Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 674611789255a98f96b4504c7d04034e0ae5908a
https://github.com/WebKit/WebKit/commit/674611789255a98f96b4504c7d04034e0ae5908a
Author: Chris Dumez <[email protected]>
Date: 2025-07-21 (Mon, 21 Jul 2025)
Changed paths:
M Source/WebKit/Platform/IPC/Connection.cpp
M Source/WebKit/Platform/IPC/Connection.h
Log Message:
-----------
Crash under
WTF::Detail::CallableWrapper<IPC::Connection::dispatchDidCloseAndInvalidate()::$_0,
void>::call
https://bugs.webkit.org/show_bug.cgi?id=296276
rdar://156192754
Reviewed by Darin Adler.
We were holding a CheckedPtr to the IPC::Connection::Client on the stack when
calling `didClose()`. However, calling `didClose()` can cause the Client object
to get destroyed. To address the issue, hold a RefPtr to the Client object
instead.
* Source/WebKit/Platform/IPC/Connection.cpp:
(IPC::Connection::dispatchSyncMessage):
(IPC::Connection::dispatchDidReceiveInvalidMessage):
(IPC::Connection::dispatchDidCloseAndInvalidate):
(IPC::Connection::enqueueIncomingMessage):
(IPC::Connection::dispatchMessage):
* Source/WebKit/Platform/IPC/Connection.h:
(IPC::Connection::protectedClient const):
(IPC::Connection::waitForAndDispatchImmediately):
(IPC::Connection::checkedClient const): Deleted.
Canonical link: https://commits.webkit.org/297696@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
