Branch: refs/heads/main
Home: https://github.com/WebKit/WebKit
Commit: 55d646f09dd877b9e8ed4bd63c151b6924e209c6
https://github.com/WebKit/WebKit/commit/55d646f09dd877b9e8ed4bd63c151b6924e209c6
Author: Chris Dumez <[email protected]>
Date: 2026-02-23 (Mon, 23 Feb 2026)
Changed paths:
M Source/WebKit/NetworkProcess/NetworkSession.cpp
M Source/WebKit/NetworkProcess/NetworkSession.h
M Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm
Log Message:
-----------
Crash under WebKit::NetworkDataTaskCocoa::resume()
https://bugs.webkit.org/show_bug.cgi?id=308508
rdar://170486189
Reviewed by Sihui Liu.
During ~NetworkSession, the NetworkLoadScheduler is destroyed, and
HostContext::~HostContext flushes pending loads by calling
NetworkLoad::start(), which calls NetworkDataTaskCocoa::resume(). That
method does downcast<NetworkSessionCocoa>(*m_session), but the
NetworkSessionCocoa subclass has already been destroyed (only the
NetworkSession base remains), so the downcast fails and crashes.
The fix adds an early return in NetworkDataTaskCocoa::resume() when the
session is null or invalidated so that we don't attempt to start a network
load when the network session is gone or in the middle of destruction.
* Source/WebKit/NetworkProcess/NetworkSession.cpp:
(WebKit::NetworkSession::invalidateAndCancel):
* Source/WebKit/NetworkProcess/NetworkSession.h:
(WebKit::NetworkSession::isInvalidated const):
* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
(WebKit::NetworkDataTaskCocoa::resume):
Canonical link: https://commits.webkit.org/308100@main
To unsubscribe from these emails, change your notification settings at
https://github.com/WebKit/WebKit/settings/notifications
