Title: [233293] tags/Safari-606.1.23/Source/WebCore
- Revision
- 233293
- Author
- [email protected]
- Date
- 2018-06-27 17:32:47 -0700 (Wed, 27 Jun 2018)
Log Message
Cherry-pick r233279. rdar://problem/41539197
Crash under SWServer::unregisterServiceWorkerClient()
https://bugs.webkit.org/show_bug.cgi?id=187115
<rdar://problem/41539197>
Reviewed by Youenn Fablet.
Connections are usually destroyed before their SWServer. However, as per crash traces, it is possible
for SWServers to get destroyed while they still have connections. When this happens, the connections
(which are owned by the SWServer) get destroyed with other SWServer data members. In turn, the
connection destructor tries to unregister its clients from the server that is currently being destroyed.
To address the issue, the SWServer destructor now destroys remaining connections early, before SWServer's
other data members get destroyed.
* workers/service/server/SWServer.cpp:
(WebCore::SWServer::~SWServer):
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233279 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: tags/Safari-606.1.23/Source/WebCore/ChangeLog (233292 => 233293)
--- tags/Safari-606.1.23/Source/WebCore/ChangeLog 2018-06-28 00:25:06 UTC (rev 233292)
+++ tags/Safari-606.1.23/Source/WebCore/ChangeLog 2018-06-28 00:32:47 UTC (rev 233293)
@@ -1,3 +1,46 @@
+2018-06-27 Kocsen Chung <[email protected]>
+
+ Cherry-pick r233279. rdar://problem/41539197
+
+ Crash under SWServer::unregisterServiceWorkerClient()
+ https://bugs.webkit.org/show_bug.cgi?id=187115
+ <rdar://problem/41539197>
+
+ Reviewed by Youenn Fablet.
+
+ Connections are usually destroyed before their SWServer. However, as per crash traces, it is possible
+ for SWServers to get destroyed while they still have connections. When this happens, the connections
+ (which are owned by the SWServer) get destroyed with other SWServer data members. In turn, the
+ connection destructor tries to unregister its clients from the server that is currently being destroyed.
+
+ To address the issue, the SWServer destructor now destroys remaining connections early, before SWServer's
+ other data members get destroyed.
+
+ * workers/service/server/SWServer.cpp:
+ (WebCore::SWServer::~SWServer):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@233279 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2018-06-27 Chris Dumez <[email protected]>
+
+ Crash under SWServer::unregisterServiceWorkerClient()
+ https://bugs.webkit.org/show_bug.cgi?id=187115
+ <rdar://problem/41539197>
+
+ Reviewed by Youenn Fablet.
+
+ Connections are usually destroyed before their SWServer. However, as per crash traces, it is possible
+ for SWServers to get destroyed while they still have connections. When this happens, the connections
+ (which are owned by the SWServer) get destroyed with other SWServer data members. In turn, the
+ connection destructor tries to unregister its clients from the server that is currently being destroyed.
+
+ To address the issue, the SWServer destructor now destroys remaining connections early, before SWServer's
+ other data members get destroyed.
+
+ * workers/service/server/SWServer.cpp:
+ (WebCore::SWServer::~SWServer):
+
2018-06-21 Emilio Cobos Álvarez <[email protected]>
Move clearChildNeedsStyleRecalc into resetStyleForNonRenderedDescendants.
Modified: tags/Safari-606.1.23/Source/WebCore/workers/service/server/SWServer.cpp (233292 => 233293)
--- tags/Safari-606.1.23/Source/WebCore/workers/service/server/SWServer.cpp 2018-06-28 00:25:06 UTC (rev 233292)
+++ tags/Safari-606.1.23/Source/WebCore/workers/service/server/SWServer.cpp 2018-06-28 00:32:47 UTC (rev 233293)
@@ -64,6 +64,10 @@
SWServer::~SWServer()
{
+ // Destroy the remaining connections before the SWServer gets destroyed since they have a raw pointer
+ // to the server and since they try to unregister clients from the server in their destructor.
+ m_connections.clear();
+
allServers().remove(this);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
