[webkit-changes] [WebKit/WebKit] 651200: [Site Isolation] Safari crashed after typing rando...

Tue, 26 May 2026 11:13:35 -0700 

  Branch: refs/heads/main
  Home:   https://github.com/WebKit/WebKit
  Commit: 6512004572e0ba805b5cbf7b4960d7a6d195ed2b
      
https://github.com/WebKit/WebKit/commit/6512004572e0ba805b5cbf7b4960d7a6d195ed2b
  Author: Rupin Mittal <[email protected]>
  Date:   2026-05-26 (Tue, 26 May 2026)

  Changed paths:
    M Source/WebKit/UIProcess/WebProcessPool.cpp

  Log Message:
  -----------
  [Site Isolation] Safari crashed after typing random characters in the smart 
search field and searching
https://bugs.webkit.org/show_bug.cgi?id=315465
rdar://176228268

Reviewed by Alex Christensen.

Safari crashes after kicking off a search because we hit this release assert in
WebPageProxy::continueNavigationInNewProcess():

RELEASE_ASSERT(!newProcess->isInProcessCache());

In WebProcessPool::processForNavigation(), when site isolation is enabled, we
ask the BrowsingContextGroup if there is already a process for this site. If so,
and the process is not in the process cache, this is the site we'll use for the
navigation. But we don't return it immediately. We first async IPC to the 
network
process to addAllowedFirstPartyForCookies, and we return the process when we
receive the IPC reply. The completion handler which returns the process is where
we hit the release assert.

The fact that the chosen process was not in the process cache before the async
IPC is sent, but is in the cache by the time the IPC reply is received means
that something caused the process to be put in the cache in the meantime.

If we intend to use a process for a navigation, we should ensure that it isn't
cached before our navigation completes. So we fix this by calling
shutdownPreventingScope() on the process before the async IPC is sent and 
holding
the token until the reply is received. This ensures that if
WebProcessProxy::maybeShutDown() is called before the IPC reply arrives, that
canTerminateAuxiliaryProcess() returns false and the process won't be cached.

No test as this is a speculative fix.

* Source/WebKit/UIProcess/WebProcessPool.cpp:
(WebKit::WebProcessPool::processForNavigation):

Canonical link: https://commits.webkit.org/313901@main



To unsubscribe from these emails, change your notification settings at 
https://github.com/WebKit/WebKit/settings/notifications

Reply via email to