Re: [dev] [surf][bug] bug in pipe communication to extension

From: Jona Ackerschott <jona.a99_AT_gmail.com>
Date: Sat, 17 Oct 2020 19:16:35 +0200

Hello Hiltjo,

So i found the specific problem present in the code, it works as
follows: Wenn surf gets started, it sets up the two communication pipes,
the surf web extension gets initialized and 'initwebextensions' in surf.c
gets called.
This function sends the numbers for the two file descriptors to the
extension.
Afterwards, the web process gets forked off, the two file descriptors
get copied and the extension code notifies surf through the pipes, so
that surf can close the reading end of 'pipeout' and the writing end of
'pipein'.

So far so good, now the extension can use the pipes for communication.
In some cases though, a new web process gets started, which again
initializes the web extension and calls 'initwebextensions'.
This web extension however, now receives the integers for the already
closed file descriptors, which leads probably to undefined behaviour.

My fix for this (see attachment for the patch) would be to just send a boolean value to the web
extension, which tells it, if this is the first invocation or not.
On the first invocation the extension can just do what it is used to and
on the second it does nothing.
This is more legit than to prevent the second invocation entirely, as
webkit doesn't really provide any useful functions for this.

Also, i closed all unnecesary file descriptors on the side of the web
extension. It is kind of weird that no one did this before, given that
you were going to the trouble of an extra communication step, just to
close those on surf's side.

Kind Regards,
Jona

Received on Sat Oct 17 2020 - 19:16:35 CEST