Title: [270100] releases/WebKitGTK/webkit-2.30/Source/WebKit
- Revision
- 270100
- Author
- [email protected]
- Date
- 2020-11-20 02:47:27 -0800 (Fri, 20 Nov 2020)
Log Message
Merge r270021 - Protect WebSocketChannel before calling client methods
https://bugs.webkit.org/show_bug.cgi?id=216791
Patch by Carlos Garcia Campos <[email protected]> on 2020-11-19
Reviewed by Youenn Fablet.
Ensure we keep a reference to the WebSocketChannel before calling client methods that might close the channel.
* WebProcess/Network/WebSocketChannel.cpp:
(WebKit::WebSocketChannel::close):
(WebKit::WebSocketChannel::fail):
(WebKit::WebSocketChannel::didClose):
(WebKit::WebSocketChannel::resume):
Modified Paths
Diff
Modified: releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog (270099 => 270100)
--- releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog 2020-11-20 10:40:58 UTC (rev 270099)
+++ releases/WebKitGTK/webkit-2.30/Source/WebKit/ChangeLog 2020-11-20 10:47:27 UTC (rev 270100)
@@ -1,3 +1,18 @@
+2020-11-19 Carlos Garcia Campos <[email protected]>
+
+ Protect WebSocketChannel before calling client methods
+ https://bugs.webkit.org/show_bug.cgi?id=216791
+
+ Reviewed by Youenn Fablet.
+
+ Ensure we keep a reference to the WebSocketChannel before calling client methods that might close the channel.
+
+ * WebProcess/Network/WebSocketChannel.cpp:
+ (WebKit::WebSocketChannel::close):
+ (WebKit::WebSocketChannel::fail):
+ (WebKit::WebSocketChannel::didClose):
+ (WebKit::WebSocketChannel::resume):
+
2020-11-13 Miguel Gomez <[email protected]>
[GTK][WPE] CSS backdrop overlay corners are not rounded on results.webkit.org
Modified: releases/WebKitGTK/webkit-2.30/Source/WebKit/WebProcess/Network/WebSocketChannel.cpp (270099 => 270100)
--- releases/WebKitGTK/webkit-2.30/Source/WebKit/WebProcess/Network/WebSocketChannel.cpp 2020-11-20 10:40:58 UTC (rev 270099)
+++ releases/WebKitGTK/webkit-2.30/Source/WebKit/WebProcess/Network/WebSocketChannel.cpp 2020-11-20 10:47:27 UTC (rev 270100)
@@ -198,6 +198,9 @@
void WebSocketChannel::close(int code, const String& reason)
{
+ // An attempt to send closing handshake may fail, which will get the channel closed and dereferenced.
+ auto protectedThis = makeRef(*this);
+
m_isClosing = true;
if (m_client)
m_client->didStartClosingHandshake();
@@ -209,6 +212,9 @@
void WebSocketChannel::fail(const String& reason)
{
+ // The client can close the channel, potentially removing the last reference.
+ auto protectedThis = makeRef(*this);
+
if (m_client)
m_client->didReceiveMessageError();
@@ -322,6 +328,9 @@
m_inspector.didCloseWebSocket(m_document.get());
+ // An attempt to send closing handshake may fail, which will get the channel closed and dereferenced.
+ auto protectedThis = makeRef(*this);
+
bool receivedClosingHandshake = code != WebCore::WebSocketChannel::CloseEventCodeAbnormalClosure;
if (receivedClosingHandshake)
m_client->didStartClosingHandshake();
@@ -359,6 +368,7 @@
void WebSocketChannel::resume()
{
+ auto protectedThis = makeRef(*this);
m_isSuspended = false;
while (!m_isSuspended && !m_pendingTasks.isEmpty())
m_pendingTasks.takeFirst()();
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
