Changeset 236227 in webkit
- Timestamp:
- Sep 19, 2018 2:58:45 PM (6 years ago)
- Location:
- trunk/Source/WebKit
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/Source/WebKit/ChangeLog
r236226 r236227 1 2018-09-19 Chris Dumez <cdumez@apple.com> 2 3 Crash under WebPageProxy::decidePolicyForNavigationAction() 4 https://bugs.webkit.org/show_bug.cgi?id=189763 5 <rdar://problem/44597111> 6 7 Reviewed by Alex Christensen. 8 9 Update WebNavigationState::navigation() / WebNavigationState::takeNavigation() 10 to return a pointer instead of a reference as we have evidence that they can 11 return null. I kept the debug assertions to try and catch the cases where we 12 return null but at least we stop crashing in release builds. 13 14 * UIProcess/WebNavigationState.cpp: 15 (WebKit::WebNavigationState::navigation): 16 (WebKit::WebNavigationState::takeNavigation): 17 * UIProcess/WebNavigationState.h: 18 * UIProcess/WebPageProxy.cpp: 19 (WebKit::WebPageProxy::didStartProvisionalLoadForFrame): 20 (WebKit::WebPageProxy::didReceiveServerRedirectForProvisionalLoadForFrame): 21 (WebKit::WebPageProxy::didCommitLoadForFrame): 22 (WebKit::WebPageProxy::didFinishDocumentLoadForFrame): 23 (WebKit::WebPageProxy::didFinishLoadForFrame): 24 (WebKit::WebPageProxy::didFailLoadForFrame): 25 (WebKit::WebPageProxy::didSameDocumentNavigationForFrame): 26 (WebKit::WebPageProxy::decidePolicyForNavigationAction): 27 (WebKit::WebPageProxy::decidePolicyForResponse): 28 1 29 2018-09-19 Chris Dumez <cdumez@apple.com> 2 30 -
trunk/Source/WebKit/UIProcess/WebNavigationState.cpp
r235265 r236227 78 78 } 79 79 80 API::Navigation &WebNavigationState::navigation(uint64_t navigationID)80 API::Navigation* WebNavigationState::navigation(uint64_t navigationID) 81 81 { 82 82 ASSERT(navigationID); 83 83 ASSERT(m_navigations.contains(navigationID)); 84 84 85 return *m_navigations.get(navigationID);85 return m_navigations.get(navigationID); 86 86 } 87 87 88 Ref <API::Navigation> WebNavigationState::takeNavigation(uint64_t navigationID)88 RefPtr<API::Navigation> WebNavigationState::takeNavigation(uint64_t navigationID) 89 89 { 90 90 ASSERT(navigationID); 91 91 ASSERT(m_navigations.contains(navigationID)); 92 92 93 return m_navigations.take(navigationID) .releaseNonNull();93 return m_navigations.take(navigationID); 94 94 } 95 95 -
trunk/Source/WebKit/UIProcess/WebNavigationState.h
r230834 r236227 54 54 Ref<API::Navigation> createLoadDataNavigation(); 55 55 56 API::Navigation &navigation(uint64_t navigationID);57 Ref <API::Navigation> takeNavigation(uint64_t navigationID);56 API::Navigation* navigation(uint64_t navigationID); 57 RefPtr<API::Navigation> takeNavigation(uint64_t navigationID); 58 58 void didDestroyNavigation(uint64_t navigationID); 59 59 void clearAllNavigations(); -
trunk/Source/WebKit/UIProcess/WebPageProxy.cpp
r236157 r236227 3461 3461 RefPtr<API::Navigation> navigation; 3462 3462 if (frame->isMainFrame() && navigationID) 3463 navigation = &navigationState().navigation(navigationID);3463 navigation = navigationState().navigation(navigationID); 3464 3464 3465 3465 // If this seemingly new load is actually continuing a server redirect for a previous navigation in a new process, … … 3508 3508 RefPtr<API::Navigation> navigation; 3509 3509 if (navigationID) { 3510 navigation = &navigationState().navigation(navigationID);3510 navigation = navigationState().navigation(navigationID); 3511 3511 navigation->appendRedirectionURL(request.url()); 3512 3512 } … … 3635 3635 RefPtr<API::Navigation> navigation; 3636 3636 if (frame->isMainFrame() && navigationID) 3637 navigation = &navigationState().navigation(navigationID);3637 navigation = navigationState().navigation(navigationID); 3638 3638 3639 3639 m_hasCommittedAnyProvisionalLoads = true; … … 3727 3727 RefPtr<API::Navigation> navigation; 3728 3728 if (frame->isMainFrame() && navigationID) 3729 navigation = &navigationState().navigation(navigationID);3729 navigation = navigationState().navigation(navigationID); 3730 3730 3731 3731 if (frame->isMainFrame()) … … 3745 3745 RefPtr<API::Navigation> navigation; 3746 3746 if (frame->isMainFrame() && navigationID) 3747 navigation = &navigationState().navigation(navigationID);3747 navigation = navigationState().navigation(navigationID); 3748 3748 3749 3749 auto transaction = m_pageLoadState.transaction(); … … 3788 3788 RefPtr<API::Navigation> navigation; 3789 3789 if (frame->isMainFrame() && navigationID) 3790 navigation = &navigationState().navigation(navigationID);3790 navigation = navigationState().navigation(navigationID); 3791 3791 3792 3792 clearLoadDependentCallbacks(); … … 3829 3829 RefPtr<API::Navigation> navigation; 3830 3830 if (frame->isMainFrame() && navigationID) 3831 navigation = &navigationState().navigation(navigationID);3831 navigation = navigationState().navigation(navigationID); 3832 3832 3833 3833 auto transaction = m_pageLoadState.transaction(); … … 4003 4003 RefPtr<API::Navigation> navigation; 4004 4004 if (navigationID) 4005 navigation = m akeRef(m_navigationState->navigation(navigationID));4005 navigation = m_navigationState->navigation(navigationID); 4006 4006 4007 4007 if (auto targetBackForwardItemIdentifier = navigationActionData.targetBackForwardItemIdentifier) { … … 4035 4035 #if ENABLE(CONTENT_FILTERING) 4036 4036 if (frame->didHandleContentFilterUnblockNavigation(request)) 4037 return receivedPolicyDecision(PolicyAction::Ignore, &m_navigationState->navigation(newNavigationID), std::nullopt, WTFMove(sender));4037 return receivedPolicyDecision(PolicyAction::Ignore, m_navigationState->navigation(newNavigationID), std::nullopt, WTFMove(sender)); 4038 4038 #else 4039 4039 UNUSED_PARAM(newNavigationID); … … 4129 4129 MESSAGE_CHECK_URL(response.url()); 4130 4130 4131 RefPtr<API::Navigation> navigation = navigationID ? &m_navigationState->navigation(navigationID) : nullptr;4131 RefPtr<API::Navigation> navigation = navigationID ? m_navigationState->navigation(navigationID) : nullptr; 4132 4132 auto listener = makeRef(frame->setUpPolicyListenerProxy([this, protectedThis = makeRef(*this), frameID, listenerID, navigation = WTFMove(navigation)] (WebCore::PolicyAction policyAction, API::WebsitePolicies*, ProcessSwapRequestedByClient processSwapRequestedByClient, Vector<Ref<SafeBrowsingResult>>&& safeBrowsingResults) mutable { 4133 4133 // FIXME: Assert the API::WebsitePolicies* is nullptr here once clients of WKFramePolicyListenerUseWithPolicies go away.
Note: See TracChangeset
for help on using the changeset viewer.