Title: [203909] trunk/Source/WebKit2
- Revision
- 203909
- Author
- [email protected]
- Date
- 2016-07-29 11:45:15 -0700 (Fri, 29 Jul 2016)
Log Message
Crash with an Invalid Web Process IPC Message ID: WebPageProxy.AttributedStringForCharacterRangeCallback
https://bugs.webkit.org/show_bug.cgi?id=160334
<rdar://problem/27078089>
Reviewed by Alexey Proskuryakov.
The crash is most likely caused by an MESSAGE_CHECK failure in WebPageProxy::attributedStringForCharacterRangeCallback
which marks the currently dispatching message was invalid inside the macro.
Make sure we never fail this check by sending an empty EditingRange in attributedSubstringForCharacterRangeAsync when
the editing range we're about to send to the UIProcess is invalid in WebProcess.
Unfortunately, no new tests since we don't have any reproduction and I couldn't spot any code path in which we end up
with an invalid EditingRage here with multiple inspection of the relevant code.
* WebProcess/WebPage/mac/WebPageMac.mm:
(WebKit::WebPage::attributedSubstringForCharacterRangeAsync):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (203908 => 203909)
--- trunk/Source/WebKit2/ChangeLog 2016-07-29 18:40:27 UTC (rev 203908)
+++ trunk/Source/WebKit2/ChangeLog 2016-07-29 18:45:15 UTC (rev 203909)
@@ -1,3 +1,23 @@
+2016-07-28 Ryosuke Niwa <[email protected]>
+
+ Crash with an Invalid Web Process IPC Message ID: WebPageProxy.AttributedStringForCharacterRangeCallback
+ https://bugs.webkit.org/show_bug.cgi?id=160334
+ <rdar://problem/27078089>
+
+ Reviewed by Alexey Proskuryakov.
+
+ The crash is most likely caused by an MESSAGE_CHECK failure in WebPageProxy::attributedStringForCharacterRangeCallback
+ which marks the currently dispatching message was invalid inside the macro.
+
+ Make sure we never fail this check by sending an empty EditingRange in attributedSubstringForCharacterRangeAsync when
+ the editing range we're about to send to the UIProcess is invalid in WebProcess.
+
+ Unfortunately, no new tests since we don't have any reproduction and I couldn't spot any code path in which we end up
+ with an invalid EditingRage here with multiple inspection of the relevant code.
+
+ * WebProcess/WebPage/mac/WebPageMac.mm:
+ (WebKit::WebPage::attributedSubstringForCharacterRangeAsync):
+
2016-07-28 Carlos Garcia Campos <[email protected]>
Split calculateCacheSizes in two methods
Modified: trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm (203908 => 203909)
--- trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm 2016-07-29 18:40:27 UTC (rev 203908)
+++ trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm 2016-07-29 18:45:15 UTC (rev 203909)
@@ -352,7 +352,15 @@
result.string = [attributedString attributedSubstringFromRange:NSMakeRange(0, editingRange.length)];
}
- send(Messages::WebPageProxy::AttributedStringForCharacterRangeCallback(result, EditingRange(editingRange.location, [result.string length]), callbackID));
+ EditingRange rangeToSend(editingRange.location, [result.string length]);
+ ASSERT(rangeToSend.isValid());
+ if (!rangeToSend.isValid()) {
+ // Send an empty EditingRange as a last resort for <rdar://problem/27078089>.
+ send(Messages::WebPageProxy::AttributedStringForCharacterRangeCallback(result, EditingRange(), callbackID));
+ return;
+ }
+
+ send(Messages::WebPageProxy::AttributedStringForCharacterRangeCallback(result, rangeToSend, callbackID));
}
void WebPage::fontAtSelection(uint64_t callbackID)
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
