Skip to site navigation (Press enter)

[webkit-changes] [239617] trunk

cdumez Fri, 04 Jan 2019 10:02:41 -0800

Title: [239617] trunk

Revision: 239617
Author: [email protected]
Date: 2019-01-04 10:01:10 -0800 (Fri, 04 Jan 2019)

Log Message

Crash under WebProcessPool::addSuspendedPage()
https://bugs.webkit.org/show_bug.cgi?id=193110


Reviewed by Youenn Fablet.

Source/WebKit:

When PageCache is disabled, WebProcessPool::m_maxSuspendedPageCount is 0 and WebProcessPool::addSuspendedPage()
would call m_suspendedPages.removeFirst() even though m_suspendedPages is empty, causing a crash.
Do an early return when m_maxSuspendedPageCount is 0 since we do not want to add any suspended page in this
case.

* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::addSuspendedPage):

Tools:

Add API test coverage.

* TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/WebProcessPool.cpp
trunk/Tools/ChangeLog
trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm

Diff

Modified: trunk/Source/WebKit/ChangeLog (239616 => 239617)


--- trunk/Source/WebKit/ChangeLog	2019-01-04 18:00:01 UTC (rev 239616)
+++ trunk/Source/WebKit/ChangeLog	2019-01-04 18:01:10 UTC (rev 239617)
@@ -1,3 +1,18 @@
+2019-01-04  Chris Dumez  <[email protected]>
+
+        Crash under WebProcessPool::addSuspendedPage()
+        https://bugs.webkit.org/show_bug.cgi?id=193110
+
+        Reviewed by Youenn Fablet.
+
+        When PageCache is disabled, WebProcessPool::m_maxSuspendedPageCount is 0 and WebProcessPool::addSuspendedPage()
+        would call m_suspendedPages.removeFirst() even though m_suspendedPages is empty, causing a crash.
+        Do an early return when m_maxSuspendedPageCount is 0 since we do not want to add any suspended page in this
+        case.
+
+        * UIProcess/WebProcessPool.cpp:
+        (WebKit::WebProcessPool::addSuspendedPage):
+
 2019-01-03  Brent Fulgham  <[email protected]>
 
         [iOS] Silently deny access to mail settings triggered by MessageUI framework

Modified: trunk/Source/WebKit/UIProcess/WebProcessPool.cpp (239616 => 239617)


--- trunk/Source/WebKit/UIProcess/WebProcessPool.cpp	2019-01-04 18:00:01 UTC (rev 239616)
+++ trunk/Source/WebKit/UIProcess/WebProcessPool.cpp	2019-01-04 18:01:10 UTC (rev 239617)
@@ -2256,6 +2256,9 @@
 
 void WebProcessPool::addSuspendedPage(std::unique_ptr<SuspendedPageProxy>&& suspendedPage)
 {
+    if (!m_maxSuspendedPageCount)
+        return;
+
     if (m_suspendedPages.size() >= m_maxSuspendedPageCount)
         m_suspendedPages.removeFirst();

Modified: trunk/Tools/ChangeLog (239616 => 239617)


--- trunk/Tools/ChangeLog	2019-01-04 18:00:01 UTC (rev 239616)
+++ trunk/Tools/ChangeLog	2019-01-04 18:01:10 UTC (rev 239617)
@@ -1,3 +1,14 @@
+2019-01-04  Chris Dumez  <[email protected]>
+
+        Crash under WebProcessPool::addSuspendedPage()
+        https://bugs.webkit.org/show_bug.cgi?id=193110
+
+        Reviewed by Youenn Fablet.
+
+        Add API test coverage.
+
+        * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+
 2019-01-04  Aakash Jain  <[email protected]>
 
         [ews-build] Check patch relevance before applying the patch

Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm (239616 => 239617)


--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm	2019-01-04 18:00:01 UTC (rev 239616)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm	2019-01-04 18:01:10 UTC (rev 239617)
@@ -2735,6 +2735,41 @@
     EXPECT_EQ(pid2, pid3);
 }
 
+TEST(ProcessSwap, NavigateCrossSiteWithPageCacheDisabled)
+{
+    auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]);
+    processPoolConfiguration.get().processSwapsOnNavigation = YES;
+    processPoolConfiguration.get().pageCacheEnabled = NO;
+    auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]);
+
+    auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);
+    [webViewConfiguration setProcessPool:processPool.get()];
+    auto handler = adoptNS([[PSONScheme alloc] init]);
+    [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"];
+
+    auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]);
+    auto navigationDelegate = adoptNS([[PSONNavigationDelegate alloc] init]);
+    [webView setNavigationDelegate:navigationDelegate.get()];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.webkit.org/main.html"]]];
+    TestWebKitAPI::Util::run(&done);
+    done = false;
+    auto webkitPID = [webView _webProcessIdentifier];
+
+    [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.apple.com/main.html"]]];
+    TestWebKitAPI::Util::run(&done);
+    done = false;
+    auto applePID = [webView _webProcessIdentifier];
+
+    EXPECT_NE(webkitPID, applePID);
+
+    [webView goBack];
+    TestWebKitAPI::Util::run(&done);
+    done = false;
+
+    EXPECT_NE(applePID, [webView _webProcessIdentifier]);
+}
+
 TEST(ProcessSwap, APIControlledProcessSwapping)
 {
     auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes