Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 71cebfd8153a1e5aacff520e1e5ed6d86d4b3bf9
https://github.com/WebKit/WebKit/commit/71cebfd8153a1e5aacff520e1e5ed6d86d4b3bf9
Author: Kiara Rose <[email protected]>
Date: 2025-12-12 (Fri, 12 Dec 2025)
Changed paths:
M Source/WebKit/Shared/Extensions/WebExtensionUtilities.cpp
M Source/WebKit/Shared/Extensions/WebExtensionUtilities.h
M Source/WebKit/UIProcess/Extensions/API/WebExtensionContextAPIStorage.cpp
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.h
M Source/WebKit/UIProcess/Extensions/WebExtensionContext.messages.in
M
Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIStorageAreaCocoa.mm
M
Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIStorageCocoa.mm
M Source/WebKit/WebProcess/Extensions/WebExtensionContextProxy.h
M Source/WebKit/WebProcess/Extensions/WebExtensionContextProxy.messages.in
Log Message:
-----------
Retrieving a large amount of data at once from browser.local.get() causes a
crash
https://bugs.webkit.org/show_bug.cgi?id=303940
rdar://164358359
Reviewed by Timothy Hatcher.
Converting a large amount of data into a JSON string at once was causing to
buffer in StringBuilder
to overflow. Since StringBuilder can only allocate space for INT_MAX number of
characters, convert
the data retrieved from storage in chunks instead of all at once if we've hit a
conservative threshold.
With this new approach, we send an array of serialized JSON strings back to the
WebProcess, where
these strings will be converted into dictionaries and merged into one.
I attempted to write a test to verify this, but storing this much data at once
was causing the test
to timeout.
Testing:
- Verified that a call to browser.storage.local.get() after storing 2GB of data
does not lead to a crash.
- Verified that firing the storage onChanged event after storing 2GB of data
does not lead to a crash.
* Source/WebKit/Shared/Extensions/WebExtensionUtilities.cpp:
(WebKit::serializeToMultipleJSONStrings):
* Source/WebKit/Shared/Extensions/WebExtensionUtilities.h:
* Source/WebKit/UIProcess/Extensions/API/WebExtensionContextAPIStorage.cpp:
(WebKit::WebExtensionContext::storageGet):
(WebKit::WebExtensionContext::fireStorageChangedEventIfNeeded):
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.h:
* Source/WebKit/UIProcess/Extensions/WebExtensionContext.messages.in:
*
Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIStorageAreaCocoa.mm:
(WebKit::WebExtensionAPIStorageArea::get):
* Source/WebKit/WebProcess/Extensions/API/Cocoa/WebExtensionAPIStorageCocoa.mm:
(WebKit::WebExtensionContextProxy::dispatchStorageChangedEvent):
* Source/WebKit/WebProcess/Extensions/WebExtensionContextProxy.h:
* Source/WebKit/WebProcess/Extensions/WebExtensionContextProxy.messages.in:
Canonical link: https://commits.webkit.org/304381@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
