commit 67175abcf1c533e84579770009346b1ad32cc2ab
author cdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Dec 05 04:13:18 2019 +0000
committer cdumez@apple.com <cdumez@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc> Thu Dec 05 04:13:18 2019 +0000
tree c2d4bc10f667a4dc7d678c3fa1da2a043d54d955
parent af107121180e7ae7606d9b7b1021b27102f6b698

IPC messages may get processed out of order in some cases
https://bugs.webkit.org/show_bug.cgi?id=204864

Reviewed by Ryosuke Niwa.

IPC messages may get processed out of order in some cases. Connection::SyncMessageState::dispatchMessages()
puts messages it did not process back at the end of the queue, instead of the beginning. This means that
messages added to the queue while Connection::SyncMessageState::dispatchMessages() was running will
incorrectly run *before* the ones dispatchMessages() did not process.

* Platform/IPC/Connection.cpp:
(IPC::Connection::SyncMessageState::dispatchMessages):


git-svn-id: http://svn.webkit.org/repository/webkit/trunk@253138 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebKit/ChangeLog

diff --git a/Source/WebKit/ChangeLog b/Source/WebKit/ChangeLog
index a10d796..b0ccedb 100644
--- a/Source/WebKit/ChangeLog
+++ b/Source/WebKit/ChangeLog
@@ -1,5 +1,20 @@
 2019-12-04  Chris Dumez  <cdumez@apple.com>
 
+        IPC messages may get processed out of order in some cases
+        https://bugs.webkit.org/show_bug.cgi?id=204864
+
+        Reviewed by Ryosuke Niwa.
+
+        IPC messages may get processed out of order in some cases. Connection::SyncMessageState::dispatchMessages()
+        puts messages it did not process back at the end of the queue, instead of the beginning. This means that
+        messages added to the queue while Connection::SyncMessageState::dispatchMessages() was running will
+        incorrectly run *before* the ones dispatchMessages() did not process.
+
+        * Platform/IPC/Connection.cpp:
+        (IPC::Connection::SyncMessageState::dispatchMessages):
+
+2019-12-04  Chris Dumez  <cdumez@apple.com>
+
         PageConfiguration::progressTrackerClient should use a smart pointer
         https://bugs.webkit.org/show_bug.cgi?id=204854
 

Source/WebKit/Platform/IPC/Connection.cpp

diff --git a/Source/WebKit/Platform/IPC/Connection.cpp b/Source/WebKit/Platform/IPC/Connection.cpp
index 9986fb3..88904ac 100644
--- a/Source/WebKit/Platform/IPC/Connection.cpp
+++ b/Source/WebKit/Platform/IPC/Connection.cpp
@@ -176,9 +176,7 @@
 
     Vector<ConnectionAndIncomingMessage> messagesToPutBack;
 
-    for (size_t i = 0; i < messagesToDispatchWhileWaitingForSyncReply.size(); ++i) {
-        ConnectionAndIncomingMessage& connectionAndIncomingMessage = messagesToDispatchWhileWaitingForSyncReply[i];
-
+    for (auto& connectionAndIncomingMessage : messagesToDispatchWhileWaitingForSyncReply) {
         if (allowedConnection && allowedConnection != connectionAndIncomingMessage.connection.ptr()) {
             // This incoming message belongs to another connection and we don't want to dispatch it now
             // so mark it to be put back in the message queue.
@@ -191,9 +189,8 @@
 
     if (!messagesToPutBack.isEmpty()) {
         std::lock_guard<Lock> lock(m_mutex);
-
-        for (auto& message : messagesToPutBack)
-            m_messagesToDispatchWhileWaitingForSyncReply.append(WTFMove(message));
+        messagesToPutBack.appendVector(WTFMove(m_messagesToDispatchWhileWaitingForSyncReply));
+        m_messagesToDispatchWhileWaitingForSyncReply = WTFMove(messagesToPutBack);
     }
 }