Title: [222826] trunk/Source/WebKit
- Revision
- 222826
- Author
- bfulg...@apple.com
- Date
- 2017-10-03 18:40:30 -0700 (Tue, 03 Oct 2017)
Log Message
Correct nullptr dereference during shutdown
https://bugs.webkit.org/show_bug.cgi?id=177845
<rdar://problem/33651405>
Reviewed by Chris Dumez.
It looks like the ResourceLoadStatisticsPersistentStorage destructor is calling code that attempts
to use member variables in its owning class (WebResourceLoadStatisticsStore). Since these may have
already been destroyed, they are in an invalid state when accessed.
* UIProcess/ResourceLoadStatisticsPersistentStorage.cpp:
(WebKit::ResourceLoadStatisticsPersistentStorage::~ResourceLoadStatisticsPersistentStorage): Do not call
finishAllPendingWorkSynchronously() in the destructor, since it relies on the m_memoryStore to be
a reference to completely valid object.
* UIProcess/WebResourceLoadStatisticsStore.cpp:
(WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore): Instead, call
'finishAllPendingWorkSynchronously' here, when the object is still in a known valid state.
Modified Paths
Diff
Modified: trunk/Source/WebKit/ChangeLog (222825 => 222826)
--- trunk/Source/WebKit/ChangeLog 2017-10-04 00:53:29 UTC (rev 222825)
+++ trunk/Source/WebKit/ChangeLog 2017-10-04 01:40:30 UTC (rev 222826)
@@ -1,3 +1,23 @@
+2017-10-03 Brent Fulgham <bfulg...@apple.com>
+
+ Correct nullptr dereference during shutdown
+ https://bugs.webkit.org/show_bug.cgi?id=177845
+ <rdar://problem/33651405>
+
+ Reviewed by Chris Dumez.
+
+ It looks like the ResourceLoadStatisticsPersistentStorage destructor is calling code that attempts
+ to use member variables in its owning class (WebResourceLoadStatisticsStore). Since these may have
+ already been destroyed, they are in an invalid state when accessed.
+
+ * UIProcess/ResourceLoadStatisticsPersistentStorage.cpp:
+ (WebKit::ResourceLoadStatisticsPersistentStorage::~ResourceLoadStatisticsPersistentStorage): Do not call
+ finishAllPendingWorkSynchronously() in the destructor, since it relies on the m_memoryStore to be
+ a reference to completely valid object.
+ * UIProcess/WebResourceLoadStatisticsStore.cpp:
+ (WebKit::WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore): Instead, call
+ 'finishAllPendingWorkSynchronously' here, when the object is still in a known valid state.
+
2017-10-03 Alex Christensen <achristen...@webkit.org>
Moderize WebKit's back forward list code
Modified: trunk/Source/WebKit/UIProcess/ResourceLoadStatisticsPersistentStorage.cpp (222825 => 222826)
--- trunk/Source/WebKit/UIProcess/ResourceLoadStatisticsPersistentStorage.cpp 2017-10-04 00:53:29 UTC (rev 222825)
+++ trunk/Source/WebKit/UIProcess/ResourceLoadStatisticsPersistentStorage.cpp 2017-10-04 01:40:30 UTC (rev 222826)
@@ -98,7 +98,6 @@
ResourceLoadStatisticsPersistentStorage::~ResourceLoadStatisticsPersistentStorage()
{
- finishAllPendingWorkSynchronously();
ASSERT(!m_hasPendingWrite);
}
Modified: trunk/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp (222825 => 222826)
--- trunk/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp 2017-10-04 00:53:29 UTC (rev 222825)
+++ trunk/Source/WebKit/UIProcess/WebResourceLoadStatisticsStore.cpp 2017-10-04 01:40:30 UTC (rev 222826)
@@ -174,6 +174,7 @@
WebResourceLoadStatisticsStore::~WebResourceLoadStatisticsStore()
{
+ m_persistentStorage.finishAllPendingWorkSynchronously();
}
void WebResourceLoadStatisticsStore::removeDataRecords()
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes