Title: [183572] trunk/Tools
- Revision
- 183572
- Author
- [email protected]
- Date
- 2015-04-29 12:55:34 -0700 (Wed, 29 Apr 2015)
Log Message
Use-after-free when invalidating WKPageForceRepaint callback
https://bugs.webkit.org/show_bug.cgi?id=144401
rdar://problem/20741111
Reviewed by Tim Horton.
* WebKitTestRunner/TestController.h: (WTR::TestController::isCurrentInvocation): Added.
* WebKitTestRunner/TestInvocation.cpp: (WTR::TestInvocation::forceRepaintDoneCallback):
Don't do anything on error, because the context may be a stale pointer now.
Modified Paths
Diff
Modified: trunk/Tools/ChangeLog (183571 => 183572)
--- trunk/Tools/ChangeLog 2015-04-29 19:53:00 UTC (rev 183571)
+++ trunk/Tools/ChangeLog 2015-04-29 19:55:34 UTC (rev 183572)
@@ -1,3 +1,16 @@
+2015-04-29 Alexey Proskuryakov <[email protected]>
+
+ Use-after-free when invalidating WKPageForceRepaint callback
+ https://bugs.webkit.org/show_bug.cgi?id=144401
+ rdar://problem/20741111
+
+ Reviewed by Tim Horton.
+
+ * WebKitTestRunner/TestController.h: (WTR::TestController::isCurrentInvocation): Added.
+
+ * WebKitTestRunner/TestInvocation.cpp: (WTR::TestInvocation::forceRepaintDoneCallback):
+ Don't do anything on error, because the context may be a stale pointer now.
+
2015-04-29 David Kilzer <[email protected]>
check-webkit-style: Don't complain about returning value from Objective-C method call in header
Modified: trunk/Tools/WebKitTestRunner/TestController.h (183571 => 183572)
--- trunk/Tools/WebKitTestRunner/TestController.h 2015-04-29 19:53:00 UTC (rev 183571)
+++ trunk/Tools/WebKitTestRunner/TestController.h 2015-04-29 19:55:34 UTC (rev 183572)
@@ -117,6 +117,8 @@
void setShouldLogHistoryClientCallbacks(bool shouldLog) { m_shouldLogHistoryClientCallbacks = shouldLog; }
+ bool isCurrentInvocation(TestInvocation* invocation) const { return invocation == m_currentInvocation.get(); }
+
private:
void initialize(int argc, const char* argv[]);
void createWebViewWithOptions(WKDictionaryRef);
Modified: trunk/Tools/WebKitTestRunner/TestInvocation.cpp (183571 => 183572)
--- trunk/Tools/WebKitTestRunner/TestInvocation.cpp 2015-04-29 19:53:00 UTC (rev 183571)
+++ trunk/Tools/WebKitTestRunner/TestInvocation.cpp 2015-04-29 19:55:34 UTC (rev 183572)
@@ -245,9 +245,15 @@
fflush(stderr);
}
-void TestInvocation::forceRepaintDoneCallback(WKErrorRef, void* context)
+void TestInvocation::forceRepaintDoneCallback(WKErrorRef error, void* context)
{
+ // The context may not be valid any more, e.g. if WebKit is invalidating callbacks at process exit.
+ if (error)
+ return;
+
TestInvocation* testInvocation = static_cast<TestInvocation*>(context);
+ RELEASE_ASSERT(TestController::singleton().isCurrentInvocation(testInvocation));
+
testInvocation->m_gotRepaint = true;
TestController::singleton().notifyDone();
}
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
