Branch: refs/heads/main Home: https://github.com/WebKit/WebKit Commit: 96230945f879c8a4188fd341a56841c79e986378 https://github.com/WebKit/WebKit/commit/96230945f879c8a4188fd341a56841c79e986378 Author: Jer Noble <jer.no...@apple.com> Date: 2023-02-28 (Tue, 28 Feb 2023)
Changed paths: M Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm Log Message: ----------- CRASH: GPUP at -[WebCoreNSURLSessionDataTask _cancel] https://bugs.webkit.org/show_bug.cgi?id=253044 rdar://94878533 Reviewed by Eric Carlson. -[WebCoreNSURLSessionDataTask session] currently converts a WeakObjC pointer (safely) into a RetainPtr, then returns a raw pointer from that RetainPtr. The RetainPtr is destroyed after returning, which reduces the retain count. It is then stored into a RetainPtr again by the caller inside -_cancel; Meanwhile, on another thread, the WebCoreNSURLSession can be released by the system, leaving an opportunity to release the WebCoreNSURLSession and reduce it's retain count to zero in between the two RetainPtr calls on the main thread, leading to the client retaining a dealloc'd object. Instead, -session should return an autorelease()'d pointer, thereby ensuring the session is retained long enough for the client to retain it. This will increase retain-count churn, but will also guarantee the object cannot be destroyed on a background thread while it's still being used on the main thread. * Source/WebCore/platform/network/cocoa/WebCoreNSURLSession.mm: (-[WebCoreNSURLSessionDataTask session]): Canonical link: https://commits.webkit.org/260941@main _______________________________________________ webkit-changes mailing list webkit-changes@lists.webkit.org https://lists.webkit.org/mailman/listinfo/webkit-changes