Changeset 233941 in webkit


Ignore:
Timestamp:
Jul 18, 2018 4:33:22 PM (6 years ago)
Author:
Chris Dumez
Message:

REGRESSION (r233897): CrashTracer: com.apple.WebKit.WebContent.Development at com.apple.WebKit: WKBooleanGetValue + 9
https://bugs.webkit.org/show_bug.cgi?id=187784
<rdar://problem/42329230>

Reviewed by Brady Eidson.

When process swapping on navigation, WebPageProxy::reattachToWebProcess() unregisters the page as a MessageReceiver
from the old WebProcessProxy and registers itself as a MessageReceiver for the new WebProcessProxy instead. This
means that after this point, IPC sent by the previous WebProcess to its WebPageProxy will fail.

When we process swap, we also navigate the page in the old WebProcess to about:blank, when the navigation to
about:blank would complete, the WebKitTestRunner's injected bundle would try and send IPC to the WebPageProxy
which would fail and would cause WKBundlePagePostSynchronousMessageForTesting() to return a null result. WKTR
would crash when dereferencing this null result. This patch addresses this by dealing with the potential null
result.

  • WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:

(WTR::InjectedBundle::shouldProcessWorkQueue const):

Location:
trunk/Tools
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • trunk/Tools/ChangeLog

    r233934 r233941  
     12018-07-18  Chris Dumez  <cdumez@apple.com>
     2
     3        REGRESSION (r233897): CrashTracer: com.apple.WebKit.WebContent.Development at com.apple.WebKit: WKBooleanGetValue + 9
     4        https://bugs.webkit.org/show_bug.cgi?id=187784
     5        <rdar://problem/42329230>
     6
     7        Reviewed by Brady Eidson.
     8
     9        When process swapping on navigation, WebPageProxy::reattachToWebProcess() unregisters the page as a MessageReceiver
     10        from the old WebProcessProxy and registers itself as a MessageReceiver for the new WebProcessProxy instead. This
     11        means that after this point, IPC sent by the previous WebProcess to its WebPageProxy will fail.
     12
     13        When we process swap, we also navigate the page in the old WebProcess to about:blank, when the navigation to
     14        about:blank would complete, the WebKitTestRunner's injected bundle would try and send IPC to the WebPageProxy
     15        which would fail and would cause WKBundlePagePostSynchronousMessageForTesting() to return a null result. WKTR
     16        would crash when dereferencing this null result. This patch addresses this by dealing with the potential null
     17        result.
     18
     19        * WebKitTestRunner/InjectedBundle/InjectedBundle.cpp:
     20        (WTR::InjectedBundle::shouldProcessWorkQueue const):
     21
    1222018-07-18  Dean Jackson  <dino@apple.com>
    223
  • trunk/Tools/WebKitTestRunner/InjectedBundle/InjectedBundle.cpp

    r233888 r233941  
    855855    WKRetainPtr<WKBooleanRef> isEmpty(AdoptWK, static_cast<WKBooleanRef>(resultToPass));
    856856
     857    // The IPC failed. This happens when swapping processes on navigation because the WebPageProxy unregisters itself
     858    // as a MessageReceiver from the old WebProcessProxy and register itself with the new WebProcessProxy instead.
     859    if (!isEmpty)
     860        return false;
     861
    857862    return !WKBooleanGetValue(isEmpty.get());
    858863}
Note: See TracChangeset for help on using the changeset viewer.