WebCore/storage/StorageMap.cpp
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -0,0 +1,15 @@ | ||
| <html> | ||
| <body> | ||
| <script> | ||
|
|
||
| if (sessionStorage.getItem("key") != "value") | ||
| localStorage.setItem("result", "fail"); | ||
| else { | ||
| sessionStorage.removeItem("key"); | ||
| sessionStorage.setItem("key", "newValue"); | ||
| localStorage.setItem("result", "pass"); | ||
| } | ||
|
|
||
| </script> | ||
| </body> | ||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -0,0 +1,11 @@ | ||
| Test verifies that process does not crash when item is updated in another window | ||
|
|
||
| On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". | ||
|
|
||
|
|
||
| PASS localStorage.getItem('result') is "pass" | ||
| PASS sessionStorage.getItem('key') is "value" | ||
| PASS successfullyParsed is true | ||
|
|
||
| TEST COMPLETE | ||
|
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| @@ -0,0 +1,24 @@ | ||
| <html> | ||
| <head> | ||
| <script src="../../../resources/js-test.js"></script> | ||
| </head> | ||
| <body> | ||
| <script> | ||
| description("Test verifies that process does not crash when item is updated in another window"); | ||
| jsTestIsAsync = true; | ||
|
|
||
| sessionStorage.clear(); | ||
| localStorage.clear(); | ||
|
|
||
| sessionStorage.setItem("key", "value"); | ||
| window.open("resources/window-open-remove-item.html"); | ||
|
|
||
| addEventListener('storage', event => { | ||
| shouldBeEqualToString("localStorage.getItem('result')", "pass"); | ||
| shouldBeEqualToString("sessionStorage.getItem('key')", "value"); | ||
| finishJSTest(); | ||
| }); | ||
|
|
||
| </script> | ||
| </body> | ||
| </html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters