Changeset 203909 in webkit


Ignore:
Timestamp:
Jul 29, 2016 11:45:15 AM (8 years ago)
Author:
rniwa@webkit.org
Message:

Crash with an Invalid Web Process IPC Message ID: WebPageProxy.AttributedStringForCharacterRangeCallback
https://bugs.webkit.org/show_bug.cgi?id=160334
<rdar://problem/27078089>

Reviewed by Alexey Proskuryakov.

The crash is most likely caused by an MESSAGE_CHECK failure in WebPageProxy::attributedStringForCharacterRangeCallback
which marks the currently dispatching message was invalid inside the macro.

Make sure we never fail this check by sending an empty EditingRange in attributedSubstringForCharacterRangeAsync when
the editing range we're about to send to the UIProcess is invalid in WebProcess.

Unfortunately, no new tests since we don't have any reproduction and I couldn't spot any code path in which we end up
with an invalid EditingRage here with multiple inspection of the relevant code.

  • WebProcess/WebPage/mac/WebPageMac.mm:

(WebKit::WebPage::attributedSubstringForCharacterRangeAsync):

Location:
trunk/Source/WebKit2
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit2/ChangeLog

    r203857 r203909  
     12016-07-28  Ryosuke Niwa  <rniwa@webkit.org>
     2
     3        Crash with an Invalid Web Process IPC Message ID: WebPageProxy.AttributedStringForCharacterRangeCallback
     4        https://bugs.webkit.org/show_bug.cgi?id=160334
     5        <rdar://problem/27078089>
     6
     7        Reviewed by Alexey Proskuryakov.
     8
     9        The crash is most likely caused by an MESSAGE_CHECK failure in WebPageProxy::attributedStringForCharacterRangeCallback
     10        which marks the currently dispatching message was invalid inside the macro.
     11
     12        Make sure we never fail this check by sending an empty EditingRange in attributedSubstringForCharacterRangeAsync when
     13        the editing range we're about to send to the UIProcess is invalid in WebProcess.
     14
     15        Unfortunately, no new tests since we don't have any reproduction and I couldn't spot any code path in which we end up
     16        with an invalid EditingRage here with multiple inspection of the relevant code.
     17
     18        * WebProcess/WebPage/mac/WebPageMac.mm:
     19        (WebKit::WebPage::attributedSubstringForCharacterRangeAsync):
     20
    1212016-07-28  Carlos Garcia Campos  <cgarcia@igalia.com>
    222

  • trunk/Source/WebKit2/WebProcess/WebPage/mac/WebPageMac.mm

    r202183 r203909  
    353353    }
    354354
    355     send(Messages::WebPageProxy::AttributedStringForCharacterRangeCallback(result, EditingRange(editingRange.location, [result.string length]), callbackID));
     355    EditingRange rangeToSend(editingRange.location, [result.string length]);
     356    ASSERT(rangeToSend.isValid());
     357    if (!rangeToSend.isValid()) {
     358        // Send an empty EditingRange as a last resort for <rdar://problem/27078089>.
     359        send(Messages::WebPageProxy::AttributedStringForCharacterRangeCallback(result, EditingRange(), callbackID));
     360        return;
     361    }
     362
     363    send(Messages::WebPageProxy::AttributedStringForCharacterRangeCallback(result, rangeToSend, callbackID));
    356364}
    357365
Note: See TracChangeset for help on using the changeset viewer.