Use existing BlobPtr when possible when converting blob to DataPipeGetter.

EncodedFormData already (optionally) contains a blink::BlobDataHandle, so rather than looking up the same blob again by uuid just use that handle if we have it. This should ensure no races are possible between a blob being dereferenced (in blink) and the blob being converted into a DataPipeGetter (as looking up the blob by UUID is an async operation). Bug: 740744, 821878 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo Change-Id: Ic8464b778ec91d10fdbd7688e2b680b9464fe1dc Reviewed-on: https://chromium-review.googlesource.com/964716 Commit-Queue: Marijn Kruisselbrink <mek@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#543794}

Use existing BlobPtr when possible when converting blob to DataPipeGetter.
EncodedFormData already (optionally) contains a blink::BlobDataHandle, so rather than looking up the same blob again by uuid just use that handle if we have it. This should ensure no races are possible between a blob being dereferenced (in blink) and the blob being converted into a DataPipeGetter (as looking up the blob by UUID is an async operation). Bug: 740744, 821878 Cq-Include-Trybots: master.tryserver.chromium.linux:linux_mojo Change-Id: Ic8464b778ec91d10fdbd7688e2b680b9464fe1dc Reviewed-on: https://chromium-review.googlesource.com/964716 Commit-Queue: Marijn Kruisselbrink <mek@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Cr-Commit-Position: refs/heads/master@{#543794}
4128665d · Marijn Kruisselbrink · Commit Bot · ca8b8d58 · 4128665d · 4128665d
Commit 4128665d authored Mar 16, 2018 by Marijn Kruisselbrink Committed by Commit Bot Mar 16, 2018
3 changed files
--- a/content/renderer/loader/web_url_request_util.cc
+++ b/content/renderer/loader/web_url_request_util.cc
@@ -25,7 +25,6 @@
 #include "services/service_manager/public/cpp/connector.h"
 #include "services/service_manager/public/cpp/interface_provider.h"
 #include "third_party/WebKit/public/mojom/blob/blob.mojom.h"
-#include "third_party/WebKit/public/mojom/blob/blob_registry.mojom.h"
 #include "third_party/WebKit/public/platform/FilePathConversion.h"
 #include "third_party/WebKit/public/platform/Platform.h"
 #include "third_party/WebKit/public/platform/WebData.h"
@@ -444,19 +443,12 @@ scoped_refptr<network::ResourceRequestBody> GetRequestBodyForWebURLRequest(
  return GetRequestBodyForWebHTTPBody(request.HttpBody());
 }
-void GetBlobRegistry(blink::mojom::BlobRegistryRequest request) {
-  ChildThreadImpl::current()->GetConnector()->BindInterface(
-      mojom::kBrowserServiceName, std::move(request));
-}
 scoped_refptr<network::ResourceRequestBody> GetRequestBodyForWebHTTPBody(
    const blink::WebHTTPBody& httpBody) {
  scoped_refptr<network::ResourceRequestBody> request_body =
      new network::ResourceRequestBody();
  size_t i = 0;
  WebHTTPBody::Element element;
-  // TODO(jam): cache this somewhere so we don't request it each time?
-  blink::mojom::BlobRegistryPtr blob_registry;
  while (httpBody.ElementAt(i++, element)) {
    switch (element.type) {
      case WebHTTPBody::Element::kTypeData:
@@ -482,24 +474,10 @@ scoped_refptr<network::ResourceRequestBody> GetRequestBodyForWebHTTPBody(
        break;
      case WebHTTPBody::Element::kTypeBlob: {
        if (base::FeatureList::IsEnabled(network::features::kNetworkService)) {
-          if (!blob_registry.is_bound()) {
+          DCHECK(element.optional_blob_handle.is_valid());
-            if (ChildThreadImpl::current()) {
+          blink::mojom::BlobPtr blob_ptr(
-              ChildThreadImpl::current()->GetConnector()->BindInterface(
+              blink::mojom::BlobPtrInfo(std::move(element.optional_blob_handle),
-                  mojom::kBrowserServiceName, MakeRequest(&blob_registry));
+                                        blink::mojom::Blob::Version_));
-            } else {
-              // TODO(sammc): We should use per-frame / per-worker
-              // InterfaceProvider instead (crbug.com/734210).
-              blink::Platform::Current()
-                  ->MainThread()
-                  ->GetTaskRunner()
-                  ->PostTask(FROM_HERE,
-                             base::BindOnce(&GetBlobRegistry,
-                                            MakeRequest(&blob_registry)));
-            }
-          }
-          blink::mojom::BlobPtr blob_ptr;
-          blob_registry->GetBlobFromUUID(MakeRequest(&blob_ptr),
-                                         element.blob_uuid.Utf8());
          network::mojom::DataPipeGetterPtr data_pipe_getter_ptr;
          // Object deletes itself.

--- a/third_party/WebKit/Source/platform/exported/WebHTTPBody.cpp
+++ b/third_party/WebKit/Source/platform/exported/WebHTTPBody.cpp
@@ -86,6 +86,12 @@ bool WebHTTPBody::ElementAt(size_t index, Element& result) const {
    case FormDataElement::kEncodedBlob:
      result.type = Element::kTypeBlob;
      result.blob_uuid = element.blob_uuid_;
+      if (element.optional_blob_data_handle_) {
+        result.optional_blob_handle =
+            element.optional_blob_data_handle_->CloneBlobPtr()
+                .PassInterface()
+                .PassHandle();
+      }
      break;
    case FormDataElement::kDataPipe:
      result.type = Element::kTypeDataPipe;

--- a/third_party/WebKit/public/platform/WebHTTPBody.h
+++ b/third_party/WebKit/public/platform/WebHTTPBody.h
@@ -59,6 +59,7 @@ class WebHTTPBody {
    long long file_length;  // -1 means to the end of the file.
    double modification_time;
    WebString blob_uuid;
+    mojo::ScopedMessagePipeHandle optional_blob_handle;
    // |data_pipe_getter| is a network::mojom::DataPipeGetterPtr. It's declared
    // as a generic ScopedMessagePipeHandle so it can be "cast" between Blink
    // and non-Blink variant types.