Skip to site navigation (Press enter)

[webkit-changes] [255132] trunk/Source/WebKit

darin Sun, 26 Jan 2020 14:17:25 -0800

Title: [255132] trunk/Source/WebKit

Revision: 255132
Author: [email protected]
Date: 2020-01-26 14:15:17 -0800 (Sun, 26 Jan 2020)

Log Message

Protect against crashes during WKWebView init function when methods are called before the view is fully initialized
https://bugs.webkit.org/show_bug.cgi?id=206799
rdar://problem/58871371


Reviewed by Sam Weinig.

Part way through creating WKWebView, some methods can be called and they need to be careful
not to use anything that may not be initialized yet.

* UIProcess/API/Cocoa/WKWebView.mm:
(-[WKWebView dealloc]): Check _page for null, since this might happen if the superclass's
init method returned nil.

* UIProcess/API/ios/WKWebViewIOS.mm:
(-[WKWebView _frameOrBoundsChanged]): Check _page for null, since this might be called
before object initialization is complete.
(-[WKWebView setSemanticContentAttribute:]): Ditto.

* UIProcess/API/mac/WKWebViewMac.mm:
(-[WKWebView setFrameSize:]): Check _impl for null since this might be called before
oject initialization is complete.
(-[WKWebView setUserInterfaceLayoutDirection:]): Ditto.
(-[WKWebView renewGState]): Ditto.

Modified Paths

trunk/Source/WebKit/ChangeLog
trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm
trunk/Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm
trunk/Source/WebKit/UIProcess/API/mac/WKWebViewMac.mm

Diff

Modified: trunk/Source/WebKit/ChangeLog (255131 => 255132)


--- trunk/Source/WebKit/ChangeLog	2020-01-26 21:35:32 UTC (rev 255131)
+++ trunk/Source/WebKit/ChangeLog	2020-01-26 22:15:17 UTC (rev 255132)
@@ -1,3 +1,29 @@
+2020-01-26  Darin Adler  <[email protected]>
+
+        Protect against crashes during WKWebView init function when methods are called before the view is fully initialized
+        https://bugs.webkit.org/show_bug.cgi?id=206799
+        rdar://problem/58871371
+
+        Reviewed by Sam Weinig.
+
+        Part way through creating WKWebView, some methods can be called and they need to be careful
+        not to use anything that may not be initialized yet.
+
+        * UIProcess/API/Cocoa/WKWebView.mm:
+        (-[WKWebView dealloc]): Check _page for null, since this might happen if the superclass's
+        init method returned nil.
+
+        * UIProcess/API/ios/WKWebViewIOS.mm:
+        (-[WKWebView _frameOrBoundsChanged]): Check _page for null, since this might be called
+        before object initialization is complete.
+        (-[WKWebView setSemanticContentAttribute:]): Ditto.
+
+        * UIProcess/API/mac/WKWebViewMac.mm:
+        (-[WKWebView setFrameSize:]): Check _impl for null since this might be called before
+        oject initialization is complete.
+        (-[WKWebView setUserInterfaceLayoutDirection:]): Ditto.
+        (-[WKWebView renewGState]): Ditto.
+
 2020-01-26  Said Abou-Hallawa  <[email protected]>
 
         Throttling requestAnimationFrame should be controlled by RenderingUpdateScheduler

Modified: trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm (255131 => 255132)


--- trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm	2020-01-26 21:35:32 UTC (rev 255131)
+++ trunk/Source/WebKit/UIProcess/API/Cocoa/WKWebView.mm	2020-01-26 22:15:17 UTC (rev 255132)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -591,11 +591,12 @@
 #if PLATFORM(IOS_FAMILY)
     [_contentView _webViewDestroyed];
 
-    if (_remoteObjectRegistry)
+    if (_page && _remoteObjectRegistry)
         _page->process().processPool().removeMessageReceiver(Messages::RemoteObjectRegistry::messageReceiverName(), _page->identifier());
 #endif
 
-    _page->close();
+    if (_page)
+        _page->close();
 
 #if PLATFORM(IOS_FAMILY)
     [_remoteObjectRegistry _invalidate];
@@ -606,7 +607,8 @@
     CFNotificationCenterRemoveObserver(CFNotificationCenterGetDarwinNotifyCenter(), (__bridge const void *)(self), (CFStringRef)[NSString stringWithUTF8String:kGSEventHardwareKeyboardAvailabilityChangedNotification], nullptr);
 #endif
 
-    pageToViewMap().remove(_page.get());
+    if (_page)
+        pageToViewMap().remove(_page.get());
 
     [super dealloc];
 }

Modified: trunk/Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm (255131 => 255132)


--- trunk/Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm	2020-01-26 21:35:32 UTC (rev 255131)
+++ trunk/Source/WebKit/UIProcess/API/ios/WKWebViewIOS.mm	2020-01-26 22:15:17 UTC (rev 255132)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -1759,8 +1759,10 @@
             [self _dispatchSetMaximumUnobscuredSize:WebCore::FloatSize(bounds.size)];
 
         BOOL sizeChanged = NO;
-        if (auto drawingArea = _page->drawingArea())
-            sizeChanged = drawingArea->setSize(WebCore::IntSize(bounds.size));
+        if (_page) {
+            if (auto drawingArea = _page->drawingArea())
+                sizeChanged = drawingArea->setSize(WebCore::IntSize(bounds.size));
+        }
 
         if (sizeChanged & [self usesStandardContentView])
             [_contentView setSizeChangedSinceLastVisibleContentRectUpdate:YES];
@@ -2378,7 +2380,8 @@
 {
     [super setSemanticContentAttribute:contentAttribute];
 
-    _page->setUserInterfaceLayoutDirection(toUserInterfaceLayoutDirection(contentAttribute));
+    if (_page)
+        _page->setUserInterfaceLayoutDirection(toUserInterfaceLayoutDirection(contentAttribute));
 }
 
 @end

Modified: trunk/Source/WebKit/UIProcess/API/mac/WKWebViewMac.mm (255131 => 255132)


--- trunk/Source/WebKit/UIProcess/API/mac/WKWebViewMac.mm	2020-01-26 21:35:32 UTC (rev 255131)
+++ trunk/Source/WebKit/UIProcess/API/mac/WKWebViewMac.mm	2020-01-26 22:15:17 UTC (rev 255132)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2014-2019 Apple Inc. All rights reserved.
+ * Copyright (C) 2014-2020 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -135,14 +135,15 @@
 {
     [super setFrameSize:size];
     [_safeBrowsingWarning setFrame:self.bounds];
-    _impl->setFrameSize(NSSizeToCGSize(size));
+    if (_impl)
+        _impl->setFrameSize(NSSizeToCGSize(size));
 }
 
 - (void)setUserInterfaceLayoutDirection:(NSUserInterfaceLayoutDirection)userInterfaceLayoutDirection
 {
     [super setUserInterfaceLayoutDirection:userInterfaceLayoutDirection];
-
-    _impl->setUserInterfaceLayoutDirection(userInterfaceLayoutDirection);
+    if (_impl)
+        _impl->setUserInterfaceLayoutDirection(userInterfaceLayoutDirection);
 }
 
 ALLOW_DEPRECATED_IMPLEMENTATIONS_BEGIN
@@ -149,7 +150,8 @@
 - (void)renewGState
 ALLOW_DEPRECATED_IMPLEMENTATIONS_END
 {
-    _impl->renewGState();
+    if (_impl)
+        _impl->renewGState();
     [super renewGState];
 }

_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes