Title: [232157] trunk/Source/WebKit
- Revision
- 232157
- Author
- [email protected]
- Date
- 2018-05-24 12:13:28 -0700 (Thu, 24 May 2018)
Log Message
Crash under WebKit::PluginProxy::destroy()
https://bugs.webkit.org/show_bug.cgi?id=185841
<rdar://problem/39936896>
Reviewed by Brent Fulgham.
A release assert in Connection::sencSync is failing since scripts are not allowed in this context,
and the WebKit process is allowed to process incoming messages while waiting for the sync reply.
In this context, scripts are disallowed in the method Element::addShadowRoot. To make sure the
WebContent process will not wait indefinitely for a reply from the Plugin process, use a timeout
of 1 second when sending the message.
* WebProcess/Plugins/PluginProxy.cpp:
(WebKit::PluginProxy::destroy):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (232156 => 232157)
--- trunk/Source/WebKit/ChangeLog 2018-05-24 18:10:05 UTC (rev 232156)
+++ trunk/Source/WebKit/ChangeLog 2018-05-24 19:13:28 UTC (rev 232157)
@@ -1,3 +1,20 @@
+2018-05-24 Per Arne Vollan <[email protected]>
+
+ Crash under WebKit::PluginProxy::destroy()
+ https://bugs.webkit.org/show_bug.cgi?id=185841
+ <rdar://problem/39936896>
+
+ Reviewed by Brent Fulgham.
+
+ A release assert in Connection::sencSync is failing since scripts are not allowed in this context,
+ and the WebKit process is allowed to process incoming messages while waiting for the sync reply.
+ In this context, scripts are disallowed in the method Element::addShadowRoot. To make sure the
+ WebContent process will not wait indefinitely for a reply from the Plugin process, use a timeout
+ of 1 second when sending the message.
+
+ * WebProcess/Plugins/PluginProxy.cpp:
+ (WebKit::PluginProxy::destroy):
+
2018-05-24 Carlos Garcia Campos <[email protected]>
Unreviewed. Fix GTK+ input method unit tests after r232049.
Modified: trunk/Source/WebKit/WebProcess/Plugins/PluginProxy.cpp (232156 => 232157)
--- trunk/Source/WebKit/WebProcess/Plugins/PluginProxy.cpp 2018-05-24 18:10:05 UTC (rev 232156)
+++ trunk/Source/WebKit/WebProcess/Plugins/PluginProxy.cpp 2018-05-24 19:13:28 UTC (rev 232157)
@@ -196,7 +196,9 @@
if (!m_connection)
return;
- m_connection->connection()->sendSync(Messages::WebProcessConnection::DestroyPlugin(m_pluginInstanceID, m_waitingOnAsynchronousInitialization), Messages::WebProcessConnection::DestroyPlugin::Reply(), 0);
+ // Although this message is sent synchronously, the Plugin process replies immediately (before performing any tasks) so this is only waiting for
+ // confirmation that the Plugin process received the DestroyPlugin message.
+ m_connection->connection()->sendSync(Messages::WebProcessConnection::DestroyPlugin(m_pluginInstanceID, m_waitingOnAsynchronousInitialization), Messages::WebProcessConnection::DestroyPlugin::Reply(), 0, 1_s, IPC::SendSyncOption::DoNotProcessIncomingMessagesWhenWaitingForSyncReply);
m_connection->removePluginProxy(this);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
