Changeset 194925 in webkit

Timestamp:

Jan 12, 2016 2:06:46 PM (8 years ago)

Author:

ggaren@apple.com

Message:

WebPageProxy should reattach to the web process before navigating
​https://bugs.webkit.org/show_bug.cgi?id=153026

Reviewed by Anders Carlsson.

This fixes a crash (and lots of other corruption) when force-quitting
the web process during navigation.

Some objects (like ViewGestureController) use one-time initialization
to point to a ChildProcessProxy -- and, by design, we destroy them when
the ChildProcessProxy becomes invalid (i.e., crashes or quits).

If we navigate *before* creating a new, valid ChildProcessProxy, then
we accidentally re-create these objects pointing to the old, invalid
ChildProcessProxy.

We need to wait until we have a valid ChildProcessProxy before we
initialize these objects.

• UIProcess/WebPageProxy.cpp:

(WebKit::WebPageProxy::reattachToWebProcessWithItem): Navigate after
reattaching to the web process so that lazily allocated helper objects
point to the right ChildProcessProxy.

Location:

trunk/Source/WebKit2

Files:

• ChangeLog (modified) (1 diff)
• UIProcess/WebPageProxy.cpp (modified) (2 diffs)

trunk/Source/WebKit2/ChangeLog

@@ +1 @@
+2016-01-12  Geoffrey Garen  <ggaren@apple.com>
+
+        WebPageProxy should reattach to the web process before navigating
+        https://bugs.webkit.org/show_bug.cgi?id=153026
+
+        Reviewed by Anders Carlsson.
+
+        This fixes a crash (and lots of other corruption) when force-quitting
+        the web process during navigation.
+
+        Some objects (like ViewGestureController) use one-time initialization
+        to point to a ChildProcessProxy -- and, by design, we destroy them when
+        the ChildProcessProxy becomes invalid (i.e., crashes or quits).
+
+        If we navigate *before* creating a new, valid ChildProcessProxy, then
+        we accidentally re-create these objects pointing to the old, invalid
+        ChildProcessProxy.
+
+        We need to wait until we have a valid ChildProcessProxy before we
+        initialize these objects.
+
+        * UIProcess/WebPageProxy.cpp:
+        (WebKit::WebPageProxy::reattachToWebProcessWithItem): Navigate after
+        reattaching to the web process so that lazily allocated helper objects
+        point to the right ChildProcessProxy.
+
 2016-01-12  Ryosuke Niwa  <rniwa@webkit.org>
 

trunk/Source/WebKit2/UIProcess/WebPageProxy.cpp

@@ -739 +739 @@
         return nullptr;
 
-    if (item && item != m_backForwardList->currentItem())
-        m_backForwardList->goToItem(item);
-
     ASSERT(!isValid());
     reattachToWebProcess();
@@ -747 +744 @@
     if (!item)
         return nullptr;
+
+    if (item != m_backForwardList->currentItem())
+        m_backForwardList->goToItem(item);
 
     auto navigation = m_navigationState->createBackForwardNavigation();