Modified: branches/safari-607-branch/Source/WebKit/ChangeLog (244125 => 244126)
--- branches/safari-607-branch/Source/WebKit/ChangeLog 2019-04-10 17:11:11 UTC (rev 244125)
+++ branches/safari-607-branch/Source/WebKit/ChangeLog 2019-04-10 17:11:14 UTC (rev 244126)
@@ -1,3 +1,47 @@
+2019-04-09 Alan Coon <[email protected]>
+
+ Cherry-pick r243848. rdar://problem/49725697
+
+ The page's focusedFrame / frameSetLargestFrame do not get cleared on process swap or crash
+ https://bugs.webkit.org/show_bug.cgi?id=196588
+ <rdar://problem/49365787>
+
+ Reviewed by Ryosuke Niwa.
+
+ Source/WebKit:
+
+ The page's focusedFrame / frameSetLargestFrame do not get cleared on process swap or crash.
+ This can lead to returning stale frames to the client if it asks for those.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::resetState):
+
+ Tools:
+
+ Add API test coverage.
+
+ * TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp:
+ (TestWebKitAPI::nullJavaScriptCallback):
+ (TestWebKitAPI::didCrashCheckFrames):
+ (TestWebKitAPI::TEST):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243848 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-04-03 Chris Dumez <[email protected]>
+
+ The page's focusedFrame / frameSetLargestFrame do not get cleared on process swap or crash
+ https://bugs.webkit.org/show_bug.cgi?id=196588
+ <rdar://problem/49365787>
+
+ Reviewed by Ryosuke Niwa.
+
+ The page's focusedFrame / frameSetLargestFrame do not get cleared on process swap or crash.
+ This can lead to returning stale frames to the client if it asks for those.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::resetState):
+
2019-03-27 Alan Coon <[email protected]>
Cherry-pick r243291. rdar://problem/49307996
Modified: branches/safari-607-branch/Source/WebKit/UIProcess/WebPageProxy.cpp (244125 => 244126)
--- branches/safari-607-branch/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-04-10 17:11:11 UTC (rev 244125)
+++ branches/safari-607-branch/Source/WebKit/UIProcess/WebPageProxy.cpp 2019-04-10 17:11:14 UTC (rev 244126)
@@ -6617,6 +6617,8 @@
void WebPageProxy::resetState(ResetStateReason resetStateReason)
{
m_mainFrame = nullptr;
+ m_focusedFrame = nullptr;
+ m_frameSetLargestFrame = nullptr;
#if PLATFORM(COCOA)
m_scrollingPerformanceData = nullptr;
Modified: branches/safari-607-branch/Tools/ChangeLog (244125 => 244126)
--- branches/safari-607-branch/Tools/ChangeLog 2019-04-10 17:11:11 UTC (rev 244125)
+++ branches/safari-607-branch/Tools/ChangeLog 2019-04-10 17:11:14 UTC (rev 244126)
@@ -1,3 +1,48 @@
+2019-04-09 Alan Coon <[email protected]>
+
+ Cherry-pick r243848. rdar://problem/49725697
+
+ The page's focusedFrame / frameSetLargestFrame do not get cleared on process swap or crash
+ https://bugs.webkit.org/show_bug.cgi?id=196588
+ <rdar://problem/49365787>
+
+ Reviewed by Ryosuke Niwa.
+
+ Source/WebKit:
+
+ The page's focusedFrame / frameSetLargestFrame do not get cleared on process swap or crash.
+ This can lead to returning stale frames to the client if it asks for those.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::resetState):
+
+ Tools:
+
+ Add API test coverage.
+
+ * TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp:
+ (TestWebKitAPI::nullJavaScriptCallback):
+ (TestWebKitAPI::didCrashCheckFrames):
+ (TestWebKitAPI::TEST):
+
+
+ git-svn-id: https://svn.webkit.org/repository/webkit/trunk@243848 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+ 2019-04-03 Chris Dumez <[email protected]>
+
+ The page's focusedFrame / frameSetLargestFrame do not get cleared on process swap or crash
+ https://bugs.webkit.org/show_bug.cgi?id=196588
+ <rdar://problem/49365787>
+
+ Reviewed by Ryosuke Niwa.
+
+ Add API test coverage.
+
+ * TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp:
+ (TestWebKitAPI::nullJavaScriptCallback):
+ (TestWebKitAPI::didCrashCheckFrames):
+ (TestWebKitAPI::TEST):
+
2019-04-05 Alex Christensen <[email protected]>
REGRESSION(AppleWebKit/605.1.15): WebDownloadDelegate delegate methods called on non-main thread
Modified: branches/safari-607-branch/Tools/TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp (244125 => 244126)
--- branches/safari-607-branch/Tools/TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp 2019-04-10 17:11:11 UTC (rev 244125)
+++ branches/safari-607-branch/Tools/TestWebKitAPI/Tests/WebKit/ReloadPageAfterCrash.cpp 2019-04-10 17:11:14 UTC (rev 244126)
@@ -30,12 +30,15 @@
#include "PlatformUtilities.h"
#include "PlatformWebView.h"
#include "Test.h"
+#include <WebKit/WKPagePrivate.h>
#include <WebKit/WKRetainPtr.h>
+#include <signal.h>
namespace TestWebKitAPI {
static bool loadBeforeCrash = false;
static bool loadAfterCrash = false;
+static bool calledCrashHandler = false;
static void didFinishLoad(WKPageRef page, WKNavigationRef, WKTypeRef userData, const void* clientInfo)
{
@@ -88,6 +91,83 @@
Util::run(&loadAfterCrash);
}
+static void nullJavaScriptCallback(WKSerializedScriptValueRef, WKErrorRef, void*)
+{
+}
+
+static void didCrashCheckFrames(WKPageRef page, const void*)
+{
+ // Test if first load actually worked.
+ EXPECT_TRUE(loadBeforeCrash);
+
+ EXPECT_TRUE(!WKPageGetMainFrame(page));
+ EXPECT_TRUE(!WKPageGetFocusedFrame(page));
+ EXPECT_TRUE(!WKPageGetFrameSetLargestFrame(page));
+
+ calledCrashHandler = true;
+}
+
+TEST(WebKit, FocusedFrameAfterCrash)
+{
+ WKRetainPtr<WKContextRef> context(AdoptWK, WKContextCreateWithConfiguration(nullptr));
+ PlatformWebView webView(context.get());
+
+ WKPageNavigationClientV0 loaderClient;
+ memset(&loaderClient, 0, sizeof(loaderClient));
+
+ loaderClient.base.version = 0;
+ loaderClient.didFinishNavigation = didFinishLoad;
+ loaderClient.webProcessDidCrash = didCrashCheckFrames;
+
+ WKPageSetPageNavigationClient(webView.page(), &loaderClient.base);
+
+ WKRetainPtr<WKURLRef> url = "" "html"));
+ WKPageLoadURL(webView.page(), url.get());
+ Util::run(&loadBeforeCrash);
+
+ EXPECT_FALSE(!WKPageGetMainFrame(webView.page()));
+
+ WKRetainPtr<WKStringRef> _javascript_String(AdoptWK, WKStringCreateWithUTF8CString("frames[2].focus()"));
+ WKPageRunJavaScriptInMainFrame(webView.page(), _javascript_String.get(), 0, nullJavaScriptCallback);
+
+ while (!WKPageGetFocusedFrame(webView.page()))
+ Util::spinRunLoop(10);
+
+ kill(WKPageGetProcessIdentifier(webView.page()), 9);
+
+ Util::run(&calledCrashHandler);
+}
+
+TEST(WebKit, FrameSetLargestFramAfterCrash)
+{
+ WKRetainPtr<WKContextRef> context(AdoptWK, WKContextCreateWithConfiguration(nullptr));
+ PlatformWebView webView(context.get());
+
+ WKPageNavigationClientV0 loaderClient;
+ memset(&loaderClient, 0, sizeof(loaderClient));
+
+ loaderClient.base.version = 0;
+ loaderClient.didFinishNavigation = didFinishLoad;
+ loaderClient.webProcessDidCrash = didCrashCheckFrames;
+
+ WKPageSetPageNavigationClient(webView.page(), &loaderClient.base);
+
+ WKRetainPtr<WKURLRef> baseURL = adoptWK(WKURLCreateWithUTF8CString("about:blank"));
+ WKRetainPtr<WKStringRef> htmlString = Util::toWK("<frameset cols='25%,*,25%'><frame src=''><frame src=''><frame src=''></frameset>");
+
+ WKPageLoadHTMLString(webView.page(), htmlString.get(), baseURL.get());
+ Util::run(&loadBeforeCrash);
+
+ EXPECT_FALSE(!WKPageGetMainFrame(webView.page()));
+
+ while (!WKPageGetFrameSetLargestFrame(webView.page()))
+ Util::spinRunLoop(10);
+
+ kill(WKPageGetProcessIdentifier(webView.page()), 9);
+
+ Util::run(&calledCrashHandler);
+}
+
} // namespace TestWebKitAPI
#endif
