← All issues

Clear-Site-Data "cache" failed to evict BFCache/MemoryCache via SecurityOriginHash ODR violation

20790ef

The C++ ODR requires a template to have exactly one definition across all translation units. HashSet<Ref<SecurityOrigin>> has two candidate DefaultHash specializations: the content-based SecurityOriginHash (from SecurityOriginHash.h) and the generic pointer-based PtrHash (always available). When a TU instantiates the HashSet without including SecurityOriginHash.h, both definitions of the inline add()/contains() end up in the binary with different hashing semantics and the linker silently keeps one.

Source/WebCore/page/SecurityOrigin.h

+namespace WTF {
+// The content-based DefaultHash specialization for Ref<SecurityOrigin> is
+// declared here but intentionally defined only in SecurityOriginHash.h. Using
+// Ref<SecurityOrigin> as a hash-table key without including SecurityOriginHash.h
+// is therefore a hard compile error rather than a silent fall back to pointer hashing.
+template<typename> struct DefaultHash;
+template<> struct DefaultHash<Ref<WebCore::SecurityOrigin>>; // Defined in SecurityOriginHash.h
+} // namespace WTF

WebProcess.cpp built the origin set with pointer hashing; WebCore queried it with freshly-created SecurityOrigin objects using content hashing — the pointer addresses never matched, so contains() always returned false and neither cache was cleared. The violation became load-bearing in commit 307882@main, which converted these containers from RefPtr to Ref. The fix forward-declares DefaultHash<Ref<SecurityOrigin>> as an incomplete type in SecurityOrigin.h, turning any future silent miscompile into a hard compile error.

Clear-Site-Data: "cache" is used by servers at logout to purge cached resources — silently failing here left post-logout BFCache and memory-cache entries reachable for every response processed between commit 307882@main and this fix.

🔒

The scope of the silent failure and the class of similar ODR violations elsewhere in the codebase are both worth investigating.

Subscribe to read more