Title: [255989] trunk/Source/WebKit
- Revision
- 255989
- Author
- [email protected]
- Date
- 2020-02-06 15:35:07 -0800 (Thu, 06 Feb 2020)
Log Message
REGRESSION (r254706): Crash under WebProcessPool::terminateServiceWorkerProcess()
https://bugs.webkit.org/show_bug.cgi?id=207354
<rdar://problem/59184818>
Reviewed by Geoffrey Garen.
No new tests, not easily testable AFAIK since this happens on failure to send sync IPC to
the service worker when terminating it.
* UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::terminateServiceWorkerProcess):
'auto' resolved to 'WeakPtr<WebProcessProxy>' in this method and the call to
disableServiceWorkers() could cause the process to get destroyed. We would then
do a null dereference on the next line.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (255988 => 255989)
--- trunk/Source/WebKit/ChangeLog 2020-02-06 23:31:17 UTC (rev 255988)
+++ trunk/Source/WebKit/ChangeLog 2020-02-06 23:35:07 UTC (rev 255989)
@@ -1,5 +1,22 @@
2020-02-06 Chris Dumez <[email protected]>
+ REGRESSION (r254706): Crash under WebProcessPool::terminateServiceWorkerProcess()
+ https://bugs.webkit.org/show_bug.cgi?id=207354
+ <rdar://problem/59184818>
+
+ Reviewed by Geoffrey Garen.
+
+ No new tests, not easily testable AFAIK since this happens on failure to send sync IPC to
+ the service worker when terminating it.
+
+ * UIProcess/WebProcessPool.cpp:
+ (WebKit::WebProcessPool::terminateServiceWorkerProcess):
+ 'auto' resolved to 'WeakPtr<WebProcessProxy>' in this method and the call to
+ disableServiceWorkers() could cause the process to get destroyed. We would then
+ do a null dereference on the next line.
+
+2020-02-06 Chris Dumez <[email protected]>
+
Unreviewed, rolling out r255955.
Caused API test failures on iOS
Modified: trunk/Source/WebKit/UIProcess/WebProcessPool.cpp (255988 => 255989)
--- trunk/Source/WebKit/UIProcess/WebProcessPool.cpp 2020-02-06 23:31:17 UTC (rev 255988)
+++ trunk/Source/WebKit/UIProcess/WebProcessPool.cpp 2020-02-06 23:35:07 UTC (rev 255989)
@@ -1777,7 +1777,7 @@
{
#if ENABLE(SERVICE_WORKER)
auto protectedThis = makeRef(*this);
- if (auto process = m_serviceWorkerProcesses.get({ domain, sessionID })) {
+ if (RefPtr<WebProcessProxy> process = m_serviceWorkerProcesses.get({ domain, sessionID }).get()) {
process->disableServiceWorkers();
process->requestTermination(ProcessTerminationReason::ExceededCPULimit);
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
