[webkit-changes] [WebKit/WebKit] 15fd2f: Cherry-pick 308947@main (4d71f0dd2f9b). https://bu...

Tue, 10 Mar 2026 06:48:13 -0700 

  Branch: refs/heads/webkitglib/2.52
  Home:   https://github.com/WebKit/WebKit
  Commit: 15fd2f11b285ed6ef855b46fb18f3eb612ceed13
      
https://github.com/WebKit/WebKit/commit/15fd2f11b285ed6ef855b46fb18f3eb612ceed13
  Author: Sihui Liu <[email protected]>
  Date:   2026-03-10 (Tue, 10 Mar 2026)

  Changed paths:
    M Source/WebKit/UIProcess/WebPageProxy.cpp

  Log Message:
  -----------
  Cherry-pick 308947@main (4d71f0dd2f9b). 
https://bugs.webkit.org/show_bug.cgi?id=309387

    WebPageProxy should ignore DidFailLoadForFrame message from non-loading 
process
    https://bugs.webkit.org/show_bug.cgi?id=309387
    rdar://168795695

    Reviewed by Per Arne Vollan.

    Message check for `frame->frameLoadState().state()` in 
`WebPageProxy::didChangeProvisionalURLForFrameShared` sometimes
    fails even though the process is not malicius. According to system logs 
when the crash reproduces, there is a chance
    that frame state is updated by a non-loading web process during provisional 
load. Here is the flow:
    1. WebProcess1 asks UIProcess for navigation decision for a load.
    2. UIProcess decides this load needs to continue in WebProcess2: it tells 
WebProcess1 to cancel the load and tells
    WebProcess2 to load.
    3. UIProcess receives `DidChangeProvisionalURLForFrame` from WebProcess2, 
and sets frame state to `Provisional`.
    4. UIProcess receives `DidFailLoadForFrame` from WebProcess2, and sets 
frame state to `Finished`.
    5. UIProcess receives `DidChangeProvisionalURLForFrame` from WebProcess1, 
and message check fails as state is not
    `Provisional`.

    There is a race between step 3 and 4. If step 4 happens first, then we 
won't see the message check failure; but there is
    no gurantee about the ordering. To fix this, make sure `WebPageProxy` 
validates the sender process before proceeding
    with `DidFailLoadForFrame` operation. We already have a similar check in 
`WebPageProxy::didFailProvisionalLoadForFrame`.

    * Source/WebKit/UIProcess/WebPageProxy.cpp:
    (WebKit::WebPageProxy::didFailLoadForFrame):

    Canonical link: https://commits.webkit.org/308947@main

Canonical link: https://commits.webkit.org/305877.177@webkitglib/2.52



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to