Title: [194925] trunk/Source/WebKit2
- Revision
- 194925
- Author
- [email protected]
- Date
- 2016-01-12 14:06:46 -0800 (Tue, 12 Jan 2016)
Log Message
WebPageProxy should reattach to the web process before navigating
https://bugs.webkit.org/show_bug.cgi?id=153026
Reviewed by Anders Carlsson.
This fixes a crash (and lots of other corruption) when force-quitting
the web process during navigation.
Some objects (like ViewGestureController) use one-time initialization
to point to a ChildProcessProxy -- and, by design, we destroy them when
the ChildProcessProxy becomes invalid (i.e., crashes or quits).
If we navigate *before* creating a new, valid ChildProcessProxy, then
we accidentally re-create these objects pointing to the old, invalid
ChildProcessProxy.
We need to wait until we have a valid ChildProcessProxy before we
initialize these objects.
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::reattachToWebProcessWithItem): Navigate after
reattaching to the web process so that lazily allocated helper objects
point to the right ChildProcessProxy.
Modified Paths
Diff
Modified: trunk/Source/WebKit2/ChangeLog (194924 => 194925)
--- trunk/Source/WebKit2/ChangeLog 2016-01-12 21:53:21 UTC (rev 194924)
+++ trunk/Source/WebKit2/ChangeLog 2016-01-12 22:06:46 UTC (rev 194925)
@@ -1,3 +1,29 @@
+2016-01-12 Geoffrey Garen <[email protected]>
+
+ WebPageProxy should reattach to the web process before navigating
+ https://bugs.webkit.org/show_bug.cgi?id=153026
+
+ Reviewed by Anders Carlsson.
+
+ This fixes a crash (and lots of other corruption) when force-quitting
+ the web process during navigation.
+
+ Some objects (like ViewGestureController) use one-time initialization
+ to point to a ChildProcessProxy -- and, by design, we destroy them when
+ the ChildProcessProxy becomes invalid (i.e., crashes or quits).
+
+ If we navigate *before* creating a new, valid ChildProcessProxy, then
+ we accidentally re-create these objects pointing to the old, invalid
+ ChildProcessProxy.
+
+ We need to wait until we have a valid ChildProcessProxy before we
+ initialize these objects.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::reattachToWebProcessWithItem): Navigate after
+ reattaching to the web process so that lazily allocated helper objects
+ point to the right ChildProcessProxy.
+
2016-01-12 Ryosuke Niwa <[email protected]>
Add a build flag for custom element
Modified: trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp (194924 => 194925)
--- trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2016-01-12 21:53:21 UTC (rev 194924)
+++ trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp 2016-01-12 22:06:46 UTC (rev 194925)
@@ -738,15 +738,15 @@
if (m_isClosed)
return nullptr;
- if (item && item != m_backForwardList->currentItem())
- m_backForwardList->goToItem(item);
-
ASSERT(!isValid());
reattachToWebProcess();
if (!item)
return nullptr;
+ if (item != m_backForwardList->currentItem())
+ m_backForwardList->goToItem(item);
+
auto navigation = m_navigationState->createBackForwardNavigation();
m_process->send(Messages::WebPage::GoToBackForwardItem(navigation->navigationID(), item->itemID()), m_pageID);
_______________________________________________
webkit-changes mailing list
[email protected]
https://lists.webkit.org/mailman/listinfo/webkit-changes
