Title: [277108] branches/safari-611.2.7.0-branch/Source/WebKit
- Revision
- 277108
- Author
- repst...@apple.com
- Date
- 2021-05-06 12:24:44 -0700 (Thu, 06 May 2021)
Log Message
Apply patch. rdar://problem/77619719
Modified Paths
Diff
Modified: branches/safari-611.2.7.0-branch/Source/WebKit/ChangeLog (277107 => 277108)
--- branches/safari-611.2.7.0-branch/Source/WebKit/ChangeLog 2021-05-06 19:21:53 UTC (rev 277107)
+++ branches/safari-611.2.7.0-branch/Source/WebKit/ChangeLog 2021-05-06 19:24:44 UTC (rev 277108)
@@ -1,3 +1,26 @@
+2021-05-06 Russell Epstein <repst...@apple.com>
+
+ Apply patch. rdar://problem/77619719
+
+ 2021-05-06 Chris Dumez <cdu...@apple.com>
+
+ Crash under IPC::Connection::dispatchMessageToWorkQueueReceiver()
+ <rdar://77576143>
+
+ Reviewed by Alex Christensen.
+
+ When r274565 was merged to the safari-611-branch branch, its `ASSERT(connection.m_incomingMessagesMutex.isHeld())`
+ did not hold there. Unlike trunk, the call-site (Connection::processIncomingMessage(std::unique_ptr<Decoder>)) does
+ not hold the m_incomingMessagesMutex lock on the safari-611-branch branch. This leads to crashes due to lack of
+ synchronization when accessing / modifying the m_incomingMessages Dequeue on the main thread and IPC thread in
+ parallel. To address the issue on the safari-611-branch branch, we now grab the m_incomingMessagesMutex lock before
+ modifying the m_incomingMessages Dequeue in Connection::SyncMessageState::processIncomingMessage().
+
+ No new tests, existing tests were crashing in debug already.
+
+ * Platform/IPC/Connection.cpp:
+ (IPC::Connection::SyncMessageState::processIncomingMessage):
+
2021-05-03 Russell Epstein <repst...@apple.com>
Cherry-pick r276852. rdar://problem/77468295
Modified: branches/safari-611.2.7.0-branch/Source/WebKit/Platform/IPC/Connection.cpp (277107 => 277108)
--- branches/safari-611.2.7.0-branch/Source/WebKit/Platform/IPC/Connection.cpp 2021-05-06 19:21:53 UTC (rev 277107)
+++ branches/safari-611.2.7.0-branch/Source/WebKit/Platform/IPC/Connection.cpp 2021-05-06 19:24:44 UTC (rev 277108)
@@ -147,7 +147,7 @@
{
auto locker = holdLock(m_mutex);
shouldDispatch = m_didScheduleDispatchMessagesWorkSet.add(&connection).isNewEntry;
- ASSERT(connection.m_incomingMessagesMutex.isHeld());
+ auto incomingMessagesLocker = holdLock(connection.m_incomingMessagesMutex);
if (message->shouldMaintainOrderingWithAsyncMessages()) {
// This sync message should maintain ordering with async messages so we need to process the pending async messages first.
while (!connection.m_incomingMessages.isEmpty())
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes