Changeset 259580 in webkit


Ignore:
Timestamp:
Apr 6, 2020 11:08:21 AM (4 years ago)
Author:
dino@apple.com
Message:

CrashTracer: MobileSafari at WebKit: WebKit::SystemPreviewController::updateProgress
https://bugs.webkit.org/show_bug.cgi?id=210040
rdar://51410841

Reviewed by Darin Adler.

It appears that the SystemPreviewController on WebPageProxy can
become null causing a call to an in-progress download to crash
as it tries to talk to the QuickLook delegate. Guard against this
by checking the SystemPreviewController each time.

  • UIProcess/Cocoa/DownloadClient.mm:

(WebKit::systemPreviewController):
(WebKit::DownloadClient::didReceiveResponse):
(WebKit::DownloadClient::didReceiveData):
(WebKit::DownloadClient::processDidCrash):
(WebKit::DownloadClient::didFinish):
(WebKit::DownloadClient::didFail):
(WebKit::DownloadClient::didCancel):

Location:
trunk/Source/WebKit
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/Source/WebKit/ChangeLog

    r259579 r259580  
     12020-04-06  Dean Jackson  <dino@apple.com>
     2
     3        CrashTracer: MobileSafari at WebKit: WebKit::SystemPreviewController::updateProgress
     4        https://bugs.webkit.org/show_bug.cgi?id=210040
     5        rdar://51410841
     6
     7        Reviewed by Darin Adler.
     8
     9        It appears that the SystemPreviewController on WebPageProxy can
     10        become null causing a call to an in-progress download to crash
     11        as it tries to talk to the QuickLook delegate. Guard against this
     12        by checking the SystemPreviewController each time.
     13
     14        * UIProcess/Cocoa/DownloadClient.mm:
     15        (WebKit::systemPreviewController):
     16        (WebKit::DownloadClient::didReceiveResponse):
     17        (WebKit::DownloadClient::didReceiveData):
     18        (WebKit::DownloadClient::processDidCrash):
     19        (WebKit::DownloadClient::didFinish):
     20        (WebKit::DownloadClient::didFail):
     21        (WebKit::DownloadClient::didCancel):
     22
    1232020-04-06  Chris Dumez  <cdumez@apple.com>
    224

  • trunk/Source/WebKit/UIProcess/Cocoa/DownloadClient.mm

    r252011 r259580  
    6666}
    6767
     68#if USE(SYSTEM_PREVIEW)
     69static SystemPreviewController* systemPreviewController(DownloadProxy& downloadProxy)
     70{
     71    auto* page = downloadProxy.originatingPage();
     72    if (!page)
     73        return nullptr;
     74    return page->systemPreviewController();
     75}
     76#endif
     77
    6878void DownloadClient::didStart(DownloadProxy& downloadProxy)
    6979{
     
    8999        downloadProxy.setExpectedContentLength(response.expectedContentLength());
    90100        downloadProxy.setBytesLoaded(0);
    91         if (auto* webPage = downloadProxy.originatingPage())
    92             webPage->systemPreviewController()->updateProgress(0);
     101        if (auto* controller = systemPreviewController(downloadProxy))
     102            controller->updateProgress(0);
    93103        return;
    94104    }
     
    104114    if (downloadProxy.isSystemPreviewDownload()) {
    105115        downloadProxy.setBytesLoaded(downloadProxy.bytesLoaded() + length);
    106         if (auto* webPage = downloadProxy.originatingPage())
    107             webPage->systemPreviewController()->updateProgress(static_cast<float>(downloadProxy.bytesLoaded()) / downloadProxy.expectedContentLength());
     116        if (auto* controller = systemPreviewController(downloadProxy))
     117            controller->updateProgress(static_cast<float>(downloadProxy.bytesLoaded()) / downloadProxy.expectedContentLength());
    108118        return;
    109119    }
     
    165175#if USE(SYSTEM_PREVIEW)
    166176    if (downloadProxy.isSystemPreviewDownload()) {
    167         if (auto* webPage = downloadProxy.originatingPage())
    168             webPage->systemPreviewController()->cancel();
     177        if (auto* controller = systemPreviewController(downloadProxy))
     178            controller->cancel();
    169179        releaseActivityTokenIfNecessary(downloadProxy);
    170180        return;
     
    210220#if USE(SYSTEM_PREVIEW)
    211221    if (downloadProxy.isSystemPreviewDownload()) {
    212         if (auto* webPage = downloadProxy.originatingPage()) {
     222        if (auto* controller = systemPreviewController(downloadProxy)) {
    213223            WTF::URL destinationURL = WTF::URL::fileURLWithFileSystemPath(downloadProxy.destinationFilename());
    214224            if (!destinationURL.fragmentIdentifier().length())
    215225                destinationURL.setFragmentIdentifier(downloadProxy.request().url().fragmentIdentifier());
    216             webPage->systemPreviewController()->finish(destinationURL);
     226            controller->finish(destinationURL);
    217227        }
    218228        releaseActivityTokenIfNecessary(downloadProxy);
     
    229239#if USE(SYSTEM_PREVIEW)
    230240    if (downloadProxy.isSystemPreviewDownload()) {
    231         if (auto* webPage = downloadProxy.originatingPage())
    232             webPage->systemPreviewController()->fail(error);
     241        if (auto* controller = systemPreviewController(downloadProxy))
     242            controller->fail(error);
    233243        releaseActivityTokenIfNecessary(downloadProxy);
    234244        return;
     
    244254#if USE(SYSTEM_PREVIEW)
    245255    if (downloadProxy.isSystemPreviewDownload()) {
    246         if (auto* webPage = downloadProxy.originatingPage())
    247             webPage->systemPreviewController()->cancel();
     256        if (auto* controller = systemPreviewController(downloadProxy))
     257            controller->cancel();
    248258        releaseActivityTokenIfNecessary(downloadProxy);
    249259        return;
Note: See TracChangeset for help on using the changeset viewer.