From 7c1fe32af3c37577ff8b04ada364be6e61ce8a9c Mon Sep 17 00:00:00 2001 From: Timothy Flynn Date: Thu, 2 Feb 2023 07:29:19 -0500 Subject: WebContent: Remove pending file requests before invoking their callbacks It's currently possible for the callback of a file request to request more file objects. This could cause the hash map storing these requests to be rehashed while one of its callbacks is being invoked. AK::Function explicitly forbids this with an assertion. Instead, remove the callback from the hash map before invoking the callback function. --- Userland/Services/WebContent/ConnectionFromClient.cpp | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'Userland/Services/WebContent') diff --git a/Userland/Services/WebContent/ConnectionFromClient.cpp b/Userland/Services/WebContent/ConnectionFromClient.cpp index 3c4e00361f..0f77cfe40b 100644 --- a/Userland/Services/WebContent/ConnectionFromClient.cpp +++ b/Userland/Services/WebContent/ConnectionFromClient.cpp @@ -562,13 +562,12 @@ Messages::WebContentServer::GetSessionStorageEntriesResponse ConnectionFromClien void ConnectionFromClient::handle_file_return(i32 error, Optional const& file, i32 request_id) { - auto file_request = m_requested_files.get(request_id); + auto file_request = m_requested_files.take(request_id); VERIFY(file_request.has_value()); VERIFY(file_request.value().on_file_request_finish); file_request.value().on_file_request_finish(error != 0 ? Error::from_errno(error) : ErrorOr { file->take_fd() }); - m_requested_files.remove(request_id); } void ConnectionFromClient::request_file(Web::FileRequest file_request) -- cgit v1.2.3