[webkit-changes] [287103] trunk/Source/WebKit

Wed, 15 Dec 2021 13:25:34 -0800

Title: [287103] trunk/Source/WebKit
Revision
287103
Author
cdu...@apple.com
Date
2021-12-15 13:24:41 -0800 (Wed, 15 Dec 2021)

Log Message

RELEASE_ASSERT in WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first()
https://bugs.webkit.org/show_bug.cgi?id=234301

Reviewed by Geoffrey Garen.

WebPageProxy::interpretKeyEvent() gets called as the result of IPC from the WebProcess
and assumes that WebPageProxy::m_keyEventQueue is non-empty. We have evidence based on
the Chrome crash report that this assertion doesn't always hold. Also, the WebProcess
is not a trusted process so we shouldn't be making such assumptions in the first place.

Add a check in WebPageProxy::interpretKeyEvent() to properly deal with an empty queue.

No new tests, unknown how to reproduce.

* UIProcess/ios/WebPageProxyIOS.mm:
(WebKit::WebPageProxy::interpretKeyEvent):

Modified Paths

Diff

Modified: trunk/Source/WebKit/ChangeLog (287102 => 287103)


--- trunk/Source/WebKit/ChangeLog	2021-12-15 21:13:03 UTC (rev 287102)
+++ trunk/Source/WebKit/ChangeLog	2021-12-15 21:24:41 UTC (rev 287103)
@@ -1,3 +1,22 @@
+2021-12-15  Chris Dumez  <cdu...@apple.com>
+
+        RELEASE_ASSERT in WTF::Deque<WebKit::NativeWebKeyboardEvent, 0ul>::first()
+        https://bugs.webkit.org/show_bug.cgi?id=234301
+
+        Reviewed by Geoffrey Garen.
+
+        WebPageProxy::interpretKeyEvent() gets called as the result of IPC from the WebProcess
+        and assumes that WebPageProxy::m_keyEventQueue is non-empty. We have evidence based on
+        the Chrome crash report that this assertion doesn't always hold. Also, the WebProcess
+        is not a trusted process so we shouldn't be making such assumptions in the first place.
+
+        Add a check in WebPageProxy::interpretKeyEvent() to properly deal with an empty queue.
+
+        No new tests, unknown how to reproduce.
+
+        * UIProcess/ios/WebPageProxyIOS.mm:
+        (WebKit::WebPageProxy::interpretKeyEvent):
+
 2021-12-15  Alex Christensen  <achristen...@webkit.org>
 
         Actually use adattributiond.entitlements when code signing adattributiond

Modified: trunk/Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm (287102 => 287103)


--- trunk/Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm	2021-12-15 21:13:03 UTC (rev 287102)
+++ trunk/Source/WebKit/UIProcess/ios/WebPageProxyIOS.mm	2021-12-15 21:24:41 UTC (rev 287103)
@@ -723,7 +723,10 @@
 void WebPageProxy::interpretKeyEvent(const EditorState& state, bool isCharEvent, CompletionHandler<void(bool)>&& completionHandler)
 {
     m_editorState = state;
-    completionHandler(pageClient().interpretKeyEvent(m_keyEventQueue.first(), isCharEvent));
+    if (m_keyEventQueue.isEmpty())
+        completionHandler(false);
+    else
+        completionHandler(pageClient().interpretKeyEvent(m_keyEventQueue.first(), isCharEvent));
 }
 
 // Complex text input support for plug-ins.

_______________________________________________
webkit-changes mailing list
webkit-changes@lists.webkit.org
https://lists.webkit.org/mailman/listinfo/webkit-changes

Reply via email to