-
Notifications
You must be signed in to change notification settings - Fork 1.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Cherry-pick r293736. rdar://80891555
StorageMap::removeItem may fail to remove item from map https://bugs.webkit.org/show_bug.cgi?id=239982 rdar://80891555 Reviewed by Chris Dumez. Source/WebCore: We may have updated m_impl, but we don't update iterator for removal. In this case, item is not removed from map, but currentSize is updated. The mismatch between currentSize and actual size of the map may lead to underflow and overflow in currentSize when item is added or removed later. Test: storage/domstorage/sessionstorage/window-open-remove-item.html * storage/StorageMap.cpp: (WebCore::StorageMap::removeItem): LayoutTests: * storage/domstorage/sessionstorage/resources/window-open-remove-item.html: Added. * storage/domstorage/sessionstorage/window-open-remove-item-expected.txt: Added. * storage/domstorage/sessionstorage/window-open-remove-item.html: Added. Canonical link: https://commits.webkit.org/250224@main git-svn-id: https://svn.webkit.org/repository/webkit/branches/safari-7613.3.1.0-branch@294041 268f45cc-cd09-0410-ab3c-d52691b4dbfc
- Loading branch information
alancoon@apple.com
committed
May 11, 2022
1 parent
369b39e
commit 42f2ede
Showing
6 changed files
with
80 additions
and
1 deletion.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
LayoutTests/storage/domstorage/sessionstorage/resources/window-open-remove-item.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,15 @@ | ||
<html> | ||
<body> | ||
<script> | ||
|
||
if (sessionStorage.getItem("key") != "value") | ||
localStorage.setItem("result", "fail"); | ||
else { | ||
sessionStorage.removeItem("key"); | ||
sessionStorage.setItem("key", "newValue"); | ||
localStorage.setItem("result", "pass"); | ||
} | ||
|
||
</script> | ||
</body> | ||
</html> |
11 changes: 11 additions & 0 deletions
11
LayoutTests/storage/domstorage/sessionstorage/window-open-remove-item-expected.txt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
Test verifies that process does not crash when item is updated in another window | ||
|
||
On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE". | ||
|
||
|
||
PASS localStorage.getItem('result') is "pass" | ||
PASS sessionStorage.getItem('key') is "value" | ||
PASS successfullyParsed is true | ||
|
||
TEST COMPLETE | ||
|
24 changes: 24 additions & 0 deletions
24
LayoutTests/storage/domstorage/sessionstorage/window-open-remove-item.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
<html> | ||
<head> | ||
<script src="../../../resources/js-test.js"></script> | ||
</head> | ||
<body> | ||
<script> | ||
description("Test verifies that process does not crash when item is updated in another window"); | ||
jsTestIsAsync = true; | ||
|
||
sessionStorage.clear(); | ||
localStorage.clear(); | ||
|
||
sessionStorage.setItem("key", "value"); | ||
window.open("resources/window-open-remove-item.html"); | ||
|
||
addEventListener('storage', event => { | ||
shouldBeEqualToString("localStorage.getItem('result')", "pass"); | ||
shouldBeEqualToString("sessionStorage.getItem('key')", "value"); | ||
finishJSTest(); | ||
}); | ||
|
||
</script> | ||
</body> | ||
</html> |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters