[webkit-changes] [271840] branches/safari-611-branch/Source/WebKit

[alancoon]

Title: [271840] branches/safari-611-branch/Source/WebKit

Revision

271840

Author

alanc...@apple.com

Date

2021-01-25 14:12:20 -0800 (Mon, 25 Jan 2021)

Log Message

Cherry-pick r271467. rdar://problem/73477045

    Crash at SOAuthorizationSession::dismissViewController
    https://bugs.webkit.org/show_bug.cgi?id=220482
    <rdar://problem/72375494>

    Reviewed by Darin Adler.

    A crash report suggests that SOAuthorizationSession::dismissViewController could crash at evaluating m_page.
    This could only happen if the SOAuthorizationSession object is freed. The stack trace starts with callbacks
    from NSNotificationCenter, which capture a RefPtr of the SOAuthorizationSession object and should guarantee
    the lifetime of the object. So it contradicts the crash report.

    One of the possible explanations is that the RefPtr is somehow over-released within NSNotificationCenter since
    it's not thread-safe. To fix that, the RefPtr can be made thread-safe.

    No tests.

    * UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm:
    (WebKit::SOAuthorizationSession::dismissViewController):

    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271467 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Modified Paths

• branches/safari-611-branch/Source/WebKit/ChangeLog
• branches/safari-611-branch/Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h

Diff

Modified: branches/safari-611-branch/Source/WebKit/ChangeLog (271839 => 271840)

--- branches/safari-611-branch/Source/WebKit/ChangeLog	2021-01-25 22:12:17 UTC (rev 271839)
+++ branches/safari-611-branch/Source/WebKit/ChangeLog	2021-01-25 22:12:20 UTC (rev 271840)
@@ -1,5 +1,52 @@
 2021-01-25  Alan Coon  <alanc...@apple.com>
 
+        Cherry-pick r271467. rdar://problem/73477045
+
+    Crash at SOAuthorizationSession::dismissViewController
+    https://bugs.webkit.org/show_bug.cgi?id=220482
+    <rdar://problem/72375494>
+    
+    Reviewed by Darin Adler.
+    
+    A crash report suggests that SOAuthorizationSession::dismissViewController could crash at evaluating m_page.
+    This could only happen if the SOAuthorizationSession object is freed. The stack trace starts with callbacks
+    from NSNotificationCenter, which capture a RefPtr of the SOAuthorizationSession object and should guarantee
+    the lifetime of the object. So it contradicts the crash report.
+    
+    One of the possible explanations is that the RefPtr is somehow over-released within NSNotificationCenter since
+    it's not thread-safe. To fix that, the RefPtr can be made thread-safe.
+    
+    No tests.
+    
+    * UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm:
+    (WebKit::SOAuthorizationSession::dismissViewController):
+    
+    
+    git-svn-id: https://svn.webkit.org/repository/webkit/trunk@271467 268f45cc-cd09-0410-ab3c-d52691b4dbfc
+
+    2021-01-13  Jiewen Tan  <jiewen_...@apple.com>
+
+            Crash at SOAuthorizationSession::dismissViewController
+            https://bugs.webkit.org/show_bug.cgi?id=220482
+            <rdar://problem/72375494>
+
+            Reviewed by Darin Adler.
+
+            A crash report suggests that SOAuthorizationSession::dismissViewController could crash at evaluating m_page.
+            This could only happen if the SOAuthorizationSession object is freed. The stack trace starts with callbacks
+            from NSNotificationCenter, which capture a RefPtr of the SOAuthorizationSession object and should guarantee
+            the lifetime of the object. So it contradicts the crash report.
+
+            One of the possible explanations is that the RefPtr is somehow over-released within NSNotificationCenter since
+            it's not thread-safe. To fix that, the RefPtr can be made thread-safe.
+
+            No tests.
+
+            * UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.mm:
+            (WebKit::SOAuthorizationSession::dismissViewController):
+
+2021-01-25  Alan Coon  <alanc...@apple.com>
+
         Cherry-pick r271417. rdar://problem/73376369
 
     [macOS] Reset user directory suffix before getting sandbox directory

Modified: branches/safari-611-branch/Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h (271839 => 271840)

--- branches/safari-611-branch/Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h	2021-01-25 22:12:17 UTC (rev 271839)
+++ branches/safari-611-branch/Source/WebKit/UIProcess/Cocoa/SOAuthorization/SOAuthorizationSession.h	2021-01-25 22:12:20 UTC (rev 271840)
@@ -29,8 +29,8 @@
 
 #include <pal/spi/cocoa/AppSSOSPI.h>
 #include <wtf/Forward.h>
-#include <wtf/RefCounted.h>
 #include <wtf/RetainPtr.h>
+#include <wtf/ThreadSafeRefCounted.h>
 #include <wtf/WeakObjCPtr.h>
 #include <wtf/WeakPtr.h>
 
@@ -51,7 +51,7 @@
 enum class SOAuthorizationLoadPolicy : uint8_t;
 
 // A session will only be executed once.
-class SOAuthorizationSession : public RefCounted<SOAuthorizationSession>, public CanMakeWeakPtr<SOAuthorizationSession> {
+class SOAuthorizationSession : public ThreadSafeRefCounted<SOAuthorizationSession, WTF::DestructionThread::MainRunLoop>, public CanMakeWeakPtr<SOAuthorizationSession> {
 public:
     enum class InitiatingAction : uint8_t {
         Redirect,

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes