[webkit-changes] [WebKit/WebKit] 9ff5a3: Add nullptr check for ProcessLauncher client

Tue, 20 Feb 2024 09:28:56 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 9ff5a32ea773d660f731a47c326ac36896ac7ced
      
https://github.com/WebKit/WebKit/commit/9ff5a32ea773d660f731a47c326ac36896ac7ced
  Author: Per Arne Vollan <[email protected]>
  Date:   2024-02-20 (Tue, 20 Feb 2024)

  Changed paths:
    M Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm

  Log Message:
  -----------
  Add nullptr check for ProcessLauncher client
https://bugs.webkit.org/show_bug.cgi?id=269759
rdar://122995875

Reviewed by Brent Fulgham.

This patch fixes a null pointer dereference crash that was introduced in 
<https://commits.webkit.org/274390@main>.
The commit 274390@main introduced a race condition by holding a reference to 
the Process launcher in the completion
handler for starting WebKit extension processes. This reference was held 
througout the duration of the completion
handler. This meant that on rare occasions, the Process launcher could be 
deleted at the end of the completion
handler, instead of in the AuxiliaryProcessProxy destructor, where it normally 
is invalidated and deleted. The
lambda to finish the launch scheduled from the completion handler on the main 
thread could then end up having a
Process launcher that was invalidated but not deallocated. When the Process 
launcher is invalidated, the m_client
member is set to nullptr. This member is later dereferenced in 
ProcessLauncher::finishLaunchingProcess, and caused
a null pointer crash in this case. This patch is fixing the crash by reverting 
the change in 274390@main that
introduced the crash as well as adding a null pointer check for m_client, to 
guard against this race being
reintroduced in the future.

* Source/WebKit/UIProcess/Launcher/cocoa/ProcessLauncherCocoa.mm:
(WebKit::ProcessLauncher::launchProcess):

Canonical link: https://commits.webkit.org/275047@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to