Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 96230945f879c8a4188fd341a56841c79e986378
https://github.com/WebKit/WebKit/commit/96230945f879c8a4188fd341a56841c79e986378
Author: Jer Noble <jer.no...@apple.com>
Date: 2023-02-28 (Tue, 28 Feb 2023)
Changed paths:
M Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm
Log Message:
-----------
CRASH: GPUP at -[WebCoreNSURLSessionDataTask _cancel]
https://bugs.webkit.org/show_bug.cgi?id=253044
rdar://94878533
Reviewed by Eric Carlson.
-[WebCoreNSURLSessionDataTask session] currently converts a WeakObjC pointer
(safely) into
a RetainPtr, then returns a raw pointer from that RetainPtr. The RetainPtr is
destroyed after
returning, which reduces the retain count. It is then stored into a RetainPtr
again by the
caller inside -_cancel;
Meanwhile, on another thread, the WebCoreNSURLSession can be released by the
system, leaving
an opportunity to release the WebCoreNSURLSession and reduce it's retain count
to zero in
between the two RetainPtr calls on the main thread, leading to the client
retaining a dealloc'd
object.
Instead, -session should return an autorelease()'d pointer, thereby ensuring
the session is
retained long enough for the client to retain it. This will increase
retain-count churn, but
will also guarantee the object cannot be destroyed on a background thread while
it's still
being used on the main thread.
* Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm:
(-[WebCoreNSURLSessionDataTask session]):
Canonical link: https://commits.webkit.org/260941@main
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes
