Title: [240625] tags/Safari-608.1.3
- Revision
- 240625
- Author
- [email protected]
- Date
- 2019-01-28 17:14:35 -0800 (Mon, 28 Jan 2019)
Log Message
Cherry-pick r240599. rdar://problem/47560907
Regression(PSON) Crash under WebPageProxy::didStartProgress()
https://bugs.webkit.org/show_bug.cgi?id=193915
<rdar://problem/47560907>
Reviewed by Alex Christensen.
Source/WebKit:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::close):
Make sure we destroy the ProvisionalPageProxy if the page gets closed as we do not want to keep receiving
IPC after this or even worse, commit the provisional page.
(WebKit::WebPageProxy::didStartProgress):
Add an assertion in didStartProgress() to make sure we do not receive this IPC after the page has been
closed.
Tools:
Add API test coverage.
* TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240599 268f45cc-cd09-0410-ab3c-d52691b4dbfc
Modified Paths
Diff
Modified: tags/Safari-608.1.3/Source/WebKit/ChangeLog (240624 => 240625)
--- tags/Safari-608.1.3/Source/WebKit/ChangeLog 2019-01-29 01:12:31 UTC (rev 240624)
+++ tags/Safari-608.1.3/Source/WebKit/ChangeLog 2019-01-29 01:14:35 UTC (rev 240625)
@@ -1,3 +1,49 @@
+2019-01-28 Alan Coon <[email protected]>
+
+ Cherry-pick r240599. rdar://problem/47560907
+
+ Regression(PSON) Crash under WebPageProxy::didStartProgress()
+ https://bugs.webkit.org/show_bug.cgi?id=193915
+ <rdar://problem/47560907>
+
+ Reviewed by Alex Christensen.
+
+ Source/WebKit:
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::close):
+ Make sure we destroy the ProvisionalPageProxy if the page gets closed as we do not want to keep receiving
+ IPC after this or even worse, commit the provisional page.
+
+ (WebKit::WebPageProxy::didStartProgress):
+ Add an assertion in didStartProgress() to make sure we do not receive this IPC after the page has been
+ closed.
+
+ Tools:
+
+ Add API test coverage.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240599 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-01-28 Chris Dumez <[email protected]>
+
+ Regression(PSON) Crash under WebPageProxy::didStartProgress()
+ https://bugs.webkit.org/show_bug.cgi?id=193915
+ <rdar://problem/47560907>
+
+ Reviewed by Alex Christensen.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::close):
+ Make sure we destroy the ProvisionalPageProxy if the page gets closed as we do not want to keep receiving
+ IPC after this or even worse, commit the provisional page.
+
+ (WebKit::WebPageProxy::didStartProgress):
+ Add an assertion in didStartProgress() to make sure we do not receive this IPC after the page has been
+ closed.
+
2019-01-28 Antoine Quint <[email protected]>
Limit user-agent interactions based on the touch-action property on iOS
Modified: tags/Safari-608.1.3/Source/WebKit/UIProcess/WebPageProxy.cpp (240624 => 240625)
--- tags/Safari-608.1.3/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-01-29 01:12:31 UTC (rev 240624)
+++ tags/Safari-608.1.3/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-01-29 01:14:35 UTC (rev 240625)
@@ -965,6 +965,8 @@
m_activeContextMenu = nullptr;
#endif
+ m_provisionalPage = nullptr;
+
m_inspector->invalidate();
m_backForwardList->pageClosed();
@@ -3711,6 +3713,8 @@
void WebPageProxy::didStartProgress()
{
+ ASSERT(!m_isClosed);
+
PageClientProtector protector(pageClient());
auto transaction = m_pageLoadState.transaction();
Modified: tags/Safari-608.1.3/Tools/ChangeLog (240624 => 240625)
--- tags/Safari-608.1.3/Tools/ChangeLog 2019-01-29 01:12:31 UTC (rev 240624)
+++ tags/Safari-608.1.3/Tools/ChangeLog 2019-01-29 01:14:35 UTC (rev 240625)
@@ -1,3 +1,44 @@
+2019-01-28 Alan Coon <[email protected]>
+
+ Cherry-pick r240599. rdar://problem/47560907
+
+ Regression(PSON) Crash under WebPageProxy::didStartProgress()
+ https://bugs.webkit.org/show_bug.cgi?id=193915
+ <rdar://problem/47560907>
+
+ Reviewed by Alex Christensen.
+
+ Source/WebKit:
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::close):
+ Make sure we destroy the ProvisionalPageProxy if the page gets closed as we do not want to keep receiving
+ IPC after this or even worse, commit the provisional page.
+
+ (WebKit::WebPageProxy::didStartProgress):
+ Add an assertion in didStartProgress() to make sure we do not receive this IPC after the page has been
+ closed.
+
+ Tools:
+
+ Add API test coverage.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@240599 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-01-28 Chris Dumez <[email protected]>
+
+ Regression(PSON) Crash under WebPageProxy::didStartProgress()
+ https://bugs.webkit.org/show_bug.cgi?id=193915
+ <rdar://problem/47560907>
+
+ Reviewed by Alex Christensen.
+
+ Add API test coverage.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm:
+
2019-01-28 Rob Buis <[email protected]>
Update MIME type parser
Modified: tags/Safari-608.1.3/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm (240624 => 240625)
--- tags/Safari-608.1.3/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm 2019-01-29 01:12:31 UTC (rev 240624)
+++ tags/Safari-608.1.3/Tools/TestWebKitAPI/Tests/WebKitCocoa/ProcessSwapOnNavigation.mm 2019-01-29 01:14:35 UTC (rev 240625)
@@ -3351,6 +3351,44 @@
EXPECT_NE(applePID, [webView _webProcessIdentifier]);
}
+
+TEST(ProcessSwap, ClosePageAfterCrossSiteProvisionalLoad)
+{
+ auto processPoolConfiguration = adoptNS([[_WKProcessPoolConfiguration alloc] init]);
+ processPoolConfiguration.get().processSwapsOnNavigation = YES;
+ auto processPool = adoptNS([[WKProcessPool alloc] _initWithConfiguration:processPoolConfiguration.get()]);
+
+ auto webViewConfiguration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ [webViewConfiguration setProcessPool:processPool.get()];
+ auto handler = adoptNS([[PSONScheme alloc] init]);
+ [webViewConfiguration setURLSchemeHandler:handler.get() forURLScheme:@"PSON"];
+
+ auto webView = adoptNS([[WKWebView alloc] initWithFrame:NSMakeRect(0, 0, 800, 600) configuration:webViewConfiguration.get()]);
+ auto navigationDelegate = adoptNS([[PSONNavigationDelegate alloc] init]);
+ [webView setNavigationDelegate:navigationDelegate.get()];
+
+ [webView configuration].preferences.safeBrowsingEnabled = NO;
+
+ [webView loadRequest:[NSURLRequest requestWithURL:[NSURL URLWithString:@"pson://www.webkit.org/main.html"]]];
+ TestWebKitAPI::Util::run(&done);
+ done = false;
+
+ didStartProvisionalLoad = false;
+ [webView loadRequest:[NSURLRequest requestWithURL:[[NSBundle mainBundle] URLForResource:@"simple" withExtension:@"html" subdirectory:@"TestWebKitAPI.resources"]]];
+
+ navigationDelegate->decidePolicyForNavigationAction = ^(WKNavigationAction *, void (^decisionHandler)(WKNavigationActionPolicy)) {
+ decisionHandler(WKNavigationActionPolicyAllow);
+
+ [webView _close];
+ done = true;
+ };
+
+ TestWebKitAPI::Util::run(&done);
+ done = false;
+
+ TestWebKitAPI::Util::sleep(0.5);
+}
+
#if PLATFORM(MAC)
static const char* saveOpenerTestBytes = R"PSONRESOURCE(
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
