Title: [270021] trunk/Source/WebKit
- Revision
- 270021
- Author
- [email protected]
- Date
- 2020-11-19 04:59:21 -0800 (Thu, 19 Nov 2020)
Log Message
Protect WebSocketChannel before calling client methods
https://bugs.webkit.org/show_bug.cgi?id=216791
Patch by Carlos Garcia Campos <[email protected]> on 2020-11-19
Reviewed by Youenn Fablet.
Ensure we keep a reference to the WebSocketChannel before calling client methods that might close the channel.
* WebProcess/Network/WebSocketChannel.cpp:
(WebKit::WebSocketChannel::close):
(WebKit::WebSocketChannel::fail):
(WebKit::WebSocketChannel::didClose):
(WebKit::WebSocketChannel::resume):
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (270020 => 270021)
--- trunk/Source/WebKit/ChangeLog 2020-11-19 12:24:40 UTC (rev 270020)
+++ trunk/Source/WebKit/ChangeLog 2020-11-19 12:59:21 UTC (rev 270021)
@@ -1,3 +1,18 @@
+2020-11-19 Carlos Garcia Campos <[email protected]>
+
+ Protect WebSocketChannel before calling client methods
+ https://bugs.webkit.org/show_bug.cgi?id=216791
+
+ Reviewed by Youenn Fablet.
+
+ Ensure we keep a reference to the WebSocketChannel before calling client methods that might close the channel.
+
+ * WebProcess/Network/WebSocketChannel.cpp:
+ (WebKit::WebSocketChannel::close):
+ (WebKit::WebSocketChannel::fail):
+ (WebKit::WebSocketChannel::didClose):
+ (WebKit::WebSocketChannel::resume):
+
2020-11-18 Megan Gardner <[email protected]>
Menu Bar support for app highlights in book.
Modified: trunk/Source/WebKit/WebProcess/Network/WebSocketChannel.cpp (270020 => 270021)
--- trunk/Source/WebKit/WebProcess/Network/WebSocketChannel.cpp 2020-11-19 12:24:40 UTC (rev 270020)
+++ trunk/Source/WebKit/WebProcess/Network/WebSocketChannel.cpp 2020-11-19 12:59:21 UTC (rev 270021)
@@ -197,6 +197,9 @@
void WebSocketChannel::close(int code, const String& reason)
{
+ // An attempt to send closing handshake may fail, which will get the channel closed and dereferenced.
+ auto protectedThis = makeRef(*this);
+
m_isClosing = true;
if (m_client)
m_client->didStartClosingHandshake();
@@ -211,6 +214,9 @@
void WebSocketChannel::fail(const String& reason)
{
+ // The client can close the channel, potentially removing the last reference.
+ auto protectedThis = makeRef(*this);
+
logErrorMessage(reason);
if (m_client)
m_client->didReceiveMessageError();
@@ -327,6 +333,9 @@
m_inspector.didReceiveWebSocketFrame(m_document.get(), closingFrame);
m_inspector.didCloseWebSocket(m_document.get());
+ // An attempt to send closing handshake may fail, which will get the channel closed and dereferenced.
+ auto protectedThis = makeRef(*this);
+
bool receivedClosingHandshake = code != WebCore::WebSocketChannel::CloseEventCodeAbnormalClosure;
if (receivedClosingHandshake)
m_client->didStartClosingHandshake();
@@ -375,6 +384,7 @@
void WebSocketChannel::resume()
{
+ auto protectedThis = makeRef(*this);
m_isSuspended = false;
while (!m_isSuspended && !m_pendingTasks.isEmpty())
m_pendingTasks.takeFirst()();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
