[webkit-changes] [WebKit/WebKit] c5617f: Crash when ResponsivenessTimer fires

Tue, 03 Dec 2024 12:23:26 -0800 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: c5617f4184ab9289950d98b59eb5803d405edf6e
      
https://github.com/WebKit/WebKit/commit/c5617f4184ab9289950d98b59eb5803d405edf6e
  Author: Chris Dumez <[email protected]>
  Date:   2024-12-03 (Tue, 03 Dec 2024)

  Changed paths:
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp
    M Source/WebKit/UIProcess/AuxiliaryProcessProxy.h
    M Source/WebKit/UIProcess/ResponsivenessTimer.cpp
    M Source/WebKit/UIProcess/ResponsivenessTimer.h

  Log Message:
  -----------
  Crash when ResponsivenessTimer fires
https://bugs.webkit.org/show_bug.cgi?id=283948
rdar://140572152

Reviewed by Darin Adler and Brady Eidson.

I recently made it so that RunLoop::Timer will protect the object it is calling
the "timeout" function on, either via a RefPtr or a CheckedPtr. Given that
ResponsivenessTimer subclassed CanMakeCheckedPtr, it would use a CheckedPtr.

As a speculative fix for the crash, make ResponsivenessTimer RefCounted. As a
result, RunLoop::Timer will now ref the ResponsivenessTimer before calling
`timerFired()` on it, which should be safer than a CheckedPtr. One could
imagine `timerFired()` causing the ResponsivenessTimer to get destroyed
otherwise, since it calls some client functions.

* Source/WebKit/UIProcess/AuxiliaryProcessProxy.cpp:
(WebKit::AuxiliaryProcessProxy::stopResponsivenessTimer):
(WebKit::AuxiliaryProcessProxy::startResponsivenessTimer):
* Source/WebKit/UIProcess/AuxiliaryProcessProxy.h:
(WebKit::AuxiliaryProcessProxy::protectedResponsivenessTimer):
(WebKit::AuxiliaryProcessProxy::protectedResponsivenessTimer const):
(WebKit::AuxiliaryProcessProxy::checkedResponsivenessTimer): Deleted.
(WebKit::AuxiliaryProcessProxy::checkedResponsivenessTimer const): Deleted.
* Source/WebKit/UIProcess/ResponsivenessTimer.h:
(WebKit::ResponsivenessTimer::ref const):
(WebKit::ResponsivenessTimer::deref const):

Canonical link: https://commits.webkit.org/287301@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to