Modified: branches/safari-612-branch/Source/WebCore/ChangeLog (283771 => 283772)
--- branches/safari-612-branch/Source/WebCore/ChangeLog 2021-10-08 02:01:37 UTC (rev 283771)
+++ branches/safari-612-branch/Source/WebCore/ChangeLog 2021-10-08 02:01:40 UTC (rev 283772)
@@ -1,5 +1,36 @@
2021-10-07 Alan Coon <alanc...@apple.com>
+ Cherry-pick r281495. rdar://problem/83954155
+
+ ThreadSanitizer: data race in WTF::StringImpl::deref() for WebCore::FormDataElement::EncodedFileData::filename
+ https://bugs.webkit.org/show_bug.cgi?id=229432
+
+ Patch by Alex Christensen <achristen...@webkit.org> on 2021-08-24
+ Reviewed by Darin Adler.
+
+ Call the FormDataElement destructor on the main thread in advanceCurrentStream.
+
+ * platform/network/cf/FormDataStreamCFNet.cpp:
+ (WebCore::advanceCurrentStream):
+ (WebCore::createHTTPBodyCFReadStream):
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@281495 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2021-08-24 Alex Christensen <achristen...@webkit.org>
+
+ ThreadSanitizer: data race in WTF::StringImpl::deref() for WebCore::FormDataElement::EncodedFileData::filename
+ https://bugs.webkit.org/show_bug.cgi?id=229432
+
+ Reviewed by Darin Adler.
+
+ Call the FormDataElement destructor on the main thread in advanceCurrentStream.
+
+ * platform/network/cf/FormDataStreamCFNet.cpp:
+ (WebCore::advanceCurrentStream):
+ (WebCore::createHTTPBodyCFReadStream):
+
+2021-10-07 Alan Coon <alanc...@apple.com>
+
Cherry-pick r281488. rdar://problem/83952981
Avoid unnecessary CGColor creation in Gradient::createCGGradient for common sRGB-only cases
Modified: branches/safari-612-branch/Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp (283771 => 283772)
--- branches/safari-612-branch/Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp 2021-10-08 02:01:37 UTC (rev 283771)
+++ branches/safari-612-branch/Source/WebCore/platform/network/cf/FormDataStreamCFNet.cpp 2021-10-08 02:01:40 UTC (rev 283772)
@@ -170,7 +170,9 @@
if (!success)
return false;
- form->remainingElements.removeLast();
+ callOnMainThread([lastElement = form->remainingElements.takeLast()] {
+ // Ensure FormDataElement destructor happens on main thread.
+ });
// Set up the callback.
CFStreamClientContext context = { 0, form, 0, 0, 0 };
@@ -178,9 +180,8 @@
formEventCallback, &context);
// Schedule with the current set of run loops.
- SchedulePairHashSet::iterator end = form->scheduledRunLoopPairs.end();
- for (SchedulePairHashSet::iterator it = form->scheduledRunLoopPairs.begin(); it != end; ++it)
- CFReadStreamScheduleWithRunLoop(form->currentStream.get(), (*it)->runLoop(), (*it)->mode());
+ for (auto& pair : form->scheduledRunLoopPairs)
+ CFReadStreamScheduleWithRunLoop(form->currentStream.get(), pair->runLoop(), pair->mode());
return true;
}
@@ -382,6 +383,7 @@
return blobRegistry().blobRegistryImpl()->blobSize(url);
});
}
+ ASSERT(isMainThread());
FormCreationContext* formContext = new FormCreationContext { WTFMove(dataForUpload), length };
CFReadStreamCallBacksV1 callBacks = { 1, formCreate, formFinalize, nullptr, formOpen, nullptr, formRead, nullptr, formCanRead, formClose, formCopyProperty, nullptr, nullptr, formSchedule, formUnschedule };
return adoptCF(CFReadStreamCreate(nullptr, static_cast<const void*>(&callBacks), formContext));
