Changeset 256187 in webkit

Timestamp:

Feb 10, 2020 9:57:30 AM (4 years ago)

Author:

Chris Dumez

Message:

Crash under WebProcessProxy::shouldSendPendingMessage()
​https://bugs.webkit.org/show_bug.cgi?id=207464
<rdar://problem/59293825>

Reviewed by Alex Christensen.

I suspect the WebProcessProxy object is getting destroyed as we are iterating over the
pending messages in AuxiliaryProcessProxy::didFinishLaunching(), thus crashing when
calling WebProcessProxy::shouldSendPendingMessage() inside the loop. As a speculative
fix, protect |this| at the beginning of WebProcessProxy::didFinishLaunching().

• UIProcess/WebProcessProxy.cpp:

(WebKit::WebProcessProxy::didFinishLaunching):

Location:

trunk/Source/WebKit

Files:

• ChangeLog (modified) (1 diff)
• UIProcess/WebProcessProxy.cpp (modified) (1 diff)

trunk/Source/WebKit/ChangeLog

@@ +1 @@
+2020-02-10  Chris Dumez  <cdumez@apple.com>
+
+        Crash under WebProcessProxy::shouldSendPendingMessage()
+        https://bugs.webkit.org/show_bug.cgi?id=207464
+        <rdar://problem/59293825>
+
+        Reviewed by Alex Christensen.
+
+        I suspect the WebProcessProxy object is getting destroyed as we are iterating over the
+        pending messages in AuxiliaryProcessProxy::didFinishLaunching(), thus crashing when
+        calling WebProcessProxy::shouldSendPendingMessage() inside the loop. As a speculative
+        fix, protect |this| at the beginning of WebProcessProxy::didFinishLaunching().
+
+        * UIProcess/WebProcessProxy.cpp:
+        (WebKit::WebProcessProxy::didFinishLaunching):
+
 2020-02-10  youenn fablet  <youenn@apple.com>
 

trunk/Source/WebKit/UIProcess/WebProcessProxy.cpp

@@ -892 +892 @@
     RELEASE_ASSERT(isMainThreadOrCheckDisabled());
 
+    auto protectedThis = makeRef(*this);
     AuxiliaryProcessProxy::didFinishLaunching(launcher, connectionIdentifier);