- Revision
- 272451
- Author
- [email protected]
- Date
- 2021-02-05 16:43:20 -0800 (Fri, 05 Feb 2021)
Log Message
REGRESSION(r272337): crash under WebCore::SpeechRecognizer::setInactive()
https://bugs.webkit.org/show_bug.cgi?id=221451
Patch by Sihui Liu <[email protected]> on 2021-02-05
Reviewed by Youenn Fablet.
Source/WebCore:
Stop sending final update in SpeechRecognizer's destructor and send it in prepareForDestruction() instead, so
that no update will be sent for a destroyed SpeechRecognizer.
API test: WebKit2.SpeechRecognitionWebProcessCrash.
* Modules/speech/SpeechRecognizer.cpp:
(WebCore::SpeechRecognizer::prepareForDestruction):
(WebCore::SpeechRecognizer::~SpeechRecognizer): Deleted.
* Modules/speech/SpeechRecognizer.h:
Source/WebKit:
* UIProcess/SpeechRecognitionServer.cpp:
(WebKit::SpeechRecognitionServer::handleRequest):
Tools:
* TestWebKitAPI/Tests/WebKitCocoa/SpeechRecognition.mm:
(TestWebKitAPI::TEST):
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (272450 => 272451)
--- trunk/Source/WebCore/ChangeLog 2021-02-06 00:16:20 UTC (rev 272450)
+++ trunk/Source/WebCore/ChangeLog 2021-02-06 00:43:20 UTC (rev 272451)
@@ -1,3 +1,20 @@
+2021-02-05 Sihui Liu <[email protected]>
+
+ REGRESSION(r272337): crash under WebCore::SpeechRecognizer::setInactive()
+ https://bugs.webkit.org/show_bug.cgi?id=221451
+
+ Reviewed by Youenn Fablet.
+
+ Stop sending final update in SpeechRecognizer's destructor and send it in prepareForDestruction() instead, so
+ that no update will be sent for a destroyed SpeechRecognizer.
+
+ API test: WebKit2.SpeechRecognitionWebProcessCrash.
+
+ * Modules/speech/SpeechRecognizer.cpp:
+ (WebCore::SpeechRecognizer::prepareForDestruction):
+ (WebCore::SpeechRecognizer::~SpeechRecognizer): Deleted.
+ * Modules/speech/SpeechRecognizer.h:
+
2021-02-05 Ricky Mondello <[email protected]>
Allow Password AutoFill in more text field configurations
Modified: trunk/Source/WebCore/Modules/speech/SpeechRecognizer.cpp (272450 => 272451)
--- trunk/Source/WebCore/Modules/speech/SpeechRecognizer.cpp 2021-02-06 00:16:20 UTC (rev 272450)
+++ trunk/Source/WebCore/Modules/speech/SpeechRecognizer.cpp 2021-02-06 00:43:20 UTC (rev 272451)
@@ -42,12 +42,6 @@
{
}
-SpeechRecognizer::~SpeechRecognizer()
-{
- if (m_state == State::Aborting || m_state == State::Stopping || m_state == State::Running)
- m_delegateCallback(SpeechRecognitionUpdate::create(clientIdentifier(), SpeechRecognitionUpdateType::End));
-}
-
void SpeechRecognizer::abort(Optional<SpeechRecognitionError>&& error)
{
if (m_state == State::Aborting || m_state == State::Inactive)
@@ -76,6 +70,16 @@
return m_request->clientIdentifier();
}
+void SpeechRecognizer::prepareForDestruction()
+{
+ if (m_state == State::Inactive)
+ return;
+
+ auto delegateCallback = std::exchange(m_delegateCallback, [](const SpeechRecognitionUpdate&) { });
+ delegateCallback(SpeechRecognitionUpdate::create(clientIdentifier(), SpeechRecognitionUpdateType::End));
+ m_state = State::Inactive;
+}
+
#if ENABLE(MEDIA_STREAM)
void SpeechRecognizer::start(Ref<RealtimeMediaSource>&& source, bool mockSpeechRecognitionEnabled)
Modified: trunk/Source/WebCore/Modules/speech/SpeechRecognizer.h (272450 => 272451)
--- trunk/Source/WebCore/Modules/speech/SpeechRecognizer.h 2021-02-06 00:16:20 UTC (rev 272450)
+++ trunk/Source/WebCore/Modules/speech/SpeechRecognizer.h 2021-02-06 00:43:20 UTC (rev 272451)
@@ -45,7 +45,6 @@
public:
using DelegateCallback = Function<void(const SpeechRecognitionUpdate&)>;
WEBCORE_EXPORT explicit SpeechRecognizer(DelegateCallback&&, UniqueRef<SpeechRecognitionRequest>&&);
- WEBCORE_EXPORT ~SpeechRecognizer();
#if ENABLE(MEDIA_STREAM)
WEBCORE_EXPORT void start(Ref<RealtimeMediaSource>&&, bool mockSpeechRecognitionEnabled);
@@ -52,6 +51,7 @@
#endif
WEBCORE_EXPORT void abort(Optional<SpeechRecognitionError>&& = WTF::nullopt);
WEBCORE_EXPORT void stop();
+ WEBCORE_EXPORT void prepareForDestruction();
WEBCORE_EXPORT SpeechRecognitionConnectionClientIdentifier clientIdentifier() const;
SpeechRecognitionCaptureSource* source() { return m_source.get(); }
Modified: trunk/Source/WebKit/ChangeLog (272450 => 272451)
--- trunk/Source/WebKit/ChangeLog 2021-02-06 00:16:20 UTC (rev 272450)
+++ trunk/Source/WebKit/ChangeLog 2021-02-06 00:43:20 UTC (rev 272451)
@@ -1,3 +1,13 @@
+2021-02-05 Sihui Liu <[email protected]>
+
+ REGRESSION(r272337): crash under WebCore::SpeechRecognizer::setInactive()
+ https://bugs.webkit.org/show_bug.cgi?id=221451
+
+ Reviewed by Youenn Fablet.
+
+ * UIProcess/SpeechRecognitionServer.cpp:
+ (WebKit::SpeechRecognitionServer::handleRequest):
+
2021-02-05 Darin Adler <[email protected]>
Add missing null checks to decoding functions involving RetainPtr
Modified: trunk/Source/WebKit/UIProcess/SpeechRecognitionServer.cpp (272450 => 272451)
--- trunk/Source/WebKit/UIProcess/SpeechRecognitionServer.cpp 2021-02-06 00:16:20 UTC (rev 272450)
+++ trunk/Source/WebKit/UIProcess/SpeechRecognitionServer.cpp 2021-02-06 00:43:20 UTC (rev 272451)
@@ -81,8 +81,10 @@
void SpeechRecognitionServer::handleRequest(UniqueRef<WebCore::SpeechRecognitionRequest>&& request)
{
- if (m_recognizer)
+ if (m_recognizer) {
m_recognizer->abort(WebCore::SpeechRecognitionError { WebCore::SpeechRecognitionErrorType::Aborted, "Another request is started"_s });
+ m_recognizer->prepareForDestruction();
+ }
auto clientIdentifier = request->clientIdentifier();
m_recognizer = makeUnique<WebCore::SpeechRecognizer>([this, weakThis = makeWeakPtr(this)](auto& update) {
Modified: trunk/Tools/ChangeLog (272450 => 272451)
--- trunk/Tools/ChangeLog 2021-02-06 00:16:20 UTC (rev 272450)
+++ trunk/Tools/ChangeLog 2021-02-06 00:43:20 UTC (rev 272451)
@@ -1,3 +1,13 @@
+2021-02-05 Sihui Liu <[email protected]>
+
+ REGRESSION(r272337): crash under WebCore::SpeechRecognizer::setInactive()
+ https://bugs.webkit.org/show_bug.cgi?id=221451
+
+ Reviewed by Youenn Fablet.
+
+ * TestWebKitAPI/Tests/WebKitCocoa/SpeechRecognition.mm:
+ (TestWebKitAPI::TEST):
+
2021-02-05 Eric Carlson <[email protected]>
[Mac] Connect MediaSession with MediaRemote and NowPlaying
Modified: trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/SpeechRecognition.mm (272450 => 272451)
--- trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/SpeechRecognition.mm 2021-02-06 00:16:20 UTC (rev 272450)
+++ trunk/Tools/TestWebKitAPI/Tests/WebKitCocoa/SpeechRecognition.mm 2021-02-06 00:43:20 UTC (rev 272451)
@@ -305,4 +305,31 @@
#endif
+TEST(WebKit2, SpeechRecognitionWebProcessCrash)
+{
+ auto configuration = adoptNS([[WKWebViewConfiguration alloc] init]);
+ auto handler = adoptNS([[SpeechRecognitionMessageHandler alloc] init]);
+ [[configuration userContentController] addScriptMessageHandler:handler.get() name:@"testHandler"];
+ auto preferences = [configuration preferences];
+ preferences._mockCaptureDevicesEnabled = YES;
+ preferences._speechRecognitionEnabled = YES;
+ auto delegate = adoptNS([[SpeechRecognitionUIDelegate alloc] init]);
+ shouldGrantPermissionRequest = true;
+
+ @autoreleasepool {
+ auto webView = adoptNS([[TestWKWebView alloc] initWithFrame:CGRectMake(0, 0, 800, 600) configuration:configuration.get()]);
+ [webView setUIDelegate:delegate.get()];
+
+ receivedScriptMessage = false;
+ [webView synchronouslyLoadTestPageNamed:@"speechrecognition-basic"];
+ [webView evaluateJavaScript:@"start();" completionHandler:nil];
+ TestWebKitAPI::Util::run(&receivedScriptMessage);
+ EXPECT_WK_STREQ(@"Start", [lastScriptMessage body]);
+
+ [webView _killWebContentProcess];
+ }
+
+ TestWebKitAPI::Util::sleep(0.5);
+}
+
} // namespace TestWebKitAPI
