Title: [232808] trunk/Source/WebKit
- Revision
- 232808
- Author
- bfulg...@apple.com
- Date
- 2018-06-13 13:47:17 -0700 (Wed, 13 Jun 2018)
Log Message
Crash during interrupted process termination
https://bugs.webkit.org/show_bug.cgi?id=185373
<rdar://problem/40019480>
Reviewed by Alex Christensen.
It's possible to encounter a crash if a user agent feature (such as Safari's responsiveness timer) decides
to kill a Web Process around the same time that a user decides to trigger a new page load. One of the two
termination operations may attempt to call methods on a nulled process pointer.
We can avoid this by holding our own reference to the terminating process until the termination steps have
been completed.
* UIProcess/API/C/WKPage.cpp:
(WKPageTerminate): Ref<> the active process while the termination call is performed.
* UIProcess/API/Cocoa/WKWebView.mm:
([WKWebView _killWebContentProcessAndResetState]): Ditto.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (232807 => 232808)
--- trunk/Source/WebKit/ChangeLog 2018-06-13 20:29:08 UTC (rev 232807)
+++ trunk/Source/WebKit/ChangeLog 2018-06-13 20:47:17 UTC (rev 232808)
@@ -1,3 +1,23 @@
+2018-06-13 Brent Fulgham <bfulg...@apple.com>
+
+ Crash during interrupted process termination
+ https://bugs.webkit.org/show_bug.cgi?id=185373
+ <rdar://problem/40019480>
+
+ Reviewed by Alex Christensen.
+
+ It's possible to encounter a crash if a user agent feature (such as Safari's responsiveness timer) decides
+ to kill a Web Process around the same time that a user decides to trigger a new page load. One of the two
+ termination operations may attempt to call methods on a nulled process pointer.
+
+ We can avoid this by holding our own reference to the terminating process until the termination steps have
+ been completed.
+
+ * UIProcess/API/C/WKPage.cpp:
+ (WKPageTerminate): Ref<> the active process while the termination call is performed.
+ * UIProcess/API/Cocoa/WKWebView.mm:
+ ([WKWebView _killWebContentProcessAndResetState]): Ditto.
+
2018-06-13 Brian Burg <bb...@apple.com>
[Cocoa] Web Automation: wrong modifiers sent for 'Help' virtual key
Modified: trunk/Source/WebKit/UIProcess/API/C/WKPage.cpp (232807 => 232808)
--- trunk/Source/WebKit/UIProcess/API/C/WKPage.cpp 2018-06-13 20:29:08 UTC (rev 232807)
+++ trunk/Source/WebKit/UIProcess/API/C/WKPage.cpp 2018-06-13 20:47:17 UTC (rev 232808)
@@ -413,7 +413,8 @@
void WKPageTerminate(WKPageRef pageRef)
{
- toImpl(pageRef)->process().requestTermination(ProcessTerminationReason::RequestedByClient);
+ Ref<WebProcessProxy> protectedProcessProxy(toImpl(pageRef)->process());
+ protectedProcessProxy->requestTermination(ProcessTerminationReason::RequestedByClient);
}
WKStringRef WKPageGetSessionHistoryURLValueType()
Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm (232807 => 232808)
--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm 2018-06-13 20:29:08 UTC (rev 232807)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm 2018-06-13 20:47:17 UTC (rev 232808)
@@ -4300,7 +4300,8 @@
- (void)_killWebContentProcessAndResetState
{
- _page->process().requestTermination(WebKit::ProcessTerminationReason::RequestedByClient);
+ Ref<WebKit::WebProcessProxy> protectedProcessProxy(_page->process());
+ protectedProcessProxy->requestTermination(WebKit::ProcessTerminationReason::RequestedByClient);
}
#if PLATFORM(MAC)
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
