Title: [209995] trunk/Source/WebKit2
- Revision
- 209995
- Author
- ander...@apple.com
- Date
- 2016-12-19 13:27:15 -0800 (Mon, 19 Dec 2016)
Log Message
REGRESSION: Crash in com.apple.WebKit:IPC::Connection::platformCanSendOutgoingMessages() const + 0
https://bugs.webkit.org/show_bug.cgi?id=165817
rdar://problem/29626731
Reviewed by Dan Bernstein.
If the receive right is invalidated before we send the message, the kernel won't be able to create a send right,
and we'll crash due to mach_msg returning MACH_SEND_INVALID_RIGHT.
Fix this by immediately creating a send right, and passing MACH_MSG_TYPE_MOVE_SEND to the attachment constructor.
* WebProcess/WebPage/WebInspector.cpp:
(WebKit::WebInspector::openFrontendConnection):
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (209994 => 209995)
--- trunk/Source/WebKit2/ChangeLog 2016-12-19 20:33:57 UTC (rev 209994)
+++ trunk/Source/WebKit2/ChangeLog 2016-12-19 21:27:15 UTC (rev 209995)
@@ -1,3 +1,19 @@
+2016-12-19 Anders Carlsson <ander...@apple.com>
+
+ REGRESSION: Crash in com.apple.WebKit:IPC::Connection::platformCanSendOutgoingMessages() const + 0
+ https://bugs.webkit.org/show_bug.cgi?id=165817
+ rdar://problem/29626731
+
+ Reviewed by Dan Bernstein.
+
+ If the receive right is invalidated before we send the message, the kernel won't be able to create a send right,
+ and we'll crash due to mach_msg returning MACH_SEND_INVALID_RIGHT.
+
+ Fix this by immediately creating a send right, and passing MACH_MSG_TYPE_MOVE_SEND to the attachment constructor.
+
+ * WebProcess/WebPage/WebInspector.cpp:
+ (WebKit::WebInspector::openFrontendConnection):
+
2016-12-18 Simon Fraser <simon.fra...@apple.com>
Expose a way for MiniBrowser to simulate header and footer banners
Modified: trunk/Source/WebKit2/WebProcess/WebPage/WebInspector.cpp (209994 => 209995)
--- trunk/Source/WebKit2/WebProcess/WebPage/WebInspector.cpp 2016-12-19 20:33:57 UTC (rev 209994)
+++ trunk/Source/WebKit2/WebProcess/WebPage/WebInspector.cpp 2016-12-19 21:27:15 UTC (rev 209995)
@@ -79,9 +79,11 @@
#elif OS(DARWIN)
mach_port_t listeningPort;
mach_port_allocate(mach_task_self(), MACH_PORT_RIGHT_RECEIVE, &listeningPort);
+ mach_port_insert_right(mach_task_self(), listeningPort, listeningPort, MACH_MSG_TYPE_MAKE_SEND);
IPC::Connection::Identifier connectionIdentifier(listeningPort);
- IPC::Attachment connectionClientPort(listeningPort, MACH_MSG_TYPE_MAKE_SEND);
+ IPC::Attachment connectionClientPort(listeningPort, MACH_MSG_TYPE_MOVE_SEND);
+
#else
notImplemented();
return;
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes