summaryrefslogtreecommitdiff
path: root/chromium/third_party
diff options
context:
space:
mode:
authorYoav Weiss <yoavweiss@chromium.org>2021-01-07 20:07:33 +0000
committerAllan Sandfeld Jensen <allan.jensen@qt.io>2021-02-08 09:50:35 +0000
commit6470481805c7b928d809d8e1997ec451fad0c06e (patch)
treee49f51a57dc57367e0d9f9ae2d3c3d6ac9d9f5e2 /chromium/third_party
parent19c6bab869563fc97a5047eeea6eed7992458af8 (diff)
downloadqtwebengine-chromium-6470481805c7b928d809d8e1997ec451fad0c06e.tar.gz
[Backport] CVE-2021-21135: Inappropriate implementation in Performance API
Manual cherry-pick of patch originally reviewed on https://chromium-review.googlesource.com/c/chromium/src/+/2592792: Fix negative duration case Bug: 1157818 Change-Id: Ie5e75ccb239735f3500f8763e4d9255eba2056e6 Commit-Queue: Yoav Weiss <yoavweiss@chromium.org> Reviewed-by: Arthur Sonzogni <arthursonzogni@chromium.org> Reviewed-by: Nicolás Peña Moreno <npm@chromium.org> Cr-Commit-Position: refs/heads/master@{#841159} Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/third_party')
-rw-r--r--chromium/third_party/blink/public/platform/web_url_loader_client.h2
-rw-r--r--chromium/third_party/blink/renderer/core/testing/sim/sim_network.cc4
-rw-r--r--chromium/third_party/blink/renderer/core/testing/sim/sim_request.cc12
-rw-r--r--chromium/third_party/blink/renderer/platform/exported/web_url_loader_test_delegate.cc4
-rw-r--r--chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc3
-rw-r--r--chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.h1
-rw-r--r--chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc32
-rw-r--r--chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.h7
-rw-r--r--chromium/third_party/blink/renderer/platform/loader/internet_disconnected_web_url_loader.cc6
9 files changed, 45 insertions, 26 deletions
diff --git a/chromium/third_party/blink/public/platform/web_url_loader_client.h b/chromium/third_party/blink/public/platform/web_url_loader_client.h
index 55be6c1dae9..ec58e5d183a 100644
--- a/chromium/third_party/blink/public/platform/web_url_loader_client.h
+++ b/chromium/third_party/blink/public/platform/web_url_loader_client.h
@@ -116,8 +116,10 @@ class BLINK_PLATFORM_EXPORT WebURLLoaderClient {
bool should_report_corb_blocking) {}
// Called when the load completes with an error.
+ // |finish_time| indicating the time in which the response failed.
// |total_encoded_data_length| may be equal to kUnknownEncodedDataLength.
virtual void DidFail(const WebURLError&,
+ base::TimeTicks finish_time,
int64_t total_encoded_data_length,
int64_t total_encoded_body_length,
int64_t total_decoded_body_length) {}
diff --git a/chromium/third_party/blink/renderer/core/testing/sim/sim_network.cc b/chromium/third_party/blink/renderer/core/testing/sim/sim_network.cc
index d98907c1e4b..bca903565cc 100644
--- a/chromium/third_party/blink/renderer/core/testing/sim/sim_network.cc
+++ b/chromium/third_party/blink/renderer/core/testing/sim/sim_network.cc
@@ -71,8 +71,8 @@ void SimNetwork::DidFail(WebURLLoaderClient* client,
int64_t total_encoded_body_length,
int64_t total_decoded_body_length) {
if (!current_request_) {
- client->DidFail(error, total_encoded_data_length, total_encoded_body_length,
- total_decoded_body_length);
+ client->DidFail(error, base::TimeTicks::Now(), total_encoded_data_length,
+ total_encoded_body_length, total_decoded_body_length);
return;
}
current_request_->DidFail(error);
diff --git a/chromium/third_party/blink/renderer/core/testing/sim/sim_request.cc b/chromium/third_party/blink/renderer/core/testing/sim/sim_request.cc
index dd397737b83..d551d8023e6 100644
--- a/chromium/third_party/blink/renderer/core/testing/sim/sim_request.cc
+++ b/chromium/third_party/blink/renderer/core/testing/sim/sim_request.cc
@@ -90,17 +90,17 @@ void SimRequestBase::Finish(bool body_loader_finished) {
DCHECK(started_);
if (error_) {
DCHECK(!navigation_body_loader_);
- client_->DidFail(*error_, total_encoded_data_length_,
- total_encoded_data_length_, total_encoded_data_length_);
+ client_->DidFail(*error_, base::TimeTicks::Now(),
+ total_encoded_data_length_, total_encoded_data_length_,
+ total_encoded_data_length_);
} else {
if (navigation_body_loader_) {
if (!body_loader_finished)
navigation_body_loader_->Finish();
} else {
- // TODO(esprehn): Is claiming a request time of 0 okay for tests?
- client_->DidFinishLoading(base::TimeTicks(), total_encoded_data_length_,
- total_encoded_data_length_,
- total_encoded_data_length_, false);
+ client_->DidFinishLoading(
+ base::TimeTicks::Now(), total_encoded_data_length_,
+ total_encoded_data_length_, total_encoded_data_length_, false);
}
}
Reset();
diff --git a/chromium/third_party/blink/renderer/platform/exported/web_url_loader_test_delegate.cc b/chromium/third_party/blink/renderer/platform/exported/web_url_loader_test_delegate.cc
index 417aab048d2..015bb3cc5e8 100644
--- a/chromium/third_party/blink/renderer/platform/exported/web_url_loader_test_delegate.cc
+++ b/chromium/third_party/blink/renderer/platform/exported/web_url_loader_test_delegate.cc
@@ -33,8 +33,8 @@ void WebURLLoaderTestDelegate::DidFail(WebURLLoaderClient* original_client,
int64_t total_encoded_data_length,
int64_t total_encoded_body_length,
int64_t total_decoded_body_length) {
- original_client->DidFail(error, total_encoded_data_length,
- total_encoded_body_length,
+ original_client->DidFail(error, base::TimeTicks::Now(),
+ total_encoded_data_length, total_encoded_body_length,
total_decoded_body_length);
}
diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc
index a868834b808..94e1366b698 100644
--- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc
+++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.cc
@@ -1915,6 +1915,7 @@ void ResourceFetcher::HandleLoaderFinish(Resource* resource,
}
void ResourceFetcher::HandleLoaderError(Resource* resource,
+ base::TimeTicks finish_time,
const ResourceError& error,
uint32_t inflight_keepalive_bytes) {
DCHECK(resource);
@@ -1927,7 +1928,7 @@ void ResourceFetcher::HandleLoaderError(Resource* resource,
if (scoped_refptr<ResourceTimingInfo> info =
resource_timing_info_map_.Take(resource)) {
PopulateAndAddResourceTimingInfo(
- resource, info, info->InitialTime(),
+ resource, info, finish_time,
resource->GetResponse().EncodedDataLength());
if (resource->Options().request_initiator_context == kDocumentContext)
Context().AddResourceTiming(*info);
diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.h b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.h
index 39d66364c87..edebf8237e9 100644
--- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.h
+++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_fetcher.h
@@ -227,6 +227,7 @@ class PLATFORM_EXPORT ResourceFetcher
uint32_t inflight_keepalive_bytes,
bool should_report_corb_blocking);
void HandleLoaderError(Resource*,
+ base::TimeTicks finish_time,
const ResourceError&,
uint32_t inflight_keepalive_bytes);
blink::mojom::ControllerServiceWorkerMode IsControlledByServiceWorker() const;
diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc
index 8b1845860be..611b08945d7 100644
--- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc
+++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.cc
@@ -544,7 +544,7 @@ void ResourceLoader::DidFinishLoadingBody() {
const ResourceResponse& response = resource_->GetResponse();
if (deferred_finish_loading_info_) {
DidFinishLoading(
- deferred_finish_loading_info_->response_end,
+ deferred_finish_loading_info_->response_end_time,
response.EncodedDataLength(), response.EncodedBodyLength(),
response.DecodedBodyLength(),
deferred_finish_loading_info_->should_report_corb_blocking);
@@ -552,7 +552,8 @@ void ResourceLoader::DidFinishLoadingBody() {
}
void ResourceLoader::DidFailLoadingBody() {
- DidFail(WebURLError(ResourceError::Failure(resource_->Url())), 0, 0, 0);
+ DidFail(WebURLError(ResourceError::Failure(resource_->Url())),
+ base::TimeTicks::Now(), 0, 0, 0);
}
void ResourceLoader::DidCancelLoadingBody() {
@@ -1090,7 +1091,7 @@ void ResourceLoader::DidFinishLoadingFirstPartInMultipart() {
0, false);
}
-void ResourceLoader::DidFinishLoading(base::TimeTicks response_end,
+void ResourceLoader::DidFinishLoading(base::TimeTicks response_end_time,
int64_t encoded_data_length,
int64_t encoded_body_length,
int64_t decoded_body_length,
@@ -1099,13 +1100,15 @@ void ResourceLoader::DidFinishLoading(base::TimeTicks response_end,
resource_->SetEncodedBodyLength(encoded_body_length);
resource_->SetDecodedBodyLength(decoded_body_length);
+ response_end_time_for_error_cases_ = response_end_time;
+
if ((response_body_loader_ && !has_seen_end_of_body_ &&
!response_body_loader_->IsAborted()) ||
(is_downloading_to_blob_ && !blob_finished_ && blob_response_started_)) {
// If the body is still being loaded, we defer the completion until all the
// body is received.
- deferred_finish_loading_info_ =
- DeferredFinishLoadingInfo{response_end, should_report_corb_blocking};
+ deferred_finish_loading_info_ = DeferredFinishLoadingInfo{
+ response_end_time, should_report_corb_blocking};
if (data_pipe_completion_notifier_)
data_pipe_completion_notifier_->SignalComplete();
@@ -1128,15 +1131,17 @@ void ResourceLoader::DidFinishLoading(base::TimeTicks response_end,
"endData", EndResourceLoadData(RequestOutcome::kSuccess));
fetcher_->HandleLoaderFinish(
- resource_.Get(), response_end, ResourceFetcher::kDidFinishLoading,
+ resource_.Get(), response_end_time, ResourceFetcher::kDidFinishLoading,
inflight_keepalive_bytes_, should_report_corb_blocking);
}
void ResourceLoader::DidFail(const WebURLError& error,
+ base::TimeTicks response_end_time,
int64_t encoded_data_length,
int64_t encoded_body_length,
int64_t decoded_body_length) {
const ResourceRequestHead& request = resource_->GetResourceRequest();
+ response_end_time_for_error_cases_ = response_end_time;
if (request.IsAutomaticUpgrade()) {
mojo::PendingRemote<ukm::mojom::UkmRecorderInterface> pending_recorder;
@@ -1192,7 +1197,14 @@ void ResourceLoader::HandleError(const ResourceError& error) {
TRACE_ID_LOCAL(resource_->InspectorId())),
"endData", EndResourceLoadData(RequestOutcome::kFail));
- fetcher_->HandleLoaderError(resource_.Get(), error,
+ // Set Now() as the response time, in case a more accurate one wasn't set in
+ // DidFinishLoading or DidFail. This is important for error cases that don't
+ // go through those methods.
+ if (response_end_time_for_error_cases_.is_null()) {
+ response_end_time_for_error_cases_ = base::TimeTicks::Now();
+ }
+ fetcher_->HandleLoaderError(resource_.Get(),
+ response_end_time_for_error_cases_, error,
inflight_keepalive_bytes_);
}
@@ -1246,8 +1258,8 @@ void ResourceLoader::RequestSynchronously(const ResourceRequestHead& request) {
return;
int64_t decoded_body_length = data_out.size();
if (error_out) {
- DidFail(*error_out, encoded_data_length, encoded_body_length,
- decoded_body_length);
+ DidFail(*error_out, base::TimeTicks::Now(), encoded_data_length,
+ encoded_body_length, decoded_body_length);
return;
}
DidReceiveResponse(response_out);
@@ -1399,7 +1411,7 @@ void ResourceLoader::FinishedCreatingBlob(
if (deferred_finish_loading_info_) {
const ResourceResponse& response = resource_->GetResponse();
DidFinishLoading(
- deferred_finish_loading_info_->response_end,
+ deferred_finish_loading_info_->response_end_time,
response.EncodedDataLength(), response.EncodedBodyLength(),
response.DecodedBodyLength(),
deferred_finish_loading_info_->should_report_corb_blocking);
diff --git a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.h b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.h
index e862faad874..b67413c3831 100644
--- a/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.h
+++ b/chromium/third_party/blink/renderer/platform/loader/fetch/resource_loader.h
@@ -129,12 +129,13 @@ class PLATFORM_EXPORT ResourceLoader final
void DidReceiveTransferSizeUpdate(int transfer_size_diff) override;
void DidStartLoadingResponseBody(
mojo::ScopedDataPipeConsumerHandle body) override;
- void DidFinishLoading(base::TimeTicks response_end,
+ void DidFinishLoading(base::TimeTicks response_end_time,
int64_t encoded_data_length,
int64_t encoded_body_length,
int64_t decoded_body_length,
bool should_report_corb_blocking) override;
void DidFail(const WebURLError&,
+ base::TimeTicks response_end_time,
int64_t encoded_data_length,
int64_t encoded_body_length,
int64_t decoded_body_length) override;
@@ -233,7 +234,7 @@ class PLATFORM_EXPORT ResourceLoader final
// struct is used to store the information needed to refire DidFinishLoading
// when the blob is finished too.
struct DeferredFinishLoadingInfo {
- base::TimeTicks response_end;
+ base::TimeTicks response_end_time;
bool should_report_corb_blocking;
};
base::Optional<DeferredFinishLoadingInfo> deferred_finish_loading_info_;
@@ -249,6 +250,8 @@ class PLATFORM_EXPORT ResourceLoader final
FrameScheduler::SchedulingAffectingFeatureHandle
feature_handle_for_scheduler_;
+
+ base::TimeTicks response_end_time_for_error_cases_;
};
} // namespace blink
diff --git a/chromium/third_party/blink/renderer/platform/loader/internet_disconnected_web_url_loader.cc b/chromium/third_party/blink/renderer/platform/loader/internet_disconnected_web_url_loader.cc
index 5cd7acf5a61..17555ff90c7 100644
--- a/chromium/third_party/blink/renderer/platform/loader/internet_disconnected_web_url_loader.cc
+++ b/chromium/third_party/blink/renderer/platform/loader/internet_disconnected_web_url_loader.cc
@@ -77,9 +77,9 @@ void InternetDisconnectedWebURLLoader::DidChangePriority(
void InternetDisconnectedWebURLLoader::DidFail(WebURLLoaderClient* client,
const WebURLError& error) {
DCHECK(client);
- client->DidFail(error, 0 /* total_encoded_data_length */,
- 0 /* total_encoded_body_length */,
- 0 /* total_decoded_body_length */);
+ client->DidFail(
+ error, base::TimeTicks::Now(), /*total_encoded_data_length=*/0,
+ /*total_encoded_body_length=*/0, /*total_decoded_body_length=*/0);
}
scoped_refptr<base::SingleThreadTaskRunner>