Title: [287914] trunk/Source
- Revision
- 287914
- Author
- commit-qu...@webkit.org
- Date
- 2022-01-12 00:51:26 -0800 (Wed, 12 Jan 2022)
Log Message
Protect DocumentLoader when a reference to its members is used.
https://bugs.webkit.org/show_bug.cgi?id=233464
Patch by Frédéric Wang <fw...@igalia.com> on 2022-01-12
Reviewed by Brady Eidson.
Source/WebCore:
No new tests, due to our infra (bug 127676).
* loader/FrameLoader.cpp:
(WebCore::FrameLoader::checkLoadCompleteForThisFrame): Ensure that DocumentLoader loader
remains alive while DocumentLoader::m_mainDocumentError is used.
Source/WebKit:
* UIProcess/WebPageProxy.cpp:
(WebKit::WebPageProxy::didFinishLoadForFrame): If the navigationID is obsolete, skip update
of the page load state to avoid failure of debug ASSERT.
* WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
(WebKit::WebFrameLoaderClient::dispatchDidFinishLoad): Ensure that DocumentLoader loader
remains alive while DocumentLoader::m_request is used.
Modified Paths
Diff
Modified: trunk/Source/WebCore/ChangeLog (287913 => 287914)
--- trunk/Source/WebCore/ChangeLog 2022-01-12 07:55:30 UTC (rev 287913)
+++ trunk/Source/WebCore/ChangeLog 2022-01-12 08:51:26 UTC (rev 287914)
@@ -1,3 +1,16 @@
+2022-01-12 Frédéric Wang <fw...@igalia.com>
+
+ Protect DocumentLoader when a reference to its members is used.
+ https://bugs.webkit.org/show_bug.cgi?id=233464
+
+ Reviewed by Brady Eidson.
+
+ No new tests, due to our infra (bug 127676).
+
+ * loader/FrameLoader.cpp:
+ (WebCore::FrameLoader::checkLoadCompleteForThisFrame): Ensure that DocumentLoader loader
+ remains alive while DocumentLoader::m_mainDocumentError is used.
+
2022-01-11 Fujii Hironori <hironori.fu...@sony.com>
Remove Direct2D code (part 2)
Modified: trunk/Source/WebCore/loader/FrameLoader.cpp (287913 => 287914)
--- trunk/Source/WebCore/loader/FrameLoader.cpp 2022-01-12 07:55:30 UTC (rev 287913)
+++ trunk/Source/WebCore/loader/FrameLoader.cpp 2022-01-12 08:51:26 UTC (rev 287914)
@@ -2585,7 +2585,8 @@
if (RefPtr domWindow = m_frame.document() ? m_frame.document()->domWindow() : nullptr)
domWindow->performance().scheduleNavigationObservationTaskIfNeeded();
- const ResourceError& error = m_documentLoader->mainDocumentError();
+ Ref protector = *m_documentLoader;
+ const ResourceError& error = protector->mainDocumentError();
AXObjectCache::AXLoadingEvent loadingEvent;
if (!error.isNull()) {
Modified: trunk/Source/WebKit/ChangeLog (287913 => 287914)
--- trunk/Source/WebKit/ChangeLog 2022-01-12 07:55:30 UTC (rev 287913)
+++ trunk/Source/WebKit/ChangeLog 2022-01-12 08:51:26 UTC (rev 287914)
@@ -1,3 +1,17 @@
+2022-01-12 Frédéric Wang <fw...@igalia.com>
+
+ Protect DocumentLoader when a reference to its members is used.
+ https://bugs.webkit.org/show_bug.cgi?id=233464
+
+ Reviewed by Brady Eidson.
+
+ * UIProcess/WebPageProxy.cpp:
+ (WebKit::WebPageProxy::didFinishLoadForFrame): If the navigationID is obsolete, skip update
+ of the page load state to avoid failure of debug ASSERT.
+ * WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp:
+ (WebKit::WebFrameLoaderClient::dispatchDidFinishLoad): Ensure that DocumentLoader loader
+ remains alive while DocumentLoader::m_request is used.
+
2022-01-11 Fujii Hironori <hironori.fu...@sony.com>
Remove Direct2D code (part 2)
Modified: trunk/Source/WebKit/UIProcess/WebPageProxy.cpp (287913 => 287914)
--- trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2022-01-12 07:55:30 UTC (rev 287913)
+++ trunk/Source/WebKit/UIProcess/WebPageProxy.cpp 2022-01-12 08:51:26 UTC (rev 287914)
@@ -5021,23 +5021,26 @@
// FIXME: We should message check that navigationID is not zero here, but it's currently zero for some navigations through the back/forward cache.
RefPtr<API::Navigation> navigation;
- if (frame->isMainFrame() && navigationID)
+ if (frame->isMainFrame() && navigationID && navigationState().hasNavigation(navigationID))
navigation = navigationState().navigation(navigationID);
- auto transaction = m_pageLoadState.transaction();
-
bool isMainFrame = frame->isMainFrame();
- if (isMainFrame)
- m_pageLoadState.didFinishLoad(transaction);
+ if (!isMainFrame || !navigationID || navigation) {
+ auto transaction = m_pageLoadState.transaction();
- if (m_controlledByAutomation) {
- if (auto* automationSession = process().processPool().automationSession())
- automationSession->navigationOccurredForFrame(*frame);
+ if (isMainFrame)
+ m_pageLoadState.didFinishLoad(transaction);
+
+ if (m_controlledByAutomation) {
+ if (auto* automationSession = process().processPool().automationSession())
+ automationSession->navigationOccurredForFrame(*frame);
+ }
+
+ frame->didFinishLoad();
+
+ m_pageLoadState.commitChanges();
}
- frame->didFinishLoad();
-
- m_pageLoadState.commitChanges();
if (m_loaderClient)
m_loaderClient->didFinishLoadForFrame(*this, *frame, navigation.get(), m_process->transformHandlesToObjects(userData.object()).get());
else {
Modified: trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp (287913 => 287914)
--- trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2022-01-12 07:55:30 UTC (rev 287913)
+++ trunk/Source/WebKit/WebProcess/WebCoreSupport/WebFrameLoaderClient.cpp 2022-01-12 08:51:26 UTC (rev 287914)
@@ -671,14 +671,14 @@
RefPtr<API::Object> userData;
- auto& documentLoader = static_cast<WebDocumentLoader&>(*m_frame->coreFrame()->loader().documentLoader());
- auto navigationID = documentLoader.navigationID();
+ Ref documentLoader = static_cast<WebDocumentLoader&>(*m_frame->coreFrame()->loader().documentLoader());
+ auto navigationID = documentLoader->navigationID();
// Notify the bundle client.
webPage->injectedBundleLoaderClient().didFinishLoadForFrame(*webPage, m_frame, userData);
// Notify the UIProcess.
- webPage->send(Messages::WebPageProxy::DidFinishLoadForFrame(m_frame->frameID(), m_frame->info(), documentLoader.request(), navigationID, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
+ webPage->send(Messages::WebPageProxy::DidFinishLoadForFrame(m_frame->frameID(), m_frame->info(), documentLoader->request(), navigationID, UserData(WebProcess::singleton().transformObjectsToHandles(userData.get()).get())));
// If we have a load listener, notify it.
if (WebFrame::LoadListener* loadListener = m_frame->loadListener())
_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes