[webkit-changes] [269281] trunk/Source/WebCore

[cdumez]

Title: [269281] trunk/Source/WebCore

Revision

269281

Author

cdu...@apple.com

Date

2020-11-02 17:15:13 -0800 (Mon, 02 Nov 2020)

Log Message

Regression(r269227) imported/w3c/web-platform-tests/service-workers/service-worker/referrer-toplevel-script-fetch.https.html is a flaky crash
https://bugs.webkit.org/show_bug.cgi?id=218468
<rdar://problem/70969071>

Reviewed by Darin Adler.

Code in ServiceWorkerContainer::ready() was queueing an event loop task and then dereferencing
scriptExecutionContext() in the task. This is no longer safe after r269227 since tasks may
still be run after ActiveDOMObjects have been stopped. To address the issue, we need to
null check the scriptExecutionContext.

No new tests, covered by existing test.

* workers/service/ServiceWorkerContainer.cpp:
(WebCore::ServiceWorkerContainer::ready):

Modified Paths

• trunk/Source/WebCore/ChangeLog
• trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp

Diff

Modified: trunk/Source/WebCore/ChangeLog (269280 => 269281)

--- trunk/Source/WebCore/ChangeLog	2020-11-03 00:59:42 UTC (rev 269280)
+++ trunk/Source/WebCore/ChangeLog	2020-11-03 01:15:13 UTC (rev 269281)
@@ -1,3 +1,21 @@
+2020-11-02  Chris Dumez  <cdu...@apple.com>
+
+        Regression(r269227) imported/w3c/web-platform-tests/service-workers/service-worker/referrer-toplevel-script-fetch.https.html is a flaky crash
+        https://bugs.webkit.org/show_bug.cgi?id=218468
+        <rdar://problem/70969071>
+
+        Reviewed by Darin Adler.
+
+        Code in ServiceWorkerContainer::ready() was queueing an event loop task and then dereferencing
+        scriptExecutionContext() in the task. This is no longer safe after r269227 since tasks may
+        still be run after ActiveDOMObjects have been stopped. To address the issue, we need to
+        null check the scriptExecutionContext.
+
+        No new tests, covered by existing test.
+
+        * workers/service/ServiceWorkerContainer.cpp:
+        (WebCore::ServiceWorkerContainer::ready):
+
 2020-11-02  Devin Rousso  <drou...@apple.com>
 
         guard UIScribbleInteraction class property observing behind a LOA check

Modified: trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp (269280 => 269281)

--- trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp	2020-11-03 00:59:42 UTC (rev 269280)
+++ trunk/Source/WebCore/workers/service/ServiceWorkerContainer.cpp	2020-11-03 01:15:13 UTC (rev 269281)
@@ -109,7 +109,10 @@
         auto& context = *scriptExecutionContext();
         ensureSWClientConnection().whenRegistrationReady(context.topOrigin().data(), context.url(), [this, protectedThis = makeRef(*this)](auto&& registrationData) mutable {
             queueTaskKeepingObjectAlive(*this, TaskSource::DOMManipulation, [this, registrationData = WTFMove(registrationData)]() mutable {
-                auto registration = ServiceWorkerRegistration::getOrCreate(*scriptExecutionContext(), *this, WTFMove(registrationData));
+                auto* context = scriptExecutionContext();
+                if (!context)
+                    return;
+                auto registration = ServiceWorkerRegistration::getOrCreate(*context, *this, WTFMove(registrationData));
                 m_readyPromise->resolve(WTFMove(registration));
             });
         });

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes