Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Transferable Streams: Fix crash on deserialization error
The transferable streams implementation would crash when it received a chunk that wasn't deserializable, because it failed to enter a ScriptScope before creating a V8 object. Fix it. Also fix the message on the DOMException that is created when deserialization fails. Add a test for deserialization failure. This is hard to trigger in a cross-browser fashion. In this test, we use a WASM module, which can't be transferred to a different site. BUG=1122725 Change-Id: I6e49c69978388357a3c6006cc02dce8f0a949954 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2379417 Commit-Queue: Adam Rice <ricea@chromium.org> Reviewed-by: Yutaka Hirano <yhirano@chromium.org> Cr-Commit-Position: refs/heads/master@{#803014}
- Loading branch information
Showing
4 changed files
with
100 additions
and
6 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
39 changes: 39 additions & 0 deletions
39
third_party/blink/web_tests/external/wpt/streams/transferable/deserialize-error.window.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
// META: script=/common/get-host-info.sub.js | ||
// META: script=resources/create-wasm-module.js | ||
// META: timeout=long | ||
|
||
const { HTTPS_NOTSAMESITE_ORIGIN } = get_host_info(); | ||
const iframe = document.createElement('iframe'); | ||
iframe.src = `${HTTPS_NOTSAMESITE_ORIGIN}/streams/transferable/resources/deserialize-error-frame.html`; | ||
|
||
window.addEventListener('message', async evt => { | ||
// Tests are serialized to make the results deterministic. | ||
switch (evt.data) { | ||
case 'init done': { | ||
const ws = new WritableStream(); | ||
iframe.contentWindow.postMessage(ws, '*', [ws]); | ||
return; | ||
} | ||
|
||
case 'ws done': { | ||
const module = await createWasmModule(); | ||
const rs = new ReadableStream({ | ||
start(controller) { | ||
controller.enqueue(module); | ||
} | ||
}); | ||
iframe.contentWindow.postMessage(rs, '*', [rs]); | ||
return; | ||
} | ||
|
||
case 'rs done': { | ||
iframe.remove(); | ||
} | ||
} | ||
}); | ||
|
||
// Need to do this after adding the listener to ensure we catch the first | ||
// message. | ||
document.body.appendChild(iframe); | ||
|
||
fetch_tests_from_window(iframe.contentWindow); |
11 changes: 11 additions & 0 deletions
11
...d_party/blink/web_tests/external/wpt/streams/transferable/resources/create-wasm-module.js
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
// There aren't many cloneable types that will cause an error on | ||
// deserialization. WASM modules have the property that it's an error to | ||
// deserialize them cross-site, which works for our purposes. | ||
async function createWasmModule() { | ||
// It doesn't matter what the module is, so we use one from another | ||
// test. | ||
const response = | ||
await fetch("/wasm/serialization/module/resources/incrementer.wasm"); | ||
const ab = await response.arrayBuffer(); | ||
return WebAssembly.compile(ab); | ||
} |
39 changes: 39 additions & 0 deletions
39
.../blink/web_tests/external/wpt/streams/transferable/resources/deserialize-error-frame.html
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
<!DOCTYPE html> | ||
<script src="/resources/testharness.js"></script> | ||
<script src="create-wasm-module.js"></script> | ||
<script> | ||
async_test(t => { | ||
parent.postMessage('init done', '*'); | ||
window.addEventListener('message', async evt => { | ||
if (evt.data.constructor.name !== 'WritableStream') { | ||
return; | ||
} | ||
const ws = evt.data; | ||
const writer = ws.getWriter(); | ||
const module = await createWasmModule(); | ||
writer.write(module); | ||
await promise_rejects_dom(t, 'DataCloneError', writer.closed, | ||
'should reject with a DataCloneError'); | ||
t.done(); | ||
// Signal that this test is done. When both tests are done the iframe will | ||
// be removed. | ||
parent.postMessage('ws done', '*'); | ||
}); | ||
}, 'a WritableStream deserialization failure should result in a DataCloneError'); | ||
|
||
async_test(t => { | ||
window.addEventListener('message', async evt => { | ||
if (evt.data.constructor.name !== 'ReadableStream') { | ||
return; | ||
} | ||
const rs = evt.data; | ||
const reader = rs.getReader(); | ||
await promise_rejects_dom(t, 'DataCloneError', reader.read(), | ||
'should reject with a DataCloneError'); | ||
t.done(); | ||
// Signal that this test is done. When both tests are done the iframe will | ||
// be removed. | ||
parent.postMessage('rs done', '*'); | ||
}); | ||
}, 'a ReadableStream deserialization failure should result in a DataCloneError'); | ||
</script> |