Title: [268910] releases/WebKitGTK/webkit-2.30/Source/WebKit
- Revision
- 268910
- Author
- [email protected]
- Date
- 2020-10-23 01:25:31 -0700 (Fri, 23 Oct 2020)
Log Message
Merge r268906 - [SOUP] Fix crash in WebSocketTask
https://bugs.webkit.org/show_bug.cgi?id=217892
Patch by Michael Catanzaro <[email protected]> on 2020-10-23
Reviewed by Carlos Garcia Campos.
The WebSocketTask connects to the "starting" signal of its SoupMessage and never disconnects
this signal, which is only safe if it is guaranteed to outlive its SoupMessage. However, it
is not. We crash when the signal is emitted after the WebSocketTask is destroyed. To solve
this, we just need to disconnect the signal when required. Normally that would be done in
the destructor, but the WebSocketTask drops its ownership of the SoupMessage prior to that
point, so we need to disconnect on each possible paths.
* NetworkProcess/soup/WebSocketTaskSoup.cpp:
(WebKit::WebSocketTask::~WebSocketTask):
(WebKit::WebSocketTask::didConnect):
(WebKit::WebSocketTask::didFail):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog (268909 => 268910)
--- releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog 2020-10-23 08:25:27 UTC (rev 268909)
+++ releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog 2020-10-23 08:25:31 UTC (rev 268910)
@@ -1,3 +1,22 @@
+2020-10-23 Michael Catanzaro <[email protected]>
+
+ [SOUP] Fix crash in WebSocketTask
+ https://bugs.webkit.org/show_bug.cgi?id=217892
+
+ Reviewed by Carlos Garcia Campos.
+
+ The WebSocketTask connects to the "starting" signal of its SoupMessage and never disconnects
+ this signal, which is only safe if it is guaranteed to outlive its SoupMessage. However, it
+ is not. We crash when the signal is emitted after the WebSocketTask is destroyed. To solve
+ this, we just need to disconnect the signal when required. Normally that would be done in
+ the destructor, but the WebSocketTask drops its ownership of the SoupMessage prior to that
+ point, so we need to disconnect on each possible paths.
+
+ * NetworkProcess/soup/WebSocketTaskSoup.cpp:
+ (WebKit::WebSocketTask::~WebSocketTask):
+ (WebKit::WebSocketTask::didConnect):
+ (WebKit::WebSocketTask::didFail):
+
2020-10-10 Adrian Perez de Castro <[email protected]>
[GTK] Build broken with ENABLE_GAMEPAD enabled
Modified: releases/WebKitGTK/webkit-2.30/Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp (268909 => 268910)
--- releases/WebKitGTK/webkit-2.30/Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp 2020-10-23 08:25:27 UTC (rev 268909)
+++ releases/WebKitGTK/webkit-2.30/Source/WebKit/NetworkProcess/soup/WebSocketTaskSoup.cpp 2020-10-23 08:25:31 UTC (rev 268910)
@@ -89,6 +89,9 @@
WebSocketTask::~WebSocketTask()
{
+ if (m_handshakeMessage)
+ g_signal_handlers_disconnect_by_data(m_handshakeMessage.get(), this);
+
cancel();
}
@@ -133,6 +136,7 @@
WebCore::ResourceResponse response;
response.updateFromSoupMessage(m_handshakeMessage.get());
m_channel.didReceiveHandshakeResponse(WTFMove(response));
+ g_signal_handlers_disconnect_by_data(m_handshakeMessage.get(), this);
m_handshakeMessage = nullptr;
}
@@ -172,6 +176,7 @@
WebCore::ResourceResponse response;
response.updateFromSoupMessage(m_handshakeMessage.get());
m_channel.didReceiveHandshakeResponse(WTFMove(response));
+ g_signal_handlers_disconnect_by_data(m_handshakeMessage.get(), this);
m_handshakeMessage = nullptr;
}
m_channel.didReceiveMessageError(errorMessage);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
