[webkit-changes] [209995] trunk/Source/WebKit2

[andersca]

Title: [209995] trunk/Source/WebKit2

Revision

209995

Author

ander...@apple.com

Date

2016-12-19 13:27:15 -0800 (Mon, 19 Dec 2016)

Log Message

REGRESSION: Crash in com.apple.WebKit:IPC::Connection::platformCanSendOutgoingMessages() const + 0
https://bugs.webkit.org/show_bug.cgi?id=165817
rdar://problem/29626731

Reviewed by Dan Bernstein.

If the receive right is invalidated before we send the message, the kernel won't be able to create a send right,
and we'll crash due to mach_msg returning MACH_SEND_INVALID_RIGHT.

Fix this by immediately creating a send right, and passing MACH_MSG_TYPE_MOVE_SEND to the attachment constructor.

* WebProcess/WebPage/WebInspector.cpp:
(WebKit::WebInspector::openFrontendConnection):

Modified Paths

• trunk/Source/WebKit2/ChangeLog
• trunk/Source/WebKit2/WebProcess/WebPage/WebInspector.cpp

Diff

Modified: trunk/Source/WebKit2/ChangeLog (209994 => 209995)

--- trunk/Source/WebKit2/ChangeLog	2016-12-19 20:33:57 UTC (rev 209994)
+++ trunk/Source/WebKit2/ChangeLog	2016-12-19 21:27:15 UTC (rev 209995)
@@ -1,3 +1,19 @@
+2016-12-19  Anders Carlsson  <ander...@apple.com>
+
+        REGRESSION: Crash in com.apple.WebKit:IPC::Connection::platformCanSendOutgoingMessages() const + 0
+        https://bugs.webkit.org/show_bug.cgi?id=165817
+        rdar://problem/29626731
+
+        Reviewed by Dan Bernstein.
+
+        If the receive right is invalidated before we send the message, the kernel won't be able to create a send right,
+        and we'll crash due to mach_msg returning MACH_SEND_INVALID_RIGHT.
+        
+        Fix this by immediately creating a send right, and passing MACH_MSG_TYPE_MOVE_SEND to the attachment constructor.
+
+        * WebProcess/WebPage/WebInspector.cpp:
+        (WebKit::WebInspector::openFrontendConnection):
+
 2016-12-18  Simon Fraser  <simon.fra...@apple.com>
 
         Expose a way for MiniBrowser to simulate header and footer banners

Modified: trunk/Source/WebKit2/WebProcess/WebPage/WebInspector.cpp (209994 => 209995)

--- trunk/Source/WebKit2/WebProcess/WebPage/WebInspector.cpp	2016-12-19 20:33:57 UTC (rev 209994)
+++ trunk/Source/WebKit2/WebProcess/WebPage/WebInspector.cpp	2016-12-19 21:27:15 UTC (rev 209995)
@@ -79,9 +79,11 @@
 #elif OS(DARWIN)
     mach_port_t listeningPort;
     mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &listeningPort);
+    mach_port_insert_right(mach_task_self(), listeningPort, listeningPort, MACH_MSG_TYPE_MAKE_SEND);
 
     IPC::Connection::Identifier connectionIdentifier(listeningPort);
-    IPC::Attachment connectionClientPort(listeningPort, MACH_MSG_TYPE_MAKE_SEND);
+    IPC::Attachment connectionClientPort(listeningPort, MACH_MSG_TYPE_MOVE_SEND);
+
 #else
     notImplemented();
     return;

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes